Description
Due to a requirement in Section 4.2.5 of the JSR 329 Specification, CVE-2015-5176 exists in the Liferay Faces Bridge API dependency. For more information about patch availability, see the blog announcement titled Announcement: Patches for Liferay Faces GA5.
This affects the following Liferay Faces (GA5) versions:
- 3.2.4.1-ga5
- 3.1.4.1-ga5
- 3.0.4.1-ga5
- 3.0.4.1-legacy-ga5
- 2.2.4.1-ga5
- 2.1.4.1-ga5
Patches are available for all of the affected versions. The GA6 versions of Liferay Faces are not affected (they have been released recently with the fix applied).
Severity
Severity 1
Publication date: Tue, 18 Aug 2015 21:20:00 +0000