Issue
- Our scanner reported that the Liferay DXP image as well as the Elasticsearch image are vulnerable to CVE-2022-1471, which is about an issue with SnakeYaml.
- Could you please confirm if we have to address this vulnerability?
Environment
- DXP 7.4
Resolution
- CVE-2022-1471 was addressed in DXP 7.4 u75, so higher versions are secured.
Additional Information
- The report-warning appears because the vulnerability in Sidecar (Elasticsearch embedded in Liferay) is present. However, Sidecar should not be used in the production environment.
Conteúdo Excluesivo para Assinantes
Uma Subscrição do Liferay Enterprise fornece acesso a mais de 1.500 artigos que incluem práticas recomendadas, solução de problemas e outras soluções valiosas. Faça login para obter acesso completo.
Entrar