Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-5490

Added protection again email header injection

    Details

      Description

      The portal will now automatically remove line breaks from email address before emails are sent to help prevent against email header injection attacks.

      Note: This issue does not affect the portal out of the box because email address are validated.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                samuel.kong Samuel Kong
                Reporter:
                vilmos.papp Vilmos Papp
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Packages

                  Version Package
                  6.0 EE SP2 (6.0.12)