Search Results

Issue The Liferay uses the log4j-core Library which was reported to have a vulnerability. Environment Liferay DXP 7.1 Liferay DXP 7.2 until fix-pack 16 Liferay DXP 7.3 until SP3 Resolution Yes, the Liferay is vulnerable to this CVE in the versions mentioned above, the resolution is...

Issue If the password is changed in the Active Directory, the user will still be able to log in to DXP? If we delete the user from Active Directory, the user will still be able to log in to DXP? How to import/ export the users from LDAP Directory to Liferay DB and vice versa. How users...

Issue There have been security announcements that are deemed to be a high-risk vulnerability that is caused by curl 8.4.0.   Environment DXP 7.3 Resolution Liferay DXP does not use the libcurl library. In conclusion, Liferay DXP is not vulnerable to this type of curl security...

Issue After search in the following folder:/tomcat/webapps/ROOT/WEB-INF/lib/log4j-extras.jar is notice that the log4 is available as part of product, so the Liferay is it vulnerable to this lib? Environment All environments Resolution By default Liferay don't use the SocketServer class...

Issue This article outlines how to configure two Liferay DXP bundles for SAML authentication with one functioning as the Service Provider (SP) and the second as the Identity Provider (IdP). Environment DXP 7.4 Resolution Note: The below steps are for testing purposes only. Extract two...

Issue As part of the security audit, the old version of the React might be vulnerable to attacks. Is there a way to hide the React version that Liferay displays? Environment Liferay DXP 7.3 Resolution At this point of writing this article, Liferay is using React version 16.12.0 and is in...

Issue In Liferay, a vulnerable version of CKEditor 4.18.0 is being used. The vulnerability CVE-2023-28439 is present in the CKEditor versions less than 4.21.0. Environment Liferay DXP 7.0+ Resolution The observed behavior is a known issue addressed by the LPS-196513. Additional...

Issue You want to assign Liferay user groups via dynamic Azure AD groups when logging in with SAML. For this, certain rules of Azure AD groups are in place based on your needs. There might be an issue where nested groups are not associated correctly in case you use Graph API's memberOf...

Issue How the user can login to specific IDP when multiple IDPs are configured on the portal? Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Resolution While using multiple IDPs, as soon as the user clicks on Sign-in button, it gives the list...

Issue Is SELinux configuration compatible with Liferay DXP 7.4? Environment Liferay DXP 7.4 Running on one of the supported Operating Systems Resolution It is possible to set up SELinux to work with Liferay DXP 7.4 It is up to the customer to create the correct configuration that works...

Issue Cross Document Messaging (also known as Web Messaging) introduced the postMessage() method, with which plaintext messages can be sent cross-origin. It consists of two parameters: “message”, and “targetOrigin”. If "targetOrigin" is set to ''*" this indicates that it can disclose the...

Issue Trying to attempt to work with the CSP feature, which is present in update 90 under feature flags, but users are still experiencing issues where they are unable to edit the page and it is continuously loading.  Navigate to Control Panel> Instance Setting> Features Flag -> Enabled...

Issue Facing high CPU utilization while logging-in high number of users per minute continuously (24x7) using username-password authentication, mostly while fetching data using some scripts. Environment Liferay DXP 7.0+ Resolution Password hashing is a costly operation, as it uses high...

Issue Trying to write a custom remote service using Liferay (ServiceImpl file), so which method may be used to authenticate using a token rather than credentials? Environment Liferay DXP 7.4 Resolution Liferay has Authentication Verifiers that authenticate remote invocations of Liferay...

Issue We followed the instructions below to enable document virus scanning, but we do not see any way to confirm the ClamAV integration was successful or that file scans are occurring when new files are uploaded to Documents and Media. Is there a way to validate the ClamAV - Liferay...

Issue We store several things in our OpenID access token and when a user tries to log in, it fails because the token size exceeds the 3000-character limit specified in the ACCESSTOKEN column of the OPENIDCONNECTSESSION table Environment Liferay DXP 7.2+ Oracle database Resolution The...

Issue We turned on AntiSamy but it removes certain HTML code and CSS styles from our Web Content articles. Environment DXP 7.0+ Resolution Usage of HTML and CSS in Web Content article HTML fields Web content articles are not really intended to be used like this - they should not replace...

Issue We configured AntiSamy to santize Web Content articles. We would like to understand how AntiSamy works and what parts are expected to be removed in Web Content articles. Environment DXP 7.0+ Resolution In the article How to configure validation directives in AntiSamy, you can find...

Issue Our team is the design phase for authentication and we want to know if Liferay supports IDP and SP initiated SAML logins at the same time?  Environment DXP 7.4 Resolution No, a single instance should not be both an IDP and a SP. With Liferay, you are either an IDP or an SP. For...

Issue With SAML and Force Authentication enabled, I am required to reauthenticate requests from the SP Environment DXP 7.3, 7.4 Resolution This behavior is intended, but to avoid manual reauthentication in this scenario, disable the Force Authentication setting. Additional Information...