[LPE-16759] Security vulnerabilities in com.liferay.saml.opensaml.integration - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 7.0 DE (7.0.10), 7.1 DXP (7.1.10)
Fix Version/s: 7.0.X EE, 7.1.x EE
Component/s: Application Security > SAML Plugin, Security Vulnerability
Labels:

Description

In Liferay Connector to SAML 2.0, the 'com.liferay.saml.opensaml.integration' bundle includes Xalan 2.7.1 & Commons Collections 3.2.1 which has the following known vulnerabilities: CVE-2014-0107, CVE-2015-6420, CVE-2017-15708

Affects "Liferay Connector to SAML 2.0" version 4.0.1 and below (for DXP 7.1) and 3.1.1 and below for DXP 7.0.

Fixed in

v4.1.0 and higher for DXP 7.1
v3.1.2 and higher for DXP 7.0

Support Notes: Subscribers can request a "Hotfix LPKG" on the latest version through Help Center.

Attachments

Activity

People

Assignee:: EE Support

Reporter:: Enterprise Release HU

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 16/May/19 12:31 PM

Updated:: 07/Apr/20 6:35 AM

Resolved:: 31/Jul/19 5:32 AM

Packages

Version	Package
7.0.X EE
7.1.x EE