The following issue may compromise the security of your Liferay Digital Experience Platform (DXP) implementation. This notification provides a description of the latest security vulnerability and recommended actions for Liferay Subscribers.

Affected Version/s

• Liferay Digital Experience Platform 7.2
• Liferay Digital Experience Platform 7.1
• Liferay Digital Experience Platform 7.0

Vulnerability Information

• LSV-634: Java deserialization vulnerability in clustered setup

Download

The listed vulnerability will be fixed under DXP Security Fix Pack: 202002. DXP Security Fix Packs require the latest released Fix Pack or can be built on a specific Fix Pack level upon request. Please read the DXP Security Fix Packs article for more information and installation instructions.

For more information on the vulnerability and affected versions for the issue, please visit the Help Center Security Advisories page.