Tue, 29 May 2018 04:00:00 +0000
CST-7050 BREACH attack vulnerability
The portal may be vulnerable to BREACH attacks if the portal is using HTTPS and compression (GZip) is enabled.
Disable compression by setting com.liferay.portal.servlet.filters.gzip.GZipFilter=false in portal-ext.properties.
There is no patch available for Liferay Portal 7.0 CE GA6. Instead, users should upgrade to Liferay Portal 7.0 CE GA7 (7.0.6) or later to fix this issue.