-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: liferay-faces-2.1.0-ga1, liferay-faces-2.1.1-ga2, liferay-faces-2.1.2-ga3, liferay-faces-2.1.3-ga4, liferay-faces-2.1.4-ga5, liferay-faces-2.2.4-ga5, liferay-faces-3.0.0-legacy-ga1, liferay-faces-3.0.1-legacy-ga2, liferay-faces-3.0.2-legacy-ga3, liferay-faces-3.0.3-legacy-ga4, liferay-faces-3.0.4-legacy-ga5, liferay-faces-3.0.0-ga1, liferay-faces-3.0.1-ga2, liferay-faces-3.0.2-ga3, liferay-faces-3.0.3-ga4, liferay-faces-3.0.4-ga5, liferay-faces-3.1.0-ga1, liferay-faces-3.1.1-ga2, liferay-faces-3.1.2-ga3, liferay-faces-3.1.3-ga4, liferay-faces-3.1.4-ga5, liferay-faces-3.2.4-ga5, liferay-faces-4.2.5-ga6
-
Component/s: Liferay Faces Bridge Impl / Demos / Tests
Due to a requirement in Section 4.2.5 of the JSR 329 Specification, CVE-2015-5176 exists in the Liferay Faces Bridge API dependency.
For more information about patch availability, see the blog announcement titled Announcement: Patches for Liferay Faces GA5.
See also https://web.liferay.com/group/customer/products/faces/security-vulnerability/lsv-158.