Description
Liferay Portal 7.1.3 and 7.2.1 includes the following libraries which have known vulnerabilities:
- Apache Commons Compress 1.18
- Bouncy Castle Provider 1.45
- c3p0 0.9.5.3
- Jackson Databind 2.9.9.3 (7.1.3 only)
- JFreeChart 1.0.13
- Netty 4.1.32
- Nimbus JOSE+JWT 6.7
Severity
Severity 2
Fixed Version(s)
- June 2020 source patch for Liferay Portal 7.2.1. Details for working with source patches can be found on the Patching Liferay Portal page.
- June 2020 source patch for Liferay Portal 7.1.3. Details for working with source patches can be found on the Patching Liferay Portal page.
Publication date: Tue, 09 Jun 2020 02:00:00 +0000