Hi,

do you have any specific SSRF issue? I'd be glad if you could follow https://www.liferay.com/security - Reporting security issues and create a JIRA ticket. If it's bug in portal code, we fix it and give back to community once it's ready. Thanks!

In general:

SSRF means:
1, your application creates internal requests, for example HTTP requests using HttpClient / URL.openConnection()
2, you are possible (as an attacker) to change the internal request to other location or use different parameters

I think it's best to give an example.

So imagine an application that creates screenshots of some web:
* you enter address
* the application creates internal request to remote application and takes a screenshot of the result
* example: http://myapp.com/screenshot?url=http://liferay.com

When the application is SSRF vulnerable you are able, for example:
1, to call internal systems that are accessible from the screenshot application, e.g. http://myapp.com/screenshot?url=http://company-intranet/employees
2, to call remote systems to try to attack them (hiding yourself from remote system log), e.g. http://myapp.com/screenshot?url=http://vulnerable-system/some-exploit-vector

Prevention:
1) Validate input - use white-list to check allowed URLs (and parameters), example:

private List allowedURLsWhitelist = Arrays.asList(new String[]{
    "http://my-subsystem/my-app?" , "http://10.0.0.15/my-app2?"
});
public String callRemoteServer(String url) {
    if ( ! allowedURLsWhitelist.contains(url) {
        throw new IllegalArgumentException("URL " + url + " is not allowed!!!");
    }
    // ... your code ...
}

2) Correctly escape user input when constructing the remote server URL, example:

String url = "http://my-subsystem/search?q=" + URLEncoder.encode(userSuppliedValue, "UTF-8");