Wed, 21 Nov 2018 08:19:00 +0000
CST-7110 Path traversal vulnerability in templates
Liferay Portal 7.1 CE GA1 contains a path traversal vulnerability in Web Content templates and Application Display Templates (ADT). The vulnerability allows any user with permission to create templates to read any file on the system.
Review your portal permissions and ensure only trusted users have permission to add/edit Web Content templates and ADTs.
There is no patch available for Liferay Portal 7.1 CE GA1. Instead, users should upgrade to Liferay Portal 7.1 CE GA2 (7.1.1) or later to fix this issue.