Skip to:

Skip to Jira Navigation
Skip to Side Navigation
Skip to Main Content

Mitigate RichFaces RF-14310 and RF-14309

Description

This task involves preventing remote code (EL) execution for RichFaces webapps/portlets as described here: https://codewhitesec.blogspot.com/2018/05/poor-richfaces.html.

Environment

None

Linked issues

relates

Upgrade to albfernandez/richfaces 4.6.8.ayg

Activity

Show:

Kyle Stiemann December 18, 2018 at 7:44 AM

This issue has been mitigated in the Liferay codebase. For more information, see our blog post: https://community.liferay.com/blogs/-/blogs/mitigating-richfaces-4-5-17-final-eol-vulnerabilities

Fixed

Pinned fields

Click on the next to a field label to start pinning.

Details
Assignee
Kyle Stiemann(Deactivated)
Reporter
Kyle Stiemann(Deactivated)
Components
Fix versions
bridge-impl-3.1.1
bridge-impl-4.1.3
richfaces-archetype-2.0.5
richfaces-archetype-3.0.5
richfaces-archetype-5.0.6
Priority
Critical

Zendesk Support

Created August 23, 2018 at 7:32 AM

Updated July 4, 2019 at 7:50 AM

Resolved April 23, 2019 at 1:17 PM