Community Security Team

The Liferay Community Security Team is an all-volunteer group of community members who manage security issues related to Liferay Portal.

About the Team

The Liferay Community Security Team is an all-volunteer group of community members who manage security issues related to Liferay CE. When security-related issues arise in the open source Liferay project, the CST works to minimize the impact and provide relief to the community. In addition, the CST provides ongoing education to developers and users to keep their Liferay sites secure.

Goals

The main goal of the CST is to increase the security of Liferay technology. Specific goals include:

  • Find and/or resolve security issues in Liferay CE
  • Notify the community when new issues are resolved, and maintain a history of such known vulnerabilities
  • Provide source and binary patches for security issues in the latest release of Liferay CE
  • Work with the Liferay release teams during the CE Release cycle (e.g. during Beta release testing) to minimize or eliminate security issues before each new GA release
  • Provide guidance and documentation to community developers to prevent introduction of security issues, or to resolve reported issues

Membership

The CST comprises of individuals from the wider Liferay community, as well as employees of Liferay, Inc. All community members are welcome to participate. Because membership gives access to information about potentially sensitive security issues, membership is somewhat limited to those in the Liferay community with a proven track record. The best way to get involved is to review security fixes with a security mindset, get down and dirty and fix a few issues, and interact with the team in its course of duties.