CST-7131 Libraries with known vulnerabilities

Description

Liferay Portal 7.1 CE GA3 includes the following libraries which have known vulnerabilities:

  • Apache Batik 1.7
  • Apache HttpClient 4.1
  • Apache PDFBox 2.0.9
  • Apache Tika 1.18
  • c3p0 0.9.5.2
  • Ehcache 2.8.3
  • FasterXML Jackson 2.6.7 / 2.8.3 / 2.9.6
  • Google Guava 19.0.20150826 / 21.0
  • Netty 4.0.23
  • Nimbus JOSE + JWT 4.26.1
  • Spring 4.1.9

Severity

Severity 2

Fixed Version(s)

Publication date: Tue, 25 Jun 2019 22:36:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.