Uploaded image for project: 'PUBLIC - Liferay Faces'
  1. PUBLIC - Liferay Faces
  2. FACES-2361

Security vulnerability with accessing a non-Faces view in JSF portlets

    Details

      Description

      Due to a requirement in Section 4.2.5 of the JSR 329 Specification, CVE-2015-5176 exists in the Liferay Faces Bridge API dependency.

      For more information about patch availability, see the blog announcement titled Announcement: Patches for Liferay Faces GA5.

      See also https://web.liferay.com/group/customer/products/faces/security-vulnerability/lsv-158.

        Attachments

          Activity

            People

            Assignee:
            neil.griffin Neil Griffin
            Reporter:
            neil.griffin Neil Griffin
            Participants of an Issue:
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                liferay-faces-2.1.5-ga6
                liferay-faces-2.2.5-ga6
                liferay-faces-3.0.5-legacy-ga6
                liferay-faces-3.0.5-ga6
                liferay-faces-3.1.5-ga6
                liferay-faces-3.2.5-ga6
                liferay-faces-4.2.5-ga6