Project Security

The following security issues have been identified and addressed:

Version 3.0.1

  • CVEID: CVE-2018-1306

    DESCRIPTION: The PortletV3AnnotatedDemo Multipart Portlet war file code could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.

    Versions Affected:
    3.0.0

    Mitigation:
    * Uninstall the PortletV3AnnotatedDemo Multipart Portlet war file
    - or -
    * migrate to version 3.0.1

  • CVEID: CVE-2015-1926

    DESCRIPTION: The Java Portlet Specification API jar file code could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to resources located within the web application. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.

    Versions Affected:
    2.0.0
    3.0.0

    Mitigation:
    * migrate to version 3.0.1