-
Type:
Bug
-
Status: Closed
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 6.0 EE (6.0.10), 6.0 EE SP1 (6.0.11), 6.0 EE SP2 (6.0.12), 6.1 EE GA1 (6.1.10), 6.1 EE GA2 (6.1.20), 6.1 EE GA3 (6.1.30), 6.2 EE GA1 (6.2.10)
-
Component/s: Portal Services > Templates Engine, Security Vulnerability
- 6.2 EE, 6.1 EE GA3, 6.1 EE GA2: The following portal property has been added:
# # Set a comma delimited list of Java classes the FreeMarker engine can # have access to. The "*" character represents a wildcard in the class # name. Using the "*" as the allowed classes provides behaviour of allowing # everything that is not in restricted classes. # freemarker.engine.allowed.classes=
- 6.1 EE GA1, 6.0 EE SP2, 6.0 EE SP1, 6.0 EE:
# # Set a comma delimited list of Java classes the FreeMarker engine can # have access to. The "*" character represents a wildcard in the class # name. Using the "*" as the allowed classes provides behaviour of allowing # everything that is not in restricted classes. # freemarker.engine.allowed.classes= # # Set a comma delimited list of java classes the FreeMarker engine cannot # have access to. # freemarker.engine.restricted.classes=\ java.lang.Class,\ java.lang.ClassLoader,\ java.lang.Thread # # Set a comma delimited list of java packages the FreeMarker engine cannot # have access to. # freemarker.engine.restricted.packages=
See also https://web.liferay.com/group/customer/products/portal/security-vulnerability/lsv-173