Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-16759

Security vulnerabilities in com.liferay.saml.opensaml.integration

    Details

      Description

      In Liferay Connector to SAML 2.0, the 'com.liferay.saml.opensaml.integration' bundle includes Xalan 2.7.1 & Commons Collections 3.2.1 which has the following known vulnerabilities: CVE-2014-0107, CVE-2015-6420, CVE-2017-15708

      Affects "Liferay Connector to SAML 2.0" version 4.0.1 and below (for DXP 7.1) and 3.1.1 and below for DXP 7.0.

      Fixed in v4.1.0 or higher for DXP 7.1.

      Support Notes: Subscribers can request a "Hotfix LPKG" on the latest version through Help Center.

        Attachments

          Activity

            People

            • Assignee:
              support-ee EE Support
              Reporter:
              EnterpriseReleaseHU Enterprise Release HU
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Packages

                Version Package
                7.0.X EE
                7.1.x EE