Ask Questions and Find Answers
Important:
Ask is now read-only. You can review any existing questions and answers, but not add anything new.
But - don't panic! While ask is no more, we've replaced it with discuss - the new Liferay Discussion Forum! Read more here here or just visit the site here:
discuss.liferay.com
RE: Liferay Security patches june 2020
Hello together,
today I have seen that there are new security patches for Liferay CE 7.1 and 7.2 in this blogpost:
https://liferay.dev/blogs/-/blogs/june-2020-security-patches-for-liferay-portal-7-1-and-7-2
Well, the last time there was a security patch for these versions I tried to compile the patch by myself to get a binary patch but without any luck and satisfactory result.
At some point I was able to apply the patch and compile the patched version but I couldnt figure out if the patch was really applied because nowhere in the liferay startup log and liferay backend the version number changed to the new patched verion number.
I was confused and not sure if I should used this compiled version. I ended up using binary patches provided by a liferay community member.
This time there are again no binary patches for the above versions.
Is there any good up-to-date step by step guide to create binary patch files by yourself or is there any chance that liferay will provice binary patches for the community?
with kind regards
today I have seen that there are new security patches for Liferay CE 7.1 and 7.2 in this blogpost:
https://liferay.dev/blogs/-/blogs/june-2020-security-patches-for-liferay-portal-7-1-and-7-2
Well, the last time there was a security patch for these versions I tried to compile the patch by myself to get a binary patch but without any luck and satisfactory result.
At some point I was able to apply the patch and compile the patched version but I couldnt figure out if the patch was really applied because nowhere in the liferay startup log and liferay backend the version number changed to the new patched verion number.
I was confused and not sure if I should used this compiled version. I ended up using binary patches provided by a liferay community member.
This time there are again no binary patches for the above versions.
Is there any good up-to-date step by step guide to create binary patch files by yourself or is there any chance that liferay will provice binary patches for the community?
with kind regards
Hello marvin ros,
here is my tutorial on how to build binary patches: https://liferay.dev/blogs/-/blogs/creating-liferay-security-binary-patches
I will try to create new binary patches from the latest Patches for June 2020, but don't know yet when I will have time for that.
here is my tutorial on how to build binary patches: https://liferay.dev/blogs/-/blogs/creating-liferay-security-binary-patches
I will try to create new binary patches from the latest Patches for June 2020, but don't know yet when I will have time for that.
Hey Dominik,
I think I have a correct compiled version but how do I get a collection of the JAR and JSP/JSPF files that I have to replace like you did in your tutorial?
Now I have a whole bundles folder with all new generated files and a lot of more JAR files than I have in my liferay 7.1 installation. How do I get a clean list of the files that I have to replace in which directory in my current installation to apply the patch on this installation.
I also have noticed that in my compiled bundles folder the marketplace/override folder is now empty. Is this correct?
So I am again a little bit confused and lost how I get to the result you listed in you tutorial.
Can you help me out?
Your help would be much appreciated
I think I have a correct compiled version but how do I get a collection of the JAR and JSP/JSPF files that I have to replace like you did in your tutorial?
Now I have a whole bundles folder with all new generated files and a lot of more JAR files than I have in my liferay 7.1 installation. How do I get a clean list of the files that I have to replace in which directory in my current installation to apply the patch on this installation.
I also have noticed that in my compiled bundles folder the marketplace/override folder is now empty. Is this correct?
So I am again a little bit confused and lost how I get to the result you listed in you tutorial.
Can you help me out?
Your help would be much appreciated
Hello Dominik Marks,
thank you very much for your answer!
I will look into it and try to do it like you did in this tutorial now.
> I will try to create new binary patches from the latest Patches for June 2020, but don't know yet when I will have time for that.
This would be great, can you notify me if you have done this?
I will try to do it on my own now but I would like to compare my version to yours after you have done it because I am very unsure after the process if it is really right.
thank you very much for your answer!
I will look into it and try to do it like you did in this tutorial now.
> I will try to create new binary patches from the latest Patches for June 2020, but don't know yet when I will have time for that.
This would be great, can you notify me if you have done this?
I will try to do it on my own now but I would like to compare my version to yours after you have done it because I am very unsure after the process if it is really right.
Hello marvin ros,
I just created a binary patch for Liferay 7.1.3 GA4.
Feel free to test it: https://nextcloud.convotis.com/s/JSnQtJTB5e23psj
Be sure to have a look at my notes on by blog post (e.g. clear osgi/state and other folders etc.)
I just created a binary patch for Liferay 7.1.3 GA4.
Feel free to test it: https://nextcloud.convotis.com/s/JSnQtJTB5e23psj
Be sure to have a look at my notes on by blog post (e.g. clear osgi/state and other folders etc.)
Hi Dominik,
thank you for your reply
I compared my binary files to yours and I have the same files as you except:
\bundles\osgi\core\com.liferay.portal.bootstrap.jar
I didn't came across this .jar while looking through the commit on github. What have I missed?
Can you show me where I can see that I'll need this file too?
with kind regards
thank you for your reply
I compared my binary files to yours and I have the same files as you except:
\bundles\osgi\core\com.liferay.portal.bootstrap.jar
I didn't came across this .jar while looking through the commit on github. What have I missed?
Can you show me where I can see that I'll need this file too?
with kind regards
Hey Dominik,
I found it. Its from the march2020 patch.
Thank you so much!
I found it. Its from the march2020 patch.
Thank you so much!
I see one change in the file modules/core/portal-bootstrap/system.packages.extra.bnd (https://github.com/liferay/liferay-portal/compare/7.1.3-ga4...community-security-team:7.1.3-cumulative#diff-1ddc6d876981e1ae7df98e0d14fddd4e).
The portal-bootstrap.jar exports packages from the bundle 0 (the "system" bundle). So actually the change defines the versions of the exported packages of "org.apache.beanutils.*".
The portal-bootstrap.jar exports packages from the bundle 0 (the "system" bundle). So actually the change defines the versions of the exported packages of "org.apache.beanutils.*".
Yeah, I found it exactly when you answered 
Thanks for your help!! It helped me a lot!
Thanks for your help!! It helped me a lot!
Copyright © 2025 Liferay, Inc
• Privacy Policy
Powered by Liferay™