Fixed
Pinned fields
Click on the next to a field label to start pinning.
Details
Assignee
EE SupportEE SupportReporter
Samuel KongSamuel Kong(Deactivated)Priority
LowComponents
Details
Details
Assignee
EE Support
EE SupportReporter
Samuel Kong
Samuel Kong(Deactivated)Priority
LowComponents
Zendesk Support
Zendesk Support
Zendesk Support
Created July 28, 2020 at 7:08 PM
Updated July 21, 2021 at 4:19 AM
Resolved December 11, 2020 at 2:00 AM
The Liferay Connector to Elasticsearch 6 and Liferay Connector to Elasticsearch 7 modules in Liferay DXP 7.0, 7.1 and 7.2 is bundled with Log4j 2.11.2†, which has known vulnerabilities. For more details, please see https://nvd.nist.gov/vuln/search/results?adv_search=true&cpe_version=cpe%3a%2fa%3aapache%3alog4j%3a2.11.2%3a-
DXP
Elasticsearch Connector
Affects Version
Fixed Version
DXP 7.0
Portal Search Elasticsearch 2.x
Not Affected
N/A
DXP 7.0
Connector to Elasticsearch 6 (Marketplace)
v1.1.0 and below
Future version*
DXP 7.1
Connector to Elasticsearch 6 (bundled)
FP19 and below
SP5+/FP20+
DXP 7.2
Connector to Elasticsearch 6 (bundled)
FP7 and below
SP3+/FP8+
DXP 7.2
Connector to Elasticsearch 7 (Marketplace)
v3.0.1 and below
v3.1.0+
*: Subscribers can also request the fix to be provided in a Hotfix LPKG through Liferay Support.