Description
The portal may be vulnerable to BREACH attacks if the portal is using HTTPS and compression (GZip) is enabled.
Workaround: Disable compression by setting com.liferay.portal.servlet.filters.gzip.GZipFilter=false in portal-ext.properties.
Severity
Severity 2
Fixed Version(s)
Publication date: Tue, 29 May 2018 04:00:00 +0000