1. Home
  2. Portal
  3. RE: 7.1.3 + Security Patch Binary?

RE: 7.1.3 + Security Patch Binary?

Kev Sobitnov, modified 5 Years ago.
7.1.3 + Security Patch Binary?
New Member Posts: 3 Join Date: 4/8/20 Recent Posts
Hi, our customer is using LP 7.1.3 and asked us to install security update fixing jsonws API security issues.We tried to create binary by source with ant without success. Are there any plans to release 7.1.3 binarys with security patch?Kev
thumbnail
David H Nebinger, modified 5 Years ago.
RE: 7.1.3 + Security Patch Binary?
Liferay Legend Posts: 14933 Join Date: 9/2/06 Recent Posts
Nope. It's one of the drawbacks of using Liferay CE, they don't release updates after the next version was published.

Even for 7.2, since 7.3 is out there will not be a 7.2 update for anything.
Kev Sobitnov, modified 5 Years ago.
RE: 7.1.3 + Security Patch Binary?
New Member Posts: 3 Join Date: 4/8/20 Recent Posts
So Liferay CE is an unsecure solution and not usable for customers in productive environments?Why even provide source code patches if them are not even possible to build?
thumbnail
David H Nebinger, modified 5 Years ago.
RE: 7.1.3 + Security Patch Binary?
Liferay Legend Posts: 14933 Join Date: 9/2/06 Recent Posts
Kev Sobitnov:

So Liferay CE is an unsecure solution and not usable for customers in productive environments?Why even provide source code patches if them are not even possible to build?


Like any other open source solution, Liferay CE provides source code. You are free to view, modify, etc. just like any other open source solution.

Liferay provided the fix for the /api/jsonws issue, but since you are using CE it is your responsibility to patch, test and release. It is the "contract" that you agree to when you build a solution off of Liferay CE.
thumbnail
Dominik Marks, modified 5 Years ago.
RE: 7.1.3 + Security Patch Binary?
Regular Member Posts: 149 Join Date: 8/29/12 Recent Posts
As we are using Liferay CE and we have several installations running with different Liferay versions we are currently in the process of creating binary patches from the source code (for 7.1.3, too).

When we are succesful I will probably post our findings and probably some instructions how to build them or even the binary patches (I think it is allowed to distribute binaries as Liferay CE is LGPL, right?)
Kev Sobitnov, modified 5 Years ago.
RE: 7.1.3 + Security Patch Binary?
New Member Posts: 3 Join Date: 4/8/20 Recent Posts
Thx Dominik Marks,These would be from great help! 
Kev
thumbnail
Fredi B, modified 5 Years ago.
RE: 7.1.3 + Security Patch Binary?
Junior Member Posts: 69 Join Date: 4/1/20 Recent Posts
Dominik Marks:

As we are using Liferay CE and we have several installations running with different Liferay versions we are currently in the process of creating binary patches from the source code (for 7.1.3, too).

When we are succesful I will probably post our findings and probably some instructions how to build them or even the binary patches (I think it is allowed to distribute binaries as Liferay CE is LGPL, right?)
Hello Dominik,
I would also be interested in your 7.1.3 binary patch. 
I just noticed that there is a binary patch linked in this news https://liferay.dev/blogs/-/blogs/security-patches-for-liferay-portal-6-2-7-0-and-7-1 maybe you can get your binary patch also linked there?
I am sure this would help many people strugling at the moment with patching and building from source. 
thumbnail
Dominik Marks, modified 5 Years ago.
RE: 7.1.3 + Security Patch Binary?
Regular Member Posts: 149 Join Date: 8/29/12 Recent Posts
Hello Fredi,

I just submitted a blog post on how we created binary patches for 6.2.5, 7.0.6 and 7.1.3. When it will be approved you can read how we did that on the Liferay blogs.
thumbnail
Fredi B, modified 5 Years ago.
RE: 7.1.3 + Security Patch Binary?
Junior Member Posts: 69 Join Date: 4/1/20 Recent Posts
Dominik Marks:

Hello Fredi,

I just submitted a blog post on how we created binary patches for 6.2.5, 7.0.6 and 7.1.3. When it will be approved you can read how we did that on the Liferay blogs.

I guess the blog section is not the right place to discuss some small details. 

I followed your instructions and everything went very smooth up to the point where I need to extract some files... 
bundles\osgi\marketplace\override (copy them from bundles\osgi\modules or bundles\osgi\static)

com.liferay.portal.odata.impl.jar
com.liferay.portal.search.elasticsearch6.impl.jar
com.liferay.portal.search.web.jar
com.liferay.portal.security.sso.cas.impl.jar
com.liferay.portal.security.sso.google.impl.jar
com.liferay.portal.settings.authentication.ldap.web.jar
com.liferay.portal.settings.lang.jar
com.liferay.portal.settings.web.jar
com.liferay.portal.store.s3.jar
com.liferay.portal.template.freemarker.jar
com.liferay.portal.template.velocity.jar
com.liferay.portal.template.xsl.jar
com.liferay.portal.vulcan.api.jar
com.liferay.portal.vulcan.impl.jar
com.liferay.portal.workflow.api.jar
com.liferay.portal.workflow.kaleo.api.jar
com.liferay.portal.workflow.kaleo.definition.impl.jar
com.liferay.portal.workflow.kaleo.runtime.integration.impl.jar
com.liferay.portal.workflow.kaleo.service.jar
com.liferay.portal.workflow.lang.jar
com.liferay.portal.workflow.web.jar

These files are missing in my bundles when following your very well written guide. Any ideas where I can find them? (or a copy&paste mistake on your side?)
thumbnail
David H Nebinger, modified 5 Years ago.
RE: 7.1.3 + Security Patch Binary?
Liferay Legend Posts: 14933 Join Date: 9/2/06 Recent Posts
Fredi B:

I guess the blog section is not the right place to discuss some small details. 

Who said that?

If it is because the comment hasn't posted yet, we have workflow in place to filter comments for spam posts; the system we use for comments in the forum that prevent spam do not work for blog comments. As an effort to prevent blog spam, we have workflow in place but sometimes it takes time for the comments to get approved...