Initial Security Advisories for Liferay Portal 6.1 GA1Initial Security Advisories for Liferay Portal 6.1 GA1https://liferay.dev/en/c/message_boards/find_thread?p_l_id=119785333&threadId=147740542024-03-29T10:54:45Z2024-03-29T10:54:45ZRE: Initial Security Advisories for Liferay Portal 6.1 GA1Patrick Wolfhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=147743262012-07-09T21:47:47Z2012-07-09T21:47:47ZThat's cool. Not the security vulnerabilities but the message board post created for these issues. Thank you for that James.Patrick Wolf2012-07-09T21:47:47ZInitial Security Advisories for Liferay Portal 6.1 GA1James Falknerhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=147740532012-07-09T21:36:00Z2012-07-09T21:36:00ZThe following advisories have now been documented on the <a href="http://www.liferay.com/community/security-team/known-vulnerabilities">Known Vulnerabilities</a> page:<ul><li>CST-SA: LPS-28423 Delete any file on the server </li><li>CST-SA: LPS-26930 Reconfigure Liferay to use a remote cache</li><li>CST-SA: LPS-28358 SecureFilter can be bypassed</li><li>CST-SA: LPS-28309 Directory Traversal</li><li>CST-SA: LPS-26940 Users without the ASSIGN_MEMBER permission can still assign users to an organization </li><li>CST-SA: LPS-26935 All JSON web services are accessible without authentication. </li><li>CST-SA: LPS-27726 Remote code execution in Calendar portlet</li></ul>This represents the currently known Severity-1 vulnerabilities for Liferay Portal 6.1 GA1. They are all fixed in the upcoming GA2 release.<br /><br />Going forward, new individual vulnerabilities will be posted to this forum category, including Severity-1 and Severity-2 issues.