Issue
- The variables utilLocator, objectUtil, and staticUtil are restricted and inaccessible to the FreeMarker engine.
- What are the risks of using these variables?
Environment
- All environments
Resolution
- If there are no restrictions, Freemarker templates (ADT) can access critical portal components. Depending on the privilege of this variable, this can cause Freemarker models to access privileged portal resources.
- To mitigate this risk would be that only trusted users should be given the necessary permissions. By limiting who can add/update models in your environment, you can minimize the risk of potential exploitation.
- Review of owners of existing templates may also be required as they have full privileges on the provided templates.
Additional Information
- To make these variables accessible to the FreeMarker engine, please refer to the following link: Creating a new structure with a date field results in a FreeMarker error.
Subscriber Exclusive Content
A Liferay Enterprise Subscription provides access to over 1,500 articles that include best practices, troubleshooting, and other valuable solutions. Sign in for full access.
Sign In