Foros de discusión
liferay 6.0.6 : libraries versions
Marco Ferretti, modificado hace 7 años.
liferay 6.0.6 : libraries versions
Regular Member Mensajes: 100 Fecha de incorporación: 4/10/10 Mensajes recientes
Hi all,
I have an odd question for the LF community. We have a liferay 6.0.6CE instance that will (hopefully) be migrated later this year; in the meantime we got aware of this struts2 vulnerability and were wondering if our instance is affected.
I tried looking inside the WEB-INF/lin/struts.jar but the MANIFEST file is not there and googling for "liferay 6.0.6 struts version" or "liferay 6.0.6 libraries version" did not lead to any result ... hence my question : does anybody know any of the following :
Thanks in advance for any help
Marco
I have an odd question for the LF community. We have a liferay 6.0.6CE instance that will (hopefully) be migrated later this year; in the meantime we got aware of this struts2 vulnerability and were wondering if our instance is affected.
I tried looking inside the WEB-INF/lin/struts.jar but the MANIFEST file is not there and googling for "liferay 6.0.6 struts version" or "liferay 6.0.6 libraries version" did not lead to any result ... hence my question : does anybody know any of the following :
- where can I find the list of the libraries and their version for lifeary 6.0.6?
- is liferay 6.0.6 affected by the above mentioned CVE ?
Thanks in advance for any help
Marco
David H Nebinger, modificado hace 7 años.
RE: liferay 6.0.6 : libraries versions (Respuesta)
Liferay Legend Mensajes: 14919 Fecha de incorporación: 2/09/06 Mensajes recientes
It is there but you are not vulnerable.
Liferay never took advantage of that part of struts that introduced the vulnerability.
Unless you are looking for that info to be the lever to get your upgrade done, then yes you are vulnerable and you should upgrade sooner rather than later.
Liferay never took advantage of that part of struts that introduced the vulnerability.
Unless you are looking for that info to be the lever to get your upgrade done, then yes you are vulnerable and you should upgrade sooner rather than later.
Marco Ferretti, modificado hace 7 años.
RE: liferay 6.0.6 : libraries versions
Regular Member Mensajes: 100 Fecha de incorporación: 4/10/10 Mensajes recientes
Thanks for the (reassuring) answer, it really makes me happy as I was assigned another (critical) task and would have had to clone myself if I had to rush (also) this migration.
Olaf Kock, modificado hace 7 años.
RE: liferay 6.0.6 : libraries versions (Respuesta)
Liferay Legend Mensajes: 6403 Fecha de incorporación: 23/09/08 Mensajes recientesMarco Ferretti:
where can I find the list of the libraries and their version for lifeary 6.0.6?
license/versions.html in my current bundle. I believe that it's been always in but might have been moved around.
Marco Ferretti, modificado hace 7 años.
RE: liferay 6.0.6 : libraries versions
Regular Member Mensajes: 100 Fecha de incorporación: 4/10/10 Mensajes recientes
Thanks, it's exactly there !