Issue
- After applying the workaround indicated in this Security Advisory LSV-545: Unauthenticated Remote code execution via JSONWS (CVE-2020-7961), every client-side web service call to the JSONWS-API is failing:
json.web.service.enabled=false
- This does not allow users to set Tags, Categories and Topics in Web Content.
Environment
- Liferay DXP 7.0, 7.1, 7.2
Resolution
- This is an expected behavior.
- The workaround's main goal is to mitigate this vulnerability until the issue can be patched correctly, either by Fix Pack or Security Fix Pack.
- The recommended long-term solution is to move to a patch level where this issue is fixed.
- Please follow the instructions indicated in section Patch Availability of the corresponding Security Advisory.
.Additional Information
Subscriber Exclusive Content
A Liferay Enterprise Subscription provides access to over 1,500 articles that include best practices, troubleshooting, and other valuable solutions. Sign in for full access.
Sign In