Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-5490

Added protection again email header injection

    Details

      Description

      The portal will now automatically remove line breaks from email address before emails are sent to help prevent against email header injection attacks.

      Note: This issue does not affect the portal out of the box because email address are validated.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              samuel.kong Samuel Kong
              Reporter:
              vilmos.papp Vilmos Papp
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Packages

                  Version Package
                  6.0 EE SP2 (6.0.12)