Search Results

Issue Steps to Reproduce: The json-smart.jar's can be found here: osgi/marketplace/Liferay%20Forms%20and%20Workflow%20-%20Liferay%20Dynamic%20Data%20Mapping%20-%20Impl.lpkg/com.liferay.dynamic.data.mapping.data.provider.impl-3.0.17.jar/lib/json-smart-2.2.1.jar...

This article documents the way to configure Liferay DXP 7.x as a Service Provider working with two SSO protocols (Okta using SAML 2.0 and Google OpenID Connect). The basic configuration can be achieved within Liferay out of the box, but extra custom code is required to make it fully...

Issue The user session should be terminated immediately if they close the browser tab or window. Environment DXP 7.0 + Resolution Liferay maintains the session of 30 minutes by default and Liferay doesn't provide any such kind of OOTB feature or property to fulfill the business-specific...

Issue The reset connection option is missing on the License page in DXP 7.3 which is available on the previous releases. Environment Liferay DXP 7.3 GA1 Resolution This is a known limitation of the product that might be resolved in future versions of the Liferay. In order to resolve the...

Issue When changing the screen name or email address of a user, the portal now requires a password verification. This was not a requirement for previous versions of Liferay. Environment DXP 7.3+ Resolution This is a change implemented under LPS-112726 to address security concerns....

Issue When I try to create a new Virtual Instance, the portal displays the error "Your request failed to complete". The portal log shows the following error: ERROR [default task-29][EditInstanceMVCActionCommand:121]...

Issue LDAP settings can be imported into the Liferay environment using osgi/config files These settings are imported into System Settings, and can then be configured for an individual instance in Instance Settings When adding a LDAP server in Instance Settings, the password field is not...

Issue How can a CSP (content security policy) HTTP header that enables only specific external resources to be loaded in the frontend be implemented? Environment Liferay DXP 7.2 Resolution CSP is not currently supported by Liferay at the product level. Liferay DXP and its predecessor,...

Issue The HSTS header cannot completely defend against man-in-the-middle attacks. However, it can be useful in defending against an attack in which an attacker establishes an encrypted connection to the application and presents an unencrypted fraudulent service to the user. This is...

Issue The name of the technologies used, such as Apache Coyote, Tomcat, etc. are visible. Environment Liferay DXP 7.2, DXP 7.3 Resolution  Each application is responsible for allowing its information to be displayed but not Liferay. We can definitely restrict the Verbose related to...

The following issue may compromise the security of your Liferay Digital Experience Platform implementation.  Vulnerability Information The Liferay AntiSamy app depends on third party libraries that have known vulnerabilities. Affected Products Liferay AntiSamy 2.0.x (for Liferay Portal...

Issue The permissions system for an application (portlet) includes a security check when the application is going to be displayed in a page. Normally, the users should not be able to see applications if the administrator did not configured/added previously to that page. It is feasible to...

Issue NTLM SSO protocol has some vulnerabilities addressed by Microsoft in CVE-2020-1472 (external link), forcing to use the secure RPC connection. See also How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (external link). It's not possible...

Issue Unable to upload a file bigger than 10MB after enabling antivirus with the following error in the log 2021-07-19 08:35:43.476 ERROR [http-nio-8080-exec-9][PortletServlet:119] javax.portlet.PortletException: fi.solita.clamav.ClamAVSizeLimitException: Clamd size limit exceeded. Full...

The following issue may compromise the security of your Liferay Digital Experience Platform implementation.  Vulnerability Information The Liferay Fjord Theme and Liferay 1975 London Theme depend on third party libraries that have known vulnerabilities. These vulnerabilities affect the...

Issue Is there a way to find out how and by whom a user was created? Environment Liferay DXP 7.2 Resolution The steps below can be used to track user activity. Log in by 'Test' user (Admin User) Create a new user (Name: user1 u1, Screen Name: user1) and assign Administrator Role to it....

Issue This article outlines how to set up a Mail Server and SMTP in Liferay DXP to receive emails. Environment Liferay DXP 7.3 Resolution Liferay DXP uses a mail server and SMTP to get email notifications. Liferay DXP’s built-in mail session is the easiest way to configure mail and it’s...

Issue The question is whether Liferay Portal 6.2 supports NTLM and NTLMv2 Environment Liferay Portal 6.2 Resolution The library used in Liferay Portal 6.2 supports both NTLM and NTLMv2 There is a property that can be set in portal-ext.properties to control the LMCompatibility in the...

Issue How the sessions are managed in Liferay and what are all the different types to configure the same. Also, whether the Liferay session work for the javascript disabled browsers? Environment Liferay DXP 7.1 Resolution How sessions are managed in Liferay Application server will manage...

Issue Requirement is to upgrade the Bootstrap library.  Is functionality impacted when upgrading to Bootstrap 5 in portal 6.2 ?  Is Liferay portal 6.2 compatible with Bootstrap 5? Is it supported ? Environment Liferay portal 6.2 Resolution Note: Please choose to follow unofficial...