Details

    • Fix Pack Status:
      Scheduled
    • 7.0 Fix Pack Version:
      45

      Description

      Description
      CSRF vulnerabilities exists in the Blogs, Document and Media, Message Boards and Comments app when using Liferay DXP with the default configuration.

      Upgrade Notes

      /blogs/edit_entry,\
      /blogs_aggregator/edit_entry,\
      /document_library/edit_file_entry,\
      /message_boards/edit_message,\
      /portal/comment/edit_discussion,\ 

      Removing the above paths from 'auth.token.ignore.actions' will prevent the following features from working:

      • Blog entry drafts and Wiki page drafts will no longer be automatically saved when the user's session expires
      • Unauthenticated users will no longer be able to add a message in the Message Boards or add comments in the various apps that support comments.

      To keep using these features, the above paths must be re-added after applying the patch.

        Attachments

          Activity

            People

            Assignee:
            samuel.ziemer Sam Ziemer
            Reporter:
            EnterpriseReleaseHU Enterprise Release HU
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                6.2.X EE
                7.0.X EE