The following issue may compromise the security of your Liferay Portal Enterprise Edition (EE) implementation. This notification provides a description of the latest security vulnerability and recommended actions for Liferay Subscribers.

Affected Version/s

• Liferay Digital Experience Platform 7.2
• Liferay Digital Experience Platform 7.1
• Liferay Digital Experience Platform 7.0

Vulnerability Information

• LSV-614: Mail server DoS using /user/send-password-by-*

Download

The listed vulnerability will be fixed under DXP Security Fix Pack: 201903. Please read the DXP Security Fix Packs article for more information and installation instructions for DXP Security Fix Packs.

Important note for DXP 7.1: Due to an administrative issue, liferay-security-dxp-14-201903-1-7110.zip did not include the fixes from the 201902 security fix pack. To address this, a new fix pack liferay-security-dxp-14-201903-2-7110.zip was built and released. Deployments using the previous build are advised to move to this patch level.

For more information on the vulnerability and affected versions for the issue, please visit the Help Center Security Advisories page.