Issue
- Our scanner reported that the Liferay DXP image as well as the Elasticsearch image are vulnerable to CVE-2022-1471, which is about an issue with SnakeYaml.
- Could you please confirm if we have to address this vulnerability?
Environment
- DXP 7.4
Resolution
- CVE-2022-1471 was addressed in DXP 7.4 u75, so higher versions are secured.
Additional Information
- The report-warning appears because the vulnerability in Sidecar (Elasticsearch embedded in Liferay) is present. However, Sidecar should not be used in the production environment.
Contenido exclusivo para suscriptores.
Una Suscripción Enterprise de Liferay proporciona acceso a más de 1.500 artículos que incluyen las mejores practicas, diagnóstico de problemas y otras soluciones útiles. Inicia sesión para tener un acceso completo.
Inicia sesión