-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 7.0 DE (7.0.10), 7.1 DXP (7.1.10)
-
Component/s: Application Security > SAML Plugin, Security Vulnerability
In Liferay Connector to SAML 2.0 version 4.0.1 and version 3.1.1 and below, the user session IDs may be saved to logs if the log level for com.liferay.saml.runtime.internal.events.SamlSpSessionDestroyActionis is set to DEBUG or higher.
Support Notes: Subscribers can request a "Hotfix LPKG" on the latest SAML connector baseline for their DXP version through Help Center.
Fixed in
- DXP 7.1: v4.1.0 and higher
- DXP 7.0: v3.1.2 and higher
- DXP 7.2: v5.0.0