Security

検索バー
Security Alert に戻る

Liferay Security Alert for Liferay DXP

Published: October 24, 2023

The following issues may compromise the security of your Liferay Digital Experience Platform (DXP) implementation. This notification provides a summary of the latest security vulnerabilities and recommended actions for Liferay Subscribers. More details can be found in each LSV article or by visiting the Help Center Security Advisories page (https://help.liferay.com/hc/articles/360018875952).

Please locate the version(s) of Liferay DXP you are using in order to understand the impact of this security announcement. Liferay DXP Quarterly Release 2023.Q3.1 is not affected by these vulnerabilities.

Affected Version

  • Liferay DXP 7.4

Vulnerability Information

  • LSV-1257 / CVE-2023-42497
    • Resolved in DXP 7.4 Update 86.
  • LSV-1246 / CVE-2023-44311
    • Resolved in DXP 7.4 Update 90.
  • LSV-1240 / CVE-2023-42629
    • Resolved in DXP 7.4 Update 88.
  • LSV-1237 / CVE-2023-42628
    • Multiple affected versions: all DXP versions.
    • Resolved in DXP 7.4 Update 88.
  • LSV-1236 / CVE-2023-42627
    • Multiple affected versions: DXP 7.3, Commerce 2.2, Commerce 2.1.
    • Resolved in DXP 7.4 Update 92.
  • LSV-1194 / CVE-2023-44310
    • Multiple affected versions: DXP 7.3.
    • Resolved in DXP 7.4 Update 79.
  • LSV-1159 / CVE-2023-44309
    • Resolved in DXP 7.4 Update 54.

Affected Version

  • Liferay DXP 7.3

Vulnerability Information

  • LSV-1237 / CVE-2023-42628
    • Multiple affected versions: all DXP versions.
  • LSV-1236 / CVE-2023-42627
    • Multiple affected versions: DXP 7.4, Commerce 2.2, Commerce 2.1.
  • LSV-1194 / CVE-2023-44310
    • Multiple affected versions: DXP 7.4.
    • Resolved in DXP 7.3 Update 24.

Affected Versions

  • Liferay DXP 7.2
  • Liferay DXP 7.1
  • Liferay DXP 7.0

Vulnerability Information

  • LSV-1237 / CVE-2023-42628
    • Multiple affected versions: all DXP versions.
    • Resolved in DXP 7.4 Update 88

Download

For Liferay DXP 7.4, please migrate to Quarterly Release 2023.Q3.1. However, all of the listed vulnerabilities are fixed in Liferay DXP Update 92.

These fixes can be issued as a hotfix for Updates upon request. For all other versions, please open a Help Center ticket and request a hotfix to resolve these security vulnerabilities.

Official releases to resolve all listed vulnerabilities are in progress. These fixes can be issued as a hotfix for previous Updates or Fix Packs upon request. For more information about these vulnerabilities and affected versions, please visit the Help Center Security Advisories page. 

On this page