Uploaded image for project: 'PUBLIC - Liferay Faces'
  1. PUBLIC - Liferay Faces
  2. FACES-2361

Security vulnerability with accessing a non-Faces view in JSF portlets

    Details

      Description

      Due to a requirement in Section 4.2.5 of the JSR 329 Specification, CVE-2015-5176 exists in the Liferay Faces Bridge API dependency.

      For more information about patch availability, see the blog announcement titled Announcement: Patches for Liferay Faces GA5.

      See also https://web.liferay.com/group/customer/products/faces/security-vulnerability/lsv-158.

        Attachments

          Activity

            People

            • Assignee:
              neil.griffin Neil Griffin
              Reporter:
              neil.griffin Neil Griffin
              Participants of an Issue:
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Packages

                Version Package
                liferay-faces-2.1.5-ga6
                liferay-faces-2.2.5-ga6
                liferay-faces-3.0.5-legacy-ga6
                liferay-faces-3.0.5-ga6
                liferay-faces-3.1.5-ga6
                liferay-faces-3.2.5-ga6
                liferay-faces-4.2.5-ga6