The following security advisories have been announced for Liferay Portal 6.1 CE GA2 (6.1.1):
- CST-SA: LPS-30437 Users without permission can create folders/files in the root folder
- CST-SA: LPS-28550 Able to view any journal structure/template's source
- CST-SA: LPS-30796 Delete any file on the server (Knowledge Base)
As always, a source patch for each vulnerability is now available through the
Known Vulnerabilities page. In addition, a cumulative source and binary patch are available. Please see the
Security Patch Information page for details on how to apply these patches.
Liferay Portal CE users are strongly advised to keep abreast of all new security advisories and apply associated fixes to your Liferay deployments.
Please sign in to flag this as inappropriate.
