Foros de discusión

  1. Inicio
  2. Portal
  3. liferay 6.0.6 : libraries versions

liferay 6.0.6 : libraries versions

thumbnail
Marco Ferretti, modificado hace 7 años.

liferay 6.0.6 : libraries versions

Regular Member Mensajes: 100 Fecha de incorporación: 4/10/10 Mensajes recientes
Hi all,

I have an odd question for the LF community. We have a liferay 6.0.6CE instance that will (hopefully) be migrated later this year; in the meantime we got aware of this struts2 vulnerability and were wondering if our instance is affected.
I tried looking inside the WEB-INF/lin/struts.jar but the MANIFEST file is not there and googling for "liferay 6.0.6 struts version" or "liferay 6.0.6 libraries version" did not lead to any result ... hence my question : does anybody know any of the following :
  • where can I find the list of the libraries and their version for lifeary 6.0.6?
  • is liferay 6.0.6 affected by the above mentioned CVE ?



Thanks in advance for any help

Marco
thumbnail
David H Nebinger, modificado hace 7 años.

RE: liferay 6.0.6 : libraries versions (Respuesta)

Liferay Legend Mensajes: 14919 Fecha de incorporación: 2/09/06 Mensajes recientes
It is there but you are not vulnerable.

Liferay never took advantage of that part of struts that introduced the vulnerability.

Unless you are looking for that info to be the lever to get your upgrade done, then yes you are vulnerable and you should upgrade sooner rather than later.

emoticon
thumbnail
Marco Ferretti, modificado hace 7 años.

RE: liferay 6.0.6 : libraries versions

Regular Member Mensajes: 100 Fecha de incorporación: 4/10/10 Mensajes recientes
Thanks for the (reassuring) answer, it really makes me happy as I was assigned another (critical) task and would have had to clone myself if I had to rush (also) this migration.
thumbnail
Olaf Kock, modificado hace 7 años.

RE: liferay 6.0.6 : libraries versions (Respuesta)

Liferay Legend Mensajes: 6403 Fecha de incorporación: 23/09/08 Mensajes recientes
Marco Ferretti:
where can I find the list of the libraries and their version for lifeary 6.0.6?


license/versions.html in my current bundle. I believe that it's been always in but might have been moved around.
thumbnail
Marco Ferretti, modificado hace 7 años.

RE: liferay 6.0.6 : libraries versions

Regular Member Mensajes: 100 Fecha de incorporación: 4/10/10 Mensajes recientes
Thanks, it's exactly there !