CST-7050 BREACH attack vulnerability

Description

The portal may be vulnerable to BREACH attacks if the portal is using HTTPS and compression (GZip) is enabled.

Workaround: Disable compression by setting com.liferay.portal.servlet.filters.gzip.GZipFilter=false in portal-ext.properties.

Severity

Severity 2

Fixed Version(s)

Publication date: Tue, 29 May 2018 04:00:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.