CVE-2022-42131 Liferay products are affected by SSL certificate validation in the Dynamic Data Mapping module's REST data providers.
This issue was resolved in Liferay version 7.5. Bug: When you enable a REST data provider in a Dynamic Data Map, the validation of that REST data provider's SSL certificate might fail. What happens in this scenario is that an error is thrown, but no alert is shown. What happens in this scenario is that an error is thrown, but no alert is shown. This issue was resolved in Liferay version 8.0.
Update: If you use the Apache Tomcat or Jetty server as a REST data provider and you use Liferay 7.2, 7.3, 7.4, or 7.5, you must upgrade to Apache Tomcat 9.0.19 or later, Jetty 9.4.9 or later, or fix pack 17 or later for Liferay DXP 7.2, 7.3, and 7.4. This issue was resolved in Liferay version 8.0. If you use the Apache Tomcat or Jetty server as a REST data provider and you use Liferay 7.2, 7.3, 7.4, or 7.5, you must upgrade to Apache Tomcat 9.0.19 or later, Jetty 9.4.9 or later, or fix pack 17 or later for Liferay DXP 7.2, 7.3, and 7.4.
SSL Certificate Validation Error when Attempting to Enable REST Data Provider in Dynamic Data Map
- - -
When you enable a REST data provider in a Dynamic Data Map, the validation of that REST data provider's SSL certificate might fail. What happens in this scenario is that an error is thrown, but no alert is shown.
- - -
This issue was resolved in Liferay version 8.0.
What is REST?
REST, or Representational State Transfer, is a peer-to-peer architecture that uses HTTP and XML as its primary data formats. It allows web services to be invoked using URLs.
Why should you update?
This issue was resolved in Liferay version 8.0.
How to identify if you are affected
If you're using a Dynamic Data Map, and you're having problems with SSL certificate validation on your REST data provider, this article will help you identify if you are affected by this issue.
What happens in this scenario is that an error is thrown, but no alert is shown.
This issue was resolved in Liferay version 8.0.
Timeline
Published on: 11/15/2022 02:15:00 UTC
Last modified on: 11/18/2022 15:52:00 UTC