Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-16759

Security vulnerabilities in com.liferay.saml.opensaml.integration

    Details

      Description

      In Liferay Connector to SAML 2.0, the 'com.liferay.saml.opensaml.integration' bundle includes Xalan 2.7.1 & Commons Collections 3.2.1 which has the following known vulnerabilities: CVE-2014-0107, CVE-2015-6420, CVE-2017-15708

      Affects "Liferay Connector to SAML 2.0" version 4.0.1 and below (for DXP 7.1) and 3.1.1 and below for DXP 7.0.

      Fixed in

      • v4.1.0 and higher for DXP 7.1
      • v3.1.2 and higher for DXP 7.0

      Support Notes: Subscribers can request a "Hotfix LPKG" on the latest version through Help Center.

        Attachments

          Activity

            People

            Assignee:
            support-ee EE Support
            Reporter:
            EnterpriseReleaseHU Enterprise Release HU
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                7.0.X EE
                7.1.x EE