[LPE-16749] SAML Session IDs may be saved to logs - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 7.0 DE (7.0.10), 7.1 DXP (7.1.10)
Fix Version/s: 7.0.X EE, 7.1.x EE
Component/s: Application Security > SAML Plugin, Security Vulnerability
Labels:

Description

In Liferay Connector to SAML 2.0 version 4.0.1 and version 3.1.1 and below, the user session IDs may be saved to logs if the log level for com.liferay.saml.runtime.internal.events.SamlSpSessionDestroyActionis is set to DEBUG or higher.

Support Notes: Subscribers can request a "Hotfix LPKG" on the latest SAML connector baseline for their DXP version through Help Center.

Fixed in

DXP 7.1: v4.1.0 and higher
DXP 7.0: v3.1.2 and higher
DXP 7.2: v5.0.0

Attachments

Activity

People

Assignee:: EE Support

Reporter:: Enterprise Release HU

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 09/May/19 11:50 AM

Updated:: 07/Apr/20 4:17 AM

Resolved:: 31/Jul/19 5:07 AM

Packages

Version	Package
7.0.X EE
7.1.x EE