Security Vulnerability /api/jsonws - Liferay VersionsSecurity Vulnerability /api/jsonws - Liferay Versionshttps://liferay.dev/c/message_boards/find_thread?p_l_id=119785294&threadId=1188406542026-04-05T09:30:27Z2026-04-05T09:30:27ZRE: Security Vulnerability /api/jsonws - Liferay VersionsChristoph Rabelhttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1188424262020-04-01T11:09:36Z2020-04-01T11:09:36ZPlease read:<br /><a href="https://liferay.dev/blogs/-/blogs/security-patches-for-liferay-portal-6-2-7-0-and-7-1">https://liferay.dev/blogs/-/blogs/security-patches-for-liferay-portal-6-2-7-0-and-7-1</a><br />7.2.1 GA2 is not affected, a patch exists for 7.1 GA4.<br />Personal opinion: For a new project I would go for 7.3. There were lots of nice fixes and improvements.Christoph Rabel2020-04-01T11:09:36ZSecurity Vulnerability /api/jsonws - Liferay VersionsFredi Bhttps://liferay.dev/c/message_boards/find_message?p_l_id=119785294&messageId=1188406532020-04-01T09:22:03Z2020-04-01T09:22:03ZHello Liferay Friends,<br />currently we are investigating the possibility to use Liferay CE as Portal solution. <br /><br />Sadly one of our security managers came across this exploit of the liferay<strong> /jsonws API</strong> that enables attackers to even get a remote shell on the server.<br /><a href="https://www.synacktiv.com/posts/pentest/how-to-exploit-liferay-cve-2020-7961-quick-journey-to-poc.html">https://www.synacktiv.com/posts/pentest/how-to-exploit-liferay-cve-2020-7961-quick-journey-to-poc.html</a><br /><a href="https://www.synacktiv.com/posts/pentest/how-to-exploit-liferay-cve-2020-7961-quick-journey-to-poc.html"></a><br />Can you provide further information if this security problem is <strong>not existing</strong> on <strong>7.1.3 GA4</strong> or <strong>7.2.1 GA2 </strong>because these two versions <strong></strong>seem to fit our requirements.<br /><strong></strong><br />Greetings,<br />FrediFredi B2020-04-01T09:22:03Z