Liferay version older than 7.0

Description

The detected Liferay Portal version is older than 7.0, which contains multiple known security vulnerabilities that have been publicly disclosed and documented. Liferay Portal versions prior to 7.0 are no longer supported and lack critical security patches that address serious vulnerabilities including remote code execution and cross-site scripting flaws. Running outdated versions exposes the application to exploitation by attackers who can leverage these well-documented vulnerabilities.

Remediation

Immediately upgrade Liferay Portal to version 7.0 or later to remediate known vulnerabilities. Follow these steps:

1. Review Current Environment: Document your current Liferay version, installed plugins, customizations, and dependencies
2. Plan the Upgrade: Consult the official Liferay upgrade documentation at https://portal.liferay.dev/ for version-specific migration guides and breaking changes
3. Test in Non-Production: Deploy and thoroughly test the upgraded version in a staging environment to identify compatibility issues with custom code and third-party integrations
4. Backup Data: Create complete backups of your database, document library, and configuration files before proceeding
5. Execute Upgrade: Follow Liferay's official upgrade process, which typically involves database schema updates and data migration scripts
6. Verify Security Patches: After upgrading, ensure all latest security patches are applied by checking the Liferay security advisories page
7. Implement Update Policy: Establish a regular patching schedule to prevent future security gaps

If immediate upgrade is not feasible, implement compensating controls such as web application firewall (WAF) rules, network segmentation, and restricted access until the upgrade can be completed.

References

Related Vulnerabilities