Skip to Main Content
  • Ask
  • Blogs
  • Chat
  • Download
  • Feedback
  • Help
  • Learn
  • Projects
  • Log In

Known Vulnerabilities

  • Overview
  • Reporting Security Issues
  • Known Vulnerabilities
  • Hall of Fame

Releases

  • Liferay Portal 7.4
  • Liferay Portal 7.3
  • Liferay Portal 7.2
  • Liferay Portal 7.1
  • Liferay Portal 7.0
  • Liferay Portal 6.2 CE
  • Liferay Faces
  • Liferay DXP 7.4
  • Liferay DXP 7.3
  • Liferay DXP 7.2
  • LIferay DXP 7.1
  • LIferay DXP 7.0
  • Liferay DXP 2025.Q1
  • Liferay DXP 2024.Q4
  • Liferay DXP 2024 Q3
  • Liferay DXP 2024 Q2
  • Liferay DXP 2024 Q1
  • Liferay DXP 2023.Q4
  • Liferay DXP 2023.Q3
RSS
  • Liferay Faces Alloy DoS via large file upload in Servlet 3.0+ environment (non-Portlet vulnerability)

  • Stored XSS in Alloy components rendering JavaScript arrays of strings: alloy:autoComplete and alloy:inputFile

  • DoS via large file upload

  • FACES-2361 Security vulnerability with accessing a non-Faces view in JSF portlets

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.

  • Community
  • Ask
  • Events
  • Learn
  • Meet
  • Company
  • Blogs
  • Careers
  • Download
  • Open Source
  • Feedback
  • Contact Us

Copyright © 2025 Liferay, Inc

Powered by Liferay Portal CE™

We use cookies to deliver personalized content, analyze trends, administer the site, track user movements on the site, and collect demographic information about our user base as a whole. Accept all cookies for the best possible experience on our website or manage your preferences. Visit our Privacy Policy