The following issue may compromise the security of your Liferay Portal Enterprise Edition (EE) or Liferay Digital Experience Platform implementation. This notification provides a description of the latest security vulnerability and recommended actions for Liferay Subscribers.

Security Alerts: LSV-391, LSV-393, LSV-397

Affected Version(s)

• Liferay Digital Experience Platform 7.1
• Liferay Digital Experience Platform 7.0
• Liferay Portal 6.2 EE
• Liferay Portal 6.1 EE

Vulnerability Information

• LSV-391: Pingback vulnerability in blogs
• LSV-393: Users without proper permissions can add pages
• LSV-397: XXE vulnerability in XSL Content & Web Content

Download

Additional information and security patches are available on the Security Advisories page.