Security

[LES] Elastic's Response to Log4j Exploit (CVE-2021-44228)
ClamAV HFS+ Aviso de seguridad: CVE-2023-20032
Dec 16 Liferay’s Update about Log4j vulnerabilities CVE-2021-4104, CVE-2021-44228 and CVE-2021-45046
Dec 18 Liferay’s Update about Log4j CVE-2021-45105
Delayed: Disabling TLS 1.0 for Inbound Traffic on Liferay Services and Websites
Disabling TLS 1.0 for Inbound Traffic on Liferay Services and Websites
Elasticsearch and Liferay Enterprise Search Security Advisory: 2018 November
Elasticsearch and Liferay Enterprise Search Security Advisory: April 2, 2020
Elasticsearch and Liferay Enterprise Search Security Advisory: April 28, 2021
Elasticsearch and Liferay Enterprise Search Security Advisory: April 7, 2021
Elasticsearch and Liferay Enterprise Search Security Advisory: August 23, 2021
Elasticsearch and Liferay Enterprise Search Security Advisory: August 5, 2020
Elasticsearch and Liferay Enterprise Search Security Advisory: Dec 11, 2021 (Log4j2, CVE-2021-44228, CVE-2021-45046,CVE-2021-45105)
Elasticsearch and Liferay Enterprise Search Security Advisory: February 2019
Elasticsearch and Liferay Enterprise Search Security Advisory: January 15, 2021
Elasticsearch and Liferay Enterprise Search Security Advisory: January 16, 2020
Elasticsearch and Liferay Enterprise Search Security Advisory: July 12, 2021
Elasticsearch and Liferay Enterprise Search Security Advisory: July 23, 2021
Elasticsearch and Liferay Enterprise Search Security Advisory: June 2, 2021
Elasticsearch and Liferay Enterprise Search Security Advisory: June 4, 2020
Elasticsearch and Liferay Enterprise Search Security Advisory: March 2020
Elasticsearch and Liferay Enterprise Search Security Advisory: March 9, 2021
Elasticsearch and Liferay Enterprise Search Security Advisory: Nov 12, 2021
Elasticsearch and Liferay Enterprise Search Security Advisory: October 2019
Elasticsearch and Liferay Enterprise Search Security Advisory: October 22, 2020
Elasticsearch and Liferay Enterprise Search Security Advisory: Sept 2, 2021
Elasticsearch and Liferay Enterprise Search Security Advisory: September 2, 2020
Elastic Security Statement for CVE-2024-3094, xz versions 5.6.0 and 5.6.1
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2022-1364
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2022-23707
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2022-23708, CVE-2022-23709, CVE-2022-23710
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2022-23711
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2022-23713
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2022-38779
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2022-38900
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2023-1370
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2023-31414, CVE-2023-31415, CVE-2023-26486, CVE-2023-26487
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2023-31417
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2023-31418, CVE-2023-31419, CVE-2023-31422
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2023-46671, CVE-2023-46673
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2023-46675, CVE-2023-49921
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2024-12539
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2024-12556, CVE-2024-52974, CVE-2024-52980, CVE-2024-52981
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2024-23445, CVE-2024-37279, CVE-2024-37280, CVE-2024-23442, CVE-2024-23443, CVE-2024-2887, CVE-2024-37281, CVE-2024-37287, CVE-2024-23444
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2024-23446, CVE-2023-7024
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2024-23449
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2024-23450
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2024-37285, CVE-2024-37288
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2024-43706, CVE-2025-2135, CVE-2025-25012 (Kibana)
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2024-43709, CVE-2024-52973, CVE-2024-43710, CVE-2024-43707, CVE-2024-52972, CVE-2024-43708
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2025-25012
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2025-25014, CVE-2024-52979, CVE-2024-11390, CVE-2025-25016
Elastic Stack and Liferay Enterprise Search Security Advisory: CVE-2025-54988 and Elastic's Response to ‘EDR 0-Day Vulnerability’
Elastic Stack and Liferay Enterprise Search Security Advisory: Security Statement for OpenSSL CVE-2022-3786 and CVE-2022-3602, OpenSSL version 3.0.7
Elastic Stack and Liferay Enterprise Search Security Advisory: Security Statement for Oracle July Critical Patch Update CVE-2022-21540, CVE-2022-21541, CVE-2022-21549, CVE-2022-25647, CVE-2022-34169
Elastic Stack and Liferay Enterprise Search Security Advisory: Security Statement regarding CVE-2022-1471
Elastic Stack Security Advisory: CVE-2025-25009, CVE-2025-25017, CVE-2025-25018, CVE-2025-37727
Elastic Stack Security Advisory: CVE-2025-59840, CVE-2025-37731, CVE-2025-37732, CVE-2025-37734
Follow-Up Security Alert for LSV-412 and LSV-545
Jenkins Security Advisory 2024-01-24: CVE-2024-23897
Liferay Cloud Security Alert: June 2019
Liferay Enterprise Search Support Alert: Action Required by June 24 2019
Liferay SaaS Security Alert: March 2020
Liferay Security Alert: 2018 August
Liferay Security Alert: 2019 January
Liferay Security Alert: 2019 June
Liferay Security Alert: 2019 November
Liferay Security Alert: 2019 October
Liferay Security Alert: 2020 February
Liferay Security Alert: 2020 July
Liferay Security Alert: 2020 March
Liferay Security Alert: 2020 May
Liferay Security Alert: 2021 April
Liferay Security Alert: 2022 April
Liferay Security Alert: December 2018
Liferay Security Alert for Liferay DXP
Liferay’s Statement about CVE-2021-44228 (Log4j vulnerability)
Liferay’s Statement about recent Log4j vulnerabilities
Reminder: Follow-Up Security Alert for LSV-412 and LSV-545
Spring4Shell and Spring Cloud Security Advisory
TLS 1.0 Disabled for Inbound Traffic on Liferay Services and Websites
Update: Log4j Security Advisory

Update: Log4j Security Advisory

Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM).

Log4j 2.0+, CVE-2021-44228

Vulnerability Summary

On Dec. 9, 2021 a critical vulnerability was identified in Log4j 2.0+. Log4j is a Java logging library used by many Java based applications worldwide.

It is important to note that not all customers are affected by this vulnerability. Please read the details below to determine whether or not you are impacted by this security issue.

What is the concern?

The primary concern is that the vulnerability could be used via a simple HTTP request. In some cases the vulnerability is believed to provide attackers with the opportunity to execute program code remotely. Liferay recommends all customers take immediate steps to address the issue.

Cómo empezar

Ayuda del Portal del cliente

Liferay Learn

Base de conocimiento

Visión general de seguridad

Informes de seguridad

Release Notes

Actualizaciones del Portal del cliente

Descargas

Mis tickets

Abre un ticket

Escala un ticket

Cobertura de soporte

Servicios y compatibilidad

Contáctanos

Eventos de cliente

Security

Update: Log4j Security Advisory

Vulnerability Summary

What is the concern?

© 2026 Liferay Inc. Todos los derechos reservados |

Política de cookies