Issue
- Our scanner reported that the Liferay DXP image as well as the Elasticsearch image are vulnerable to CVE-2022-1471, which is about an issue with SnakeYaml.
- Could you please confirm if we have to address this vulnerability?
Environment
- DXP 7.4
Resolution
- CVE-2022-1471 was addressed in DXP 7.4 u75, so higher versions are secured.
Additional Information
- The report-warning appears because the vulnerability in Sidecar (Elasticsearch embedded in Liferay) is present. However, Sidecar should not be used in the production environment.
Subscriber Exclusive Content
A Liferay Enterprise Subscription provides access to over 1,500 articles that include best practices, troubleshooting, and other valuable solutions. Sign in for full access.
Sign In