RE: OLD Portal 6.2.1 CE GA2 -- > any FixPack for CVE-2020-7961 (RCE json ap

Jamie Sammons, modified 3 Years ago.

OLD Portal 6.2.1 CE GA2 -- > any FixPack for CVE-2020-7961 (RCE json api) ?

New Member Post: 1 Join Date: 9/20/21 Recent Posts

Hello,

I have in my company's network an old production server running Liferay Portal CE 6.2.1 GA2, which cannot (currently) be migrated to a new version.

I'm asking if there is a Fix Pack for the Remote Code Execution vulnerability CVE-2020-7961 (Json API Deserialization one) which concerns me the most, or if the only way is no matter what to upgrade as this version is completely vulnerable.

application security

Olaf Kock, modified 3 Years ago.

RE: OLD Portal 6.2.1 CE GA2 -- > any FixPack for CVE-2020-7961 (RCE json ap

Liferay Legend Posts: 6441 Join Date: 9/23/08 Recent Posts

if that CVE is included in a patch, it will only be on the latest available GA on any version. E.g. check https://liferay.dev/blogs/-/blogs/security-patches-for-liferay-portal-6-2-7-0-and-7-1

At a minimum, you'll have to be on 6.2 GA6

Another resource to check is https://portal.liferay.dev/learn/security/known-vulnerabilities

Community

Company

Feedback

Ask Questions and Find Answers

Important:

Ask is now read-only. You can review any existing questions and answers, but not add anything new.

But - don't panic! While ask is no more, we've replaced it with discuss - the new Liferay Discussion Forum! Read more here here or just visit the site here:

discuss.liferay.com

RE: OLD Portal 6.2.1 CE GA2 -- > any FixPack for CVE-2020-7961 (RCE json ap