May 2021 : Security patch for Liferay Portal 7.2

Downloads:

All vulnerabilities fixed in these patches have already been fixed in Liferay Portal 7.3 GA7. Please refer to the readme file for a list of issues addressed in each patch. For more information on working with patches, please see Patching Liferay Portal .

Thanks to Arun Das and Dominik Marks, binary builds of the patches are available:

Disclaimer: Binary patches have not been tested by Liferay

Blogs

Thank You Yuxing Wu,

Are these vulnerabilites only fixed in Liferay Portal 7.3 GA7? 

Sadly our customer decided to take a try with 7.3.5 GA6.

 

Hello Fredi B,

All vulnerabilities fixed in these patches have already been fixed in Liferay Portal 7.3 GA7. It doesn't mean all vulnerabilites are only fixed in Liferay Portal 7.3 GA7. Some vulnerabilites have been fixed in 7.3.5 GA6, but some vulnerabilites  are still not fixed. 

Up to this point, the maximum scale for any given service has been capped at 10 instances. This was a platform restriction that was based on most use cases for the portal. Recently, however, there was a need to dynamically scale to more than 10 liferay instances. To address this need, and allow autoscaling to much larger cluster sizes, we have introduced a property to set the maximum number of instances that a service should have.