Details

      Description

      Denial-of-service vulnerability with file uploads.

      The following third-party libraries have been updated for 6.2 EE and 6.1 EE GA3:

      • fontbox.jar
      • jempbox.jar
      • pdfbox.jar
        New Version: 1.8.11

      The following third-party library has been patched for 6.1 EE GA2, 6.1 EE GA1:

      • fontbox.jar
        Version: 1.6.0

      The following third-party library has been updated and patched for 6.0 EE SP2:

      • fontbox.jar (updated and patched)
      • jempbox.jar (updated)
      • pdfbox.jar (updated)
        New Version: 1.6.0

      The following third-party library has been patched for 6.0 EE SP1

      • fontbox.jar
        Version: 1.3.1

      6.0 EE: Not Affected

      See also https://web.liferay.com/group/customer/products/portal/security-vulnerability/lsv-212

        Attachments

          Activity

            People

            • Assignee:
              bryan.engler Bryan Engler
              Reporter:
              jorge.diaz Jorge Diaz
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Packages

                Version Package
                6.0.X EE
                6.1.X EE
                6.2.X EE