News

CVE-2025-55182 - React Server Components vulnerability

invalid@example.com (David) — Thu, 11 Dec 2025 09:23:40 +0000

This is false positive. LF appliance does not use React server components.

Cannot renew Let's Encrypt certificate

invalid@example.com (David) — Tue, 02 Sep 2025 16:05:25 +0000

Let's Encrypt CA has removed recently the contact email attribute from their API so without updating the LF server the certificate can't be renewed.
This change has been reflected in the LF appliance since version 4.1.9.
If you have installed older version please update optimally to the latest version.
After then re-validate the certificate manually again in "Admin > System > Certificate" settings.

CVE-2024-6387 - regreSSHion

invalid@example.com (David) — Wed, 03 Jul 2024 09:49:06 +0000

LF v3 with Centos7 is not affected.

The LF v4 is not affected as well in case you have enabled at least the System Security Auto Updates (Admin > System > Updates).
Then you should have installed or will have installed the fixed ssh version 1:8.9p1-3ubuntu0.10 (jammy) during a next nightly maintenance.
https://ubuntu.com/security/CVE-2024-6387

How to check Installed version:

Code:

#apt info ssh     

Package: ssh
Version: 1:8.9p1-3ubuntu0.10

LiquidFiles v4 supports the DUO Universal Prompt

invalid@example.com (David) — Tue, 20 Feb 2024 10:24:53 +0000

After the migration to v4 please activate the Universal Prompt in your DUO administration portal.

Spring4Shell

invalid@example.com (David) — Wed, 06 Apr 2022 08:45:06 +0000

LiquidFiles does not use the Pivotal Spring Framework and is therefore not vulnerable to CVE-2010-1622, CVE-2018-1273, CVE-2022-22963, CVE-2022-22965 and similar other related to Spring.

CVE-2021-4034 Polkit Privilege

invalid@example.com (David) — Thu, 27 Jan 2022 10:17:10 +0000

CVE-2021-4034 vulnerability is not risky for LF appliance because it does not use the non privileged accounts in the system for users. Standard LF appliances installed on-presmise even do not have installed the polkit package so these appliances are Not vulnerable at all.

Attention should be paid if you have LF appliance deployed in Azure, where polikit is used by management agents. The polkit in...

CVE-2021-4034 Polkit Privilege

CVE-2021-44228 - LiquidFiles is Not using Log4J

invalid@example.com (David) — Mon, 13 Dec 2021 07:11:15 +0000

We've gotten a fair few support requests over the last couple of days asking if LiquidFiles is vulnerable to the recent Log4J vulnerability (CVE-2021-44228) and it isn't.

LiquidFiles, including the LiquidFiles product and the LiquidFiles company is not using Log4J anywhere now or have been in the past.

And it is a good reminder if you are not using either LiquidFiles v3.5.15 or v3.6.4, it is recommended to update to either of these versions for security, stability, functionality and...

CVE-2021-44228 - LiquidFiles is Not using Log4J

Welcome to the Forum

invalid@example.com (Johan) — Mon, 04 Jan 2016 16:39:28 +0000

Welcome to the LiquidFiles forum.

This is for you to interact with fellow LiquidFiles users, ask questions, share tips and tricks, branding updates and API integrations.

We want to keep this as open and friendly as possible. Use your best judgment at all times and we won't have to add any moderation and similar.

Enjoy!