¡Te damos la bienvenida a la nueva experiencia del Portal del cliente de Liferay!
Acabamos de completar la migración al nuevo Portal del cliente y gestión de tickets de soporte. Navega por la página de incio y el menú superior para conocer todos los recursos y herramientas a tu alcance. Ten en cuenta:
Peticiones en marcha: Puedes encontrar los tickets de soporte que tenías en marcha antes de la migración haciendo click en Mis tickets desde la página de inicio o desde el menú desplegable de Soporte.
Peticiones nuevas de soporte: Puedes crear un nuevo ticket de soporte haciendo click en Crear un ticket desde la página de inicio o desde el menú desplegable de Soporte.
Si encuentras cualquier problema para crear nuevos tickets al Soporte de Liferay en el nuevo sistema, contáctanos mediante support.liferay.com/callback-request.

Security

Volver a Security Alert

Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2023-31414, CVE-2023-31415, CVE-2023-26486, CVE-2023-26487

The following issues may affect the functionality of your Liferay DXP, Liferay Enterprise Search environment and your Elastic Stack.

Vulnerability Information

Kibana Cross-Site Scripting (ESA-2023-05)

A flaw (CVE-2023-26486) was discovered in one of Kibana’s dependencies, which could allow arbitrary JavaScript to be executed in a victim’s browser via a maliciously crafted custom visualization in Kibana.

Affected Versions:

Kibana versions 7.9.0 to 7.17.9 and Kibana versions 8.0.0 to 8.6.2

Solutions and Mitigations:

The issue is resolved in versions 7.17.10 and 8.7.0

If you are unable to upgrade and are on Kibana versions >= 8.3.0, the XSS can be mitigated by setting csp.disableUnsafeEval: true in your kibana.yml file. Note that this setting is in technical preview until Kibana 8.7.0, after which it is enabled by default.

CVSSv3: 6.1(Medium) - AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVE ID: CVE-2023-26486

Kibana Cross-Site Scripting (ESA-2023-06)

A flaw (CVE-2023-26487) was discovered in one of Kibana’s dependencies, which could allow arbitrary JavaScript to be executed in a victim’s browser via a maliciously crafted custom visualization in Kibana.

Affected Versions:
Kibana versions 7.17.4 to 7.17.9 and Kibana versions 8.2.0 to 8.6.2

Solutions and Mitigations:
The issue is resolved in versions 7.17.10 and 8.7.0

If you are unable to upgrade and are on Kibana versions >= 8.3.0, the XSS can be mitigated by setting csp.disableUnsafeEval: true in your kibana.yml file. Note that this setting is in technical preview until Kibana 8.7.0, after which it is enabled by default.

CVSSv3: 6.1(Medium) - AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE ID: CVE-2023-26487

Search Engine Compatibility Matrix

Reference the information here for the detailed Elasticsearch compatibility including the compatible connector versions and required patch levels.

Source

https://discuss.elastic.co/t/elastic-stack-8-7-0-7-17-10-security-updates/332327

Elastic, Elasticsearch, and X-Pack are trademarks of Elasticsearch BV, registered in the U.S. and in other countries.

On this page

Cómo empezar

Ayuda del Portal del cliente

Liferay Learn

Artículos prácticos

Visión general de seguridad

Informes de seguridad

Release Notes

Actualizaciones del Portal del cliente

Descargas

Mis tickets

Abre un ticket

Escala un ticket

Cobertura de soporte

Servicios y compatibilidad

Contáctanos

Eventos de cliente