Uploaded image for project: 'PUBLIC - Liferay Faces'
  1. PUBLIC - Liferay Faces
  2. FACES-2343

Security vulnerability with accessing resources in JSF portlets

    Details

      Description

      Due to a requirement in Section 5.2.7 of the JSR 329 Specification, CVE-2015-3244 exists in Liferay Faces Bridge. In addition, the "resource excludes" requirements of the javax.faces.application.ResourceHandler abstract class are not implemented.

      See also https://web.liferay.com/group/customer/products/faces/security-vulnerability/lsv-71.

        Attachments

          Activity

            People

            • Assignee:
              neil.griffin Neil Griffin
              Reporter:
              neil.griffin Neil Griffin
              Participants of an Issue:
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Packages

                Version Package
                liferay-faces-2.1.5-ga6
                liferay-faces-2.2.5-ga6
                liferay-faces-3.0.5-legacy-ga6
                liferay-faces-3.0.5-ga6
                liferay-faces-3.1.5-ga6
                liferay-faces-3.2.5-ga6
                liferay-faces-4.2.5-ga6