Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-122191

Remove FlashMagicBytes unnecessary checks

    Details

    • Type: Task
    • Status: Closed
    • Priority: Minor
    • Resolution: Completed
    • Affects Version/s: None
    • Fix Version/s: Master
    • Component/s: Application Security
    • Labels:
      None

      Description

      Based on the analysis done at Analyze security relevance of FlashMagicBytes check:

      DXP uses a FlashMagicBytesUtil to check verify if some files are Adobe Flash movies (regardless of their extension). This was added for securtiy reasons to protect from CSRF attack using uploaded flash files

      From Tomáš Polešovský:

      this would be relevant as long as we support browsers that supports flash. Once all supported browsers discard flash we can remove. Thanks.

      All browsers in our possible compatibility matrix for 7.4 will have dropped Flash by the time we release as per their roadmaps:

      • Chrome: Flash Player blocked as "out of date" (Target: All Chrome versions - Jan 2021)
      • Firefox: In January 2021, Firefox 85 will completely remove Flash support. Adobe will stop shipping security updates for Flash at the end of 2020.
      • Safari: Apple just released the latest Safari Technology preview. It comes with many changes, most notably the removal of support for Adobe Flash.

      Based on that, the goal of this task is to remove unnecessary FlashMagicBytes checks.

      Acceptance Criteria

      • The FlashMagicBytesUtil and FlashMagicBytesUtilTest classes are deprecated
      • All usages of FlashMagicBytesUtil are eliminated

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              shuyang.zhou Shuyang Zhou
              Reporter:
              jose.balsas Chema Balsas
              Engineering Assignee:
              SE Support
              Recent user:
              Brian Chan
              Participants of an Issue:
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Packages

                  Version Package
                  Master