Search Results

Issue Characters as <, >, /, (, ), ", ' which can be used to make scripts, used in HTML and JavaScript are valid to use in the portal as inputs and values, and it can raise security questions The use of these characters did not throw any warning or error messages, neither on the UI nor...

Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue Is there a limit to the number of IdPs registered? Environment DXP7.2+...

Issue A search in Control Panel > Security > Audit always sends empty search parameters in the GET URL. As a result, URLs are very long and can be blocked by firewall-infrastructure. Steps to reproduce: Navigate to Control Panel > Security > Audit Search for "test" Result: URL is very...

Issue A security scan has picked up the following vulnerabilities related to jettison-1.x.x jar: CVE-2022-40150 & CVE-2022-40149. This jar is found in marketplace\Liferay Foundation - Liferay Portal Remote - Impl.lpkg\com.liferay.portal.remote.rest.extender-6.0.12.jar\lib directory....

Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue What happens if I am editing a thread or message on the BBS widget and...

Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue Can I change the number of digits in the CSRF token parameter "p_auth"?...

Issue When trying to log in with an Active Directory user, sign-in failed with the below error ERROR [http-nio-8080-exec-9][BaseSamlStrutsAction:59] Screen name test@liferay.com for user 34945 must validate with com.liferay.portal.kernel.security.auth.DefaultScreenNameValidator: The...

Issue How can I mitigate vulnerability CVE-2022-41853 regarding Liferay DXP?   Environment Liferay Portal 6.2 EE Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3   Resolution CVE-2022-41853 : This vulnerability has been fully fixed with the following LPS-165641  ...

Issue What procedures does Liferay follow to perform security scanning? Environment Liferay DXP Resolution Liferay uses DAST and SAST tools for scanning. Pen test and manual code reviews are performed as well. The internal procedures are classified as proprietary information since a lot...

Issue When adding the notes:// protocol to a link in Knowledge Base, AntiSamy removes it and displays it as text. Environment Liferay DXP 7.2, 7.3 Resolution By default, everything is sanitized by AntiSamy, with 3 exceptions (JournalArticle, BlogsEntry and FragmentEntry).  Knowledge...

Issue Our company has a few external clients whose users have unique screen names, but all share one email address. This is causing various conflicts such as two users being unable to sign in simultaneously. The error in log looks like this below: WARN [https-jsse-nio-0000-exec-000]...

Issue We Blacklisted the Sign-In Portlet with a third-party authentication application and the admin logins were not synchronized in the process and so now we can no longer access our environment. How can we restore access? Environment DXP 7.1 Resolution The best option, in this case,...

Context When a main Liferay instance and a second virtual instance are both connected to the same LDAP server, local Liferay admin users are unable to log in when the “Required” box is checked. In the case where the LDAP is connected and the “Enabled” box is checked, all LDAP users are...

Issue SAML Identity Provider is unable to initiate Single Log Out Notes 1. Set the different virtual hosts as below as an example 127.0.0.1www.bbb.com (For IDP) 127.0.0.1www.sp.com (For SP) 2. Using thetest testuser in this test. Make sure the user share the same password in IDP and SP...

Issue Records are not removed from `samlspsession` table if the user closes the browser instead of logging out. Steps to reproduce: 1. Setup two instances of Liferay to use SAML - one as IDP and one as SP. log into the SP 2. Verify record is created in the SAMLSPSESSION table (in the SP...

Issue I not see the Resource and Global Sub-tabs under the Scopes tab on Oauth2 clients (in Control Panel/ OAuth2 Administration) Environment 7.3+ Resolution After https://issues.liferay.com/browse/LPS-105158 the scope graphic interface change. There is an explanation on...

Issue Is there a way to make both of Liferay and LDAP policies work together, so that users logging via Liferay authentication will be handled by Liferay's password policies and users authenticating with LDAP will be handled by LDAP's password policies? Environment 7.2 DXP Resolution If...

Issue I would like to integrate my portal with an EU Login mock server instance via OpenID Connect It does not work since the OpenID connect server needs Proof Key for Code Exchange (PKCE) After configuration, when I am being redirected from Liferay to the EU Login server instance, I am...

Issue What is the actual functionality of LDAP Import Enabledunder SAML settings Environment Liferay DXP 7.2, 7.3, 7.4 SAML Resolution Checking LDAP Import Enabled under SAML settings affects 3 functions: 1. The SAML NameID or SAML attributes (depending on the selected “User Resolution”...

Issue Liferay is configured to use LDAP When Liferay Authentication will happen? When LDAP Authentication will happen? Environment Liferay DXP 7.0 -7.4 Resolution LDAP authentication always happens before Liferay Authentication. That is becauseLDAPAuthservice is registered...