Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-82849

Disable Gogo Shell Telnet Access To Prevent Wide Range Of Vulnerabilities

Details

    Description

      With Gogo Shell Portlet now available in portal 7.1 we should disable telnet access as a security precaution.

      With telnet listening on localhost:11311 any potential XXE or SSRF vulnerability or other local application can compromise portal installation.

       

      The telnet access will still be available for components that depends on it (portal upgrade) and for developers in portal-developer.properties

      Attachments

        Issue Links

          Activity

            People

              victor.ware Victor Ware
              tomas.polesovsky Tomáš Polešovský
              Kiyoshi Lee Kiyoshi Lee
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Packages

                  Version Package
                  7.1.0 CE GA1
                  7.1.10 DXP FP1
                  Master