Mon, 12 Nov 2018 07:31:00 +0000
CST-7105 LDAP injection
An LDAP injection vulnerability exits in Liferay 7.1 CE GA1 with user group names.
Ensure that only trusted individuals have permission to create user groups.
There is no patch available for Liferay Portal 7.1 CE GA1. Instead, users should upgrade to Liferay Portal 7.1 CE GA2 (7.1.1) or later to fix this issue.