Search Results

All Results 435
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Authentication through LDAP when SAML is enabled
legacy Troubleshooting
Issue Liferay has to authenticate the user through SAML as well as LDAP when SAML is enabled Environment Liferay Portal 6.2 Liferay DXP 7.0 Liferay DXP 7.1 Resolution Authenticating users from LDAP when the...
LDAP users are able to login with Default User Password
legacy
Issue Users from LDAP are able to login with the value which is defined in "Default User Password" field under the LDAP import/export settings. Environment Liferay DXP 7.0 Resolution Liferay will allow the...
[LES] Issues reinstalling Liferay Connector to X-Pack Security
legacy How To
Issue I'm having issues reinstalling X-Pack Security How do I reinstall X-Pack Security? Environment DXP 7.2    DXP 7.1    DXP 7.0 + Fix Pack 54 onwards (de-54) Resolution To Install Add Liferay Connector to X-Pack...
CSRF (p_auth) token is not included in portlet ResourceURLs
legacy
Issue p_auth token is not included in the resourceURL. Environment Liferay DXP Liferay 6.2 EE Resolution ResourceURLs (resource serving phase) was introduced in Portlet 2.0 to be able to serve resources (images, etc...)...
Preventing host header attack vulnerabilities
legacy How To
Issue Adjusting the Host header in the request can impact page rendering, redirections, and other server-side behaviors. This manipulation could potentially lead to Cross-Site Scripting (XSS) for example. Environment...
[LES] How to reinstall Liferay Connector to X-Pack Security
legacy How To
Issue How can I reinstall x-pack security? Environment DXP 7.2    DXP 7.1    DXP 7.0 + Fix Pack 54 onward (de-54) Resolution When we uninstall X-Pack security, an entry is added to Bundle Blacklist at this...
Antisamy - Document description field not sanitized
legacy
Issue While the title of a document cannot contain a tag or script in the description section tags and scripts can be published. Environment Liferay DXP 7.0 Resolution The AntiSamy module filters on specific...
How to reproduce https:// problems on localhost
legacy How To
Issue If we are using https protocol the related use cases are hard to proof on localhost Environment Liferay DXP 7.0 Liferay DXP 7.1 Use Firefox (Firefox is recommended, as Chrome does not allow self-signed...
Security Advisory for CVE-2019-2729 for Oracle WebLogic
legacy Troubleshooting
Issue Oracle has issued a security alert for Oracle WebLogic wherein a deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services has been detected. The following resource and information are...
How to configure the "check-auth-token" parameter within an OSGi portlet?
legacy How To
Issue The current Liferay DXP portal properties file contains the following for the "check-auth-token" parameter: # # Set this to true to enable authentication token security checks. The # checks can be disabled...
Is request-based p_auth token supported to prevent CSRF attack?
legacy
Issue To prevent CSRF attacks, Liferay provides options to enable authentication token security checks. The current token is session-based token. Is request-based p_auth token supported? Environment Liferay DXP 7.1...
The Password Reset Screen is no longer showing the "Please set a new password" description
legacy
Issue After upgrading from 6.x to 7.x, the Password Reset Screen is no longer showing the "Please set a new password" description text. Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Resolution The "Please set...
How to upload authentication XML file from Bing ownership verification
legacy How To
Issue One of the methods to complete the verification process required to add a website to a Bing Webmaster Tools account is uploading a XML file to the root directory of the website and make it available on...
Apply button in OAuth 2 Administration is not working
legacy Troubleshooting
Issue When making changes under OAuth 2 Administration, such as generating a new client secret or editing Client ID, the Apply button may not respond when clicked. When viewing the browser console, you will see:...
Password is visible as a plain text in LDAP request
legacy Troubleshooting
Issue When intercepting the LDAP request using any third party tool(ex. Wireshark) password is visible as a plain text Environment Liferay 7.0 Resolution Enabling LDAP over SSL will transmit the credentials...
Whether to use OpenSSL
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue In...
Session lost on page redirect using POST method when request header is SameSite=LAX
legacy Troubleshooting
Issue The problem is happening when using POST method to receive data from another portal on a different domain, which is considered unsafe when request header is SameSite=LAX, that because if this header is not...
Existing users password encryption algorithm is not updated on password reset
legacy Troubleshooting
Issue The password encryption algorithm of existing users is not being updated after doing a password reset. Environment DXP 7.4 Resolution To resolve this behavior, open a help center ticket to request a hotfix...
Special characters which are used for XSS can be saved as an input without any warning
legacy
Issue Characters as <, >, /, (, ), ", ' which can be used to make scripts, used in HTML and JavaScript are valid to use in the portal as inputs and values, and it can raise security questions The use of these...
Detected vulnerabilities related to Jettison
legacy Troubleshooting
Issue A security scan has picked up the following vulnerabilities related to jettison-1.x.x jar: CVE-2022-40150 & CVE-2022-40149. This jar is found in marketplace\Liferay Foundation - Liferay Portal Remote -...