Search Results

All Results 435
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Observing 'Your connection is not private' Warning on Help Center Downloads
legacy Troubleshooting
Issue When trying to download a quarterly release from Liferay's Help Center we are getting a browser error that says 'Your connection is not private... Attackers might be trying to steal your information...'...
Critical Remote Code Execution Backdoor Vulnerability
legacy
Issue A critical remote code Backdoor vulnerability was discovered on the open source XZ utils. This is CVE-2024-3094 with a maximum CVSS3 score of 10.0 Environment Liferay DXP 7.4 Resolution The Docker images,...
Unable to process the OpenID Connect login: Resource URI must be absolute and with no query or fragment
legacy Troubleshooting
Issue Unable to login with OpenID from the Sign-In portlet: ERROR [http-nio-8080-exec-2][OpenIdConnectLoginRequestMVCActionCommand:190] Unable to process the OpenID Connect login: java.lang.IllegalStateException:...
Cipher Keys used in DXP 7.1 and 7.3
legacy
Issue Our security team would like to know whether Liferay DXP 7.1 and DXP 7.3 uses any of the following cipher keys? DES, 3DES, IDEA or RC2 Environment Liferay DXP 7.1 Liferay DXP 7.3 Resolution The algorithms...
HTTP Strict-Transport-Security Header in Liferay
legacy
Issue Is HTTP Strict-Transport-Security Header enabled in Liferay? Environment Liferay DXP 7.4 Resolution Liferay enables HTTP security headers such as 'http.header.secure.x.content.type.options',...
Vulnerability: Robots.txt file must not be accessed and should be blocked
legacy Troubleshooting
Issue Encountered a vulnerability issue with the robots.txt file and the vulnerability test suggests preventing the robots.txt file from being accessed. Environment Liferay DXP 7.3 Liferay DXP 7.4...
GitHub Token Leak Exposure
legacy
Issue GitHub Personal Access Token has been leaked in a public Docker container hosted on Docker Hub. Some of the malicious packages like testbrojct2, proxyfullscraper, proxyalhttp and proxyfullscrapers work...
Unable to Cancel Shutdown Event
legacy Troubleshooting
Issue After scheduling a shutdown event, and trying to cancel it, you see an error: "Error:Text verification failed."   When trying to cancel a shutdown event, I'm prompted to input a CAPTCHA, but there is...
Is Liferay Affected by CVE-2023-49070?
legacy
Issue How can I mitigate vulnerability with CVE-2023-49070 regarding Liferay DXP? Environment All environments. Resolution Liferay does not use the Apache OFBiz, so Liferay is not impacted by this vulnerability....
Local Liferay Admin Users unable to authenticate when LDAP is Configured on Virtual Instance
legacy How To
Issue When a main Liferay instance and a second virtual instance are both connected to the same LDAP server, local Liferay admin users are unable to log in when the “Required” box is checked. In the case where the LDAP...
SAML IDP is unable to initiate SLO
legacy Troubleshooting
Issue SAML Identity Provider is unable to initiate Single Log Out Notes 1. Set the different virtual hosts as below as an example 127.0.0.1www.bbb.com (For IDP) 127.0.0.1www.sp.com (For SP) 2. Using thetest...
Records are not removed from samlspsession table if the user closes the browser instead of logging out
legacy Troubleshooting
Issue Records are not removed from `samlspsession` table if the user closes the browser instead of logging out. Steps to reproduce: 1. Setup two instances of Liferay to use SAML - one as IDP and one as SP....
Resource and Global scopes tabs are not listing under oAuth2 administration scopes
legacy How To
Issue I not see the Resource and Global Sub-tabs under the Scopes tab on Oauth2 clients (in Control Panel/ OAuth2 Administration) Environment 7.3+ Resolution After https://issues.liferay.com/browse/LPS-105158 the scope...
Can both Liferay and LDAP Password policies be enabled at the same time?
legacy
Issue Is there a way to make both of Liferay and LDAP policies work together, so that users logging via Liferay authentication will be handled by Liferay's password policies and users authenticating...
EU Login via OpenID Connect needs Proof Key for Code Exchange (PKCE)
legacy
Issue I would like to integrate my portal with an EU Login mock server instance via OpenID Connect It does not work since the OpenID connect server needs Proof Key for Code Exchange (PKCE) After configuration, when I am...
Authentication flow in Liferay when LDAP is enabled
legacy
Issue Liferay is configured to use LDAP When Liferay Authentication will happen? When LDAP Authentication will happen? Environment Liferay DXP 7.0 -7.4 Resolution LDAP authentication always happens before...
LDAP Import Enabled under SAML settings
legacy
Issue What is the actual functionality of LDAP Import Enabledunder SAML settings Environment Liferay DXP 7.2, 7.3, 7.4 SAML Resolution Checking LDAP Import Enabled under SAML settings affects 3 functions:...
I would like to control email notifications to Liferay strangers.
legacy How To
Issue How are strangers defined by Liferay? How can I control email notifications to strangers upon signup? Environment DXP 7.3+ Resolution The SAML property defining unknown users as strangers was introduced in DXP 7.3....
How to get rid of SSLHandshakeException?
legacy Troubleshooting
Issue When trying to access the site URL, the console displays the following exception, and the site is inaccessible. javax.net.ssl.SSLHandshakeException: Received fatal alert: handshakefailure...
Need to hide Liferay Auth token as it is visible in Page source
legacy
Issue When using the burp suite tool to intercept traffic, the Liferay Auth token is visible in the Page Source, which could make the environment vulnerable in the user's view. Environment Liferay DXP 7.0+ Resolution...