Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-19143

Provide extra e-mail address check for line breaks when sending e-mail

    Details

    • Branch Version/s:
      6.0.x
    • Backported to Branch:
      Committed

      Description

      Line breaks are not checked when sending e-mail, this can be used for setting new smtp headers (javax.mail doesn't handle it correctly). Liferay should check the line breaks in the e-mail addresses before sending the e-mails out.

      This is not a real vulnerability in the portal as e-mail addresses are validated, but this helps to improve security of the portal and for the custom developments as well.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              support-lep@liferay.com SE Support
              Reporter:
              zsolt.balogh Zsolt Balogh
              Participants of an Issue:
              Recent user:
              Esther Sanz
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                9 years ago

                  Packages

                  Version Package
                  6.0.12 EE
                  6.1.0 CE RC1