Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-82849

Disable Gogo Shell Telnet Access To Prevent Wide Range Of Vulnerabilities

    Details

      Description

      With Gogo Shell Portlet now available in portal 7.1 we should disable telnet access as a security precaution.

      With telnet listening on localhost:11311 any potential XXE or SSRF vulnerability or other local application can compromise portal installation.

       

      The telnet access will still be available for components that depends on it (portal upgrade) and for developers in portal-developer.properties

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Packages

                  Version Package
                  7.1.0 CE GA1
                  7.1.10 DXP FP1
                  Master