[LPE-13474] Upgrade XStream from 1.4.3 to 1.4.7 - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 6.1 EE GA3 (6.1.30), 6.2 EE GA1 (6.2.10)
Fix Version/s: 6.1.X EE, 6.2.X EE
Component/s: Security Vulnerability, Staging > Export/Import
Labels:

Description

XStream <= 1.4.6 is vulnerable to arbitrary code execution when deserializing objects.

See also https://web.liferay.com/group/customer/products/portal/security-vulnerability/lsv-99

Attachments

Issue Links

is related to

LPS-53166 Upgrade XStream from 1.4.3 to 1.4.7

Closed

Activity

People

Assignee:: Bryan Engler

Reporter:: Juan Gonzalez (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Due:: 27/Mar/15

Created:: 03/Mar/15 7:10 AM

Updated:: 05/Oct/22 5:00 AM

Resolved:: 28/Nov/16 11:45 AM

Packages

Version	Package
6.1.X EE
6.2.X EE