Foren

Liferay status relative to current Java 7u10-11 vulnerability?

Tom Cloyd, geändert vor 11 Jahren.

Liferay status relative to current Java 7u10-11 vulnerability?

New Member Beitrag: 1 Beitrittsdatum: 08.01.13 Neueste Beiträge
It's not looking good for Java, if this is to be believed. I'm NOT a java programmer, and only just starting with Liferay, so I'm concerned. I don't see any discussion of this issue in the forums. Does anyone have any idea what the answer to my question might be, both immediately and going forward?
thumbnail
David H Nebinger, geändert vor 11 Jahren.

RE: Liferay status relative to current Java 7u10-11 vulnerability?

Liferay Legend Beiträge: 14914 Beitrittsdatum: 02.09.06 Neueste Beiträge
Liferay is not compatible w/ java 7, so the fix is not relevant.

That said, the vulnerability involves both java 5 and java 6, and there is yet to be a patch for either.

However, if you read the actual information, the attack vector is only on the client side in the browser using the java plugin. Server side java is not part of the attack vector, so this makes the vulnerability also irrelevant.