Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-16894

Security vulnerability in Bouncy Castle Provider (Sync Connector)

    Details

      Description

      Liferay Sync Connector 4.1, and 5.0 includes Bouncy Castle Provider 1.54 which has known vulnerabilities. For more details, please see https://www.cvedetails.com/vulnerability-list/vendor_id-7637/product_id-12935/version_id-193687/Bouncycastle-Legion-of-the-bouncy-castle-java-crytography-ap.html

       

      Affected Products Fixed Version/s
      Liferay Sync Connector for DXP 7.0 4.1.5+
      Liferay Sync Connector for DXP 7.1 5.0.1+

        Attachments

          Activity

            People

            Assignee:
            support-ee EE Support
            Reporter:
            EnterpriseReleaseHU Enterprise Release HU
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                7.0.X EE
                7.1.x EE
                7.2.X EE