The following issue may compromise the security of your Liferay Portal Enterprise Edition (EE) or Liferay Digital Experience Platform implementation. This notification provides a description of the latest security vulnerability and recommended actions for Liferay Subscribers.

Affected Version/s

• Liferay Digital Experience Platform 7.2
• Liferay Digital Experience Platform 7.1
• Liferay Digital Experience Platform 7.0
• Liferay Portal 6.2 EE

Vulnerability Information

• LSV-399: Security vulnerabilities in Apache Tika
• LSV-535: SQL injection in asset framework
• LSV-545: Unauthenticated Remote code execution via JSONWS

Download

The listed vulnerabilities will be fixed under DXP Security Fix Pack: 201902. Please read the DXP Security Fix Packs article for more information and installation instructions for DXP Security Fix Packs.

For more information on the vulnerabilities and affected versions for each issue, please visit the Help Center Security Advisories page.