Search Results

All Results 435
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
User did not provide a valid CSRF token Error
Troubleshooting
Issue Portlet Action requests intermittently returning a 403 error code. In the logs the following error message regarding invalid CSRF token gets printed whenever the 403 error is thrown. "User [user_id] did not provide...
Email Address Validation for Forgot Password
Issue The Forgot Password option does not validate if the user enters a correct email address. You can enter anything and the field will accept it. Two types of validation are expected: Email format validation (to...
Login URL Parameters Reported as Security Threat
legacy Troubleshooting
Issue Vulnerability Assessment and Penetration Testing (VAPT) reports the parameters passed in the login request as a security threat. How can these parameters be removed or mitigated? Environment Liferay DXP 7.4+...
User profile is visible when accessing the /web/test
legacy Troubleshooting
Issue When accessing localhost:8080/web/test, the user profile is visible to guest users. The concern is that the user data being accessible to guest users poses a security threat. Environment Liferay DXP 7.4...
Password syntax checking error does not appear when configuring with Minimum Lowercase 1 when creating a new account
Troubleshooting
Issue I have an issue with checking the password syntax. When they configure the password syntax with Minimum Lowercase 1, Minimum Symbols 1, and Minimum Uppercase 1, try to create an account for a guest user, type a...
How to allow unauthenticated (guest user) requests for GraphQL
Troubleshooting
Issue I implemented ReactJS Widget that relies on GraphQL requests for custom object values, with a widget exposing object entries to the public. However, unauthenticated GrapQL requests are disabled by default and...
Can Liferay pass User Roles to the Service Provider?
legacy
Issue In a SAML configuration where Liferay acts as the Identity Provider, is Liferay able to pass its User Roles to the Service Provider?   Environment Liferay 7.4   Resolution Yes, it is possible. Liferay will send...
XSS Vulnerability present when using Web Content Article's source code
Troubleshooting
Issue We've observed a XSS Vulnerability present when using Web Content Article's source code.  This vulnerability appears to be present when involving the deployment of a payload via the source code.  Steps to...
SAML - Can you end the Identity Provider's session when the Service Provider's session times out?
legacy Troubleshooting
Issue We have Liferay configured as a SAML Service Provider (SP), and we use third-party software as the Identity Provider (IdP) Our IdP is used for multiple applications, so its session timeout is set for a...
Is integration of mTLS possible in Liferay?
legacy How To
Issue We are required to use mTLS (Mutual Transport Layer Security) for certain requests Is it possible to integrate mTLS with Liferay? Environment DXP 7.4 Quarterly Releases Resolution Yes, it is possible to...
Setting up Liferay as both IDP and SP (SAML)
legacy How To
Issue This article outlines how to configure two Liferay DXP bundles for SAML authentication with one functioning as the Service Provider (SP) and the second as the Identity Provider (IdP). Environment DXP...
Updating React dependencies to later version
legacy
Issue As part of the security audit, the old version of the React might be vulnerable to attacks. Is there a way to hide the React version that Liferay displays? Environment Liferay DXP 7.3 Resolution At this...
Will a curl vulnerability impact Liferay DXP?
legacy
Issue There have been security announcements that are deemed to be a high-risk vulnerability that is caused by curl 8.4.0.   Environment DXP 7.3 Resolution Liferay DXP does not use the libcurl library. In conclusion,...
Is it Liferay vulnerable to the Log4j Vulnerability CVE-2019-17571?
legacy
Issue After search in the following folder:/tomcat/webapps/ROOT/WEB-INF/lib/log4j-extras.jar is notice that the log4 is available as part of product, so the Liferay is it vulnerable to this lib? Environment All...
Nested Azure AD Groups are not assigned to Liferay groups
legacy Troubleshooting
Issue You want to assign Liferay user groups via dynamic Azure AD groups when logging in with SAML. For this, certain rules of Azure AD groups are in place based on your needs. There might be an issue where nested...
Vulnerability in CKeditor 4.18.0
legacy Troubleshooting
Issue In Liferay, a vulnerable version of CKEditor 4.18.0 is being used. The vulnerability CVE-2023-28439 is present in the CKEditor versions less than 4.21.0. Environment Liferay DXP 7.0+ Resolution The observed...
Differentiate multiple Identity Provider when click on the Sign-in button
legacy
Issue How the user can login to specific IDP when multiple IDPs are configured on the portal? Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Resolution While using...
How to enable cookies and the banner, consent panel
legacy How To
Issue How to enable the cookie preference handling as well as the configuration options for both the banner and the consent panel. Environment Liferay DXP 7.4 Resolution This feature was introduced in the Liferay...
Setting sameSite attribute in Cookie for header response on JBoss EAP 7.2
legacy How To
Issue How to add the sameSite attribute as 'Strict' on the cookies JSESSIONID,COOKIE_SUPPORT,GUEST_LANGUAGE_ID on JBoss EAP 7.2 Environment Liferay DXP 7.4 JBoss EAP 7.2 Resolution In JBoss, navigate...
p_auth token missing from GET request
legacy
Issue After enabling CSRF Tokens, a p_auth token is appended to URLs, as expected. However, we noticed that if we manually remove this from the end of a URL and hit enter, we are still able to access the page,...