Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-16759

Security vulnerabilities in com.liferay.saml.opensaml.integration

    Details

      Description

      In Liferay Connector to SAML 2.0, the 'com.liferay.saml.opensaml.integration' bundle includes Xalan 2.7.1 & Commons Collections 3.2.1 which has the following known vulnerabilities: CVE-2014-0107, CVE-2015-6420, CVE-2017-15708

      Affects "Liferay Connector to SAML 2.0" version 4.0.1 and below (for DXP 7.1) and 3.1.1 and below for DXP 7.0.

      Fixed in

      • v4.1.0 and higher for DXP 7.1
      • v3.1.2 and higher for DXP 7.0

      Support Notes: Subscribers can request a "Hotfix LPKG" on the latest version through Help Center.

        Attachments

          Activity

            People

            • Assignee:
              support-ee EE Support
              Reporter:
              EnterpriseReleaseHU Enterprise Release HU
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Packages

                Version Package
                7.0.X EE
                7.1.x EE