- #Liferay 5.2.3 sourceforge update#
- #Liferay 5.2.3 sourceforge Patch#
- #Liferay 5.2.3 sourceforge code#
- #Liferay 5.2.3 sourceforge download#
This is third part of of article “Installing Liferay with MySQL, CAS and openLDAP on Ubuntu”.
#Liferay 5.2.3 sourceforge Patch#
Sun has been informed about this vulnerability, however, they informed me they do not consider this vulnerability to be of high enough priority to break their quarterly patch cycle. Currently there is no fix for the bug and according to Tavis Ormand, Oracle/Sun is not planning to do it quickly: Source of this PoC was published by Ruben Santamart. Tavis Ormand created a Proof of Concept application to show exploit in use.
#Liferay 5.2.3 sourceforge code#
This parameter is later on passed to javaws, allowing to run any code on attacked machine. The launch() method of this toolkit accepts url as a parameter, however this parameter is poorly validated, thus allowing passing arbitrary parameters. To explain how the exploit can work, you need to know that ever since 1.6.10 Sun has distributed an NPAPI plugin (for firefox, chrome ect.) and ActiveX control (for Internet Explorer) called “Java Deployment Toolkit” that simplifies distributing applications to the end user by Web Start. In practice anyone can be attacked by simply entering specially designed page.
#Liferay 5.2.3 sourceforge update#
Critical bug that exists inside Java Runtime Environment allows to remotely run code on any machine with Java 6.0 with update 10 or later. Tavis Ormand discovered the bug inside Java Web Start. beside that I just simply wanted to have better control of my blog, which unfortunately wasn’t giving me enough.Īnd that is simply it! See you next time on with somehow growing popularity 🙂 I wanted to bring my blog to another level (by buying domain ))Ģ. So why do I move then? Well honestly two things were cause of the changeġ. For me it was a reward, that my writing actually has some value. I’ve started in May 2009 with 600 visits per month to reach average 6000 per month a year later.įor some it might be impressive, for some it may not. The people I met from all around the world, the thoughts we exchanged (not always agreeing with each other )… well experience have been great. Nevertheless I’ve switched to English completely and after more then one year of blogging, I can honestly say that I don’t regret this at all. It was actually a continuation of previous one, that I was maintaining in Polish language. You still here 🙂 ? Cool! You may know that it’s been more than a year since I started this blog. For those of you who are wondering why I move from, please read on. Please refer to the new address from now on. Note also that in upcoming weeks I will import most of post from this blog to the new one.Īnd that simply it. To tell the long story short: I’m moving my blog to new domain If you read my RSS please change subscription, since I won’t be posting any new stuff here (and I will eventually close this blog on, so it won’t get confusing). _log.Well, it’s true, I’m moving to new site: If( aGroup.isCommunity() & !aGroup.getName().equals( "Guest" ) ) List groups = GroupLocalServiceUtil.getUserGroups( userId ) Long id = ( Long ) ses.getAttribute( "USER_ID" ) Public void run( HttpServletRequest req, HttpServletResponse res ) throws ActionException Private static Log _log = LogFactoryUtil.getLog(CustomLoginPostAction.class) Public class CustomLoginPostAction extends Action Unzip the downloaded source code and import to eclipse to create a new class CustomLoginPostAction in portal-impl sub-project in liferay, the code is here
#Liferay 5.2.3 sourceforge download#
Go to and download liferay-portal-src-5.2.3.zip,
Of course the user is a member of the specified community.Īnother target is not to change liferay source code, just to override its default behavior. Our target is to redirect to a specified community page after a user login. I assume you installed liferay portal v5.2.3 Bundled with Tomcat 5.5 by this way.
0 kommentar(er)
