Message Boards
Initial Security Advisories for Liferay Portal 6.1 GA1
James Falkner, modified 11 Years ago.
Initial Security Advisories for Liferay Portal 6.1 GA1
Liferay Legend Posts: 1399 Join Date: 9/17/10 Recent Posts
The following advisories have now been documented on the Known Vulnerabilities page:
Going forward, new individual vulnerabilities will be posted to this forum category, including Severity-1 and Severity-2 issues. Binary and source patches will be made available for all Severity-1 issues.
- CST-SA: LPS-28423 Delete any file on the server
- CST-SA: LPS-26930 Reconfigure Liferay to use a remote cache
- CST-SA: LPS-28358 SecureFilter can be bypassed
- CST-SA: LPS-28309 Directory Traversal
- CST-SA: LPS-26940 Users without the ASSIGN_MEMBER permission can still assign users to an organization
- CST-SA: LPS-26935 All JSON web services are accessible without authentication.
- CST-SA: LPS-27726 Remote code execution in Calendar portlet
Going forward, new individual vulnerabilities will be posted to this forum category, including Severity-1 and Severity-2 issues. Binary and source patches will be made available for all Severity-1 issues.
Patrick Wolf, modified 11 Years ago.
RE: Initial Security Advisories for Liferay Portal 6.1 GA1
Regular Member Posts: 127 Join Date: 9/15/10 Recent Posts
That's cool. Not the security vulnerabilities but the message board post created for these issues. Thank you for that James.