Details

      Description

      6.2 EE, 6.1 EE, 6.0 EE: The following portal properties have been added:

       
          #
          # Provide a list of fully qualified class names allowed to be serialized and
          # deserialized during an export/import and staging process. This list can be
          # empty since the portal default entities are being added automatically.
          # This property only takes effect when the property
          # "staging.xstream.security.enabled" is set to true.
          #
          staging.xstream.class.whitelist=
      
          #
          # Set this to true to enable checking XStream class serialization security
          # permissions. See "staging.xstream.class.whitelist" property for the class
          # whitelist.
          #
          staging.xstream.security.enabled=true
      

      Important! Developers of custom portlets that support export-import must enlist their classes either in portal-ext.properties or in the given plugin by creating a portal.properties file with the proper settings and a liferay-hook.xml that contains a <portal-properties> element to let the deploy framework pick-up and merge the property configurations with the default ones.

      6.1 EE GA2, 6.1 EE GA1 and 6.0 EE SP2
      This fix also incorporates the patch for LSV-99.

      See also https://web.liferay.com/group/customer/products/portal/security-vulnerability/lsv-175

        Attachments

          Activity

            People

            • Assignee:
              bryan.engler Bryan Engler
              Reporter:
              tibor.lipusz Tibor Lipusz
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Packages

                Version Package
                6.0.X EE
                6.1.X EE
                6.2.X EE