Search Results

All Results 435
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Security Statement on CVE-2019-11444: Disputed Groovy Script console vulnerability
legacy
Recently, a security vulnerability was filed in Mitre under CVE-2019-11444 arguing that attackers could allegedly use Liferay's Groovy script console to execute OS commands. Liferay disputes this issue because this is...
Liferay Security Development Overview
legacy
This paper provides an overview of the processes used during development and testing of Liferay products. Combined, these processes ensure that Liferay’s customers can have confidence in the security and ongoing...
Liferay DXP Application Security Features
legacy
This document provides an overview of application-level security features in Liferay DXP. It discusses transport security, encryption, web services, SSO, OAuth, and more.  The paper is available for download here.,...
Known Issue: Security Scan Shows Liferay as a Potential Sharepoint Vulnerability - False Positive
legacy Troubleshooting
Issue There may be some instances where a security scan shows Liferay having a potential Sharepoint endpoint vulnerability. Specifically, the security scan's warning may be related to the /_vti_inf.html file. This is...
Password is visible as a plain text in LDAP request
legacy Troubleshooting
Issue When intercepting the LDAP request using any third party tool(ex. Wireshark) password is visible as a plain text Environment Liferay 7.0 Resolution Enabling LDAP over SSL will transmit the credentials...
Whether to use OpenSSL
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue In...
AWS S3 Signature Version 2 Discontinued
legacy How To
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...
COOKIE_SUPPORT & GUEST_LANGUAGE_ID are not marked as Secure
legacy
Issue There are two cookies generated by Liferay DXP, COOKIE_SUPPORT & GUEST_LANGUAGE_ID, which is not marked as Secure. Environment Liferay DXP 7.1 + JBoss  Resolution This is related to the Web Server and Application...
User should be re-directed to the login page once the session expires
legacy How To
Issue Once the session expires, users remain on the same page on which they were already there until and unless they click on somewhere, then it redirects to the login page. Environment Liferay DXP 7.0 Resolution If...
Data Protection for Liferay Services and Software
legacy
This whitepaper describes the data protection policies of Liferay DXP and describes Liferay's approach to protect personal data in compliance with local regulatory requirements such as GDPR. The paper is available for...
Troubleshooting SAML Single Log Out when SLO fails
legacy Troubleshooting
Issue User is not logged out from Liferay SAML when the instance has expired. Liferay Session Timeout is set to 30 minutes and SAML Session is to 90 minutes. When SLO is triggered, the user is still signed in....
Known Issue: Browser Ignores Disabled Autocomplete Property for Saving User Login Information
legacy
Issue After setting company.security.login.form.autocomplete=false to disable autocomplete for user login information, the browser still permits users to save passwords or use password managers to manage password...
Existing users in Liferay can not login through SAML with "Screen name x must not be duplicate ..." error
legacy Troubleshooting
Issue If the user exists in Liferay (service provider), the user cannot log in through SAML due to duplicate screenname ERROR. 2019-04-23 04:29:45.758 ERROR [http-nio-18080-exec-7][BaseSamlStrutsAction:58] Screen name ccc...
Why does our internal server address appear when users authenticate against our SSO?
legacy
Issue When a user authenticates against an SSO they are redirected to the server they were logging into. As part of this both the SSO address and the server address appear in the URL for a brief time. This occurs...
How Can I Assign Roles to Users When Importing from LDAP?
legacy Troubleshooting
Issue When importing users to Liferay DXP from LDAP, they are not being assigned the roles I want them to have from my LDAP server. Environment Liferay DXP LDAP Resolution In Liferay DXP, Users are...
LFR_SESSION_STATE cookies are not marked as HttpOnly
legacy
Issue LFR_SESSION_STATE cookies are not marked as HttpOnly Environment Liferay DXP, Liferay 6.2 Resolution This is not a security issue because this cookie is created and used in session.js which is the portal's Javascript. ...
Lodash Security Vulnerability in Theme Dependencies
legacy
Issue In the Liferay theme dependencies, Lodash versions 3.10.1 and below are used extensively as dependencies throughout. Versions of Lodash prior to 4.17.5 suffer from a security risk: CVE-2018-3721...
Generating SAML Metadata with HTTPS
legacy How To
Issue This article documents how to generate a SAML metadata XML file that also has HTTPS enabled. Environment Liferay Portal 6.2, DXP 7.0, DXP 7.1 Any web server  Resolution In order to generate a SAML metadata.xml...
Why are user accounts shared when I have multiple LDAP servers configured?
legacy Troubleshooting
Issue When a Liferay DXP bundle is configured to communicate with two or more LDAP servers there can be issues with user importing and users logging in. Example: If Liferay DXP is communicating with two LDAP...
Updated Email Addresses in LDAP are not Imported to Liferay DXP 7.0
legacy How To
Issue This article documents a product limitation and a possible workaround for importing a user whose email address was updated in LDAP into a Liferay DXP instance. Environment Liferay DXP  LDAP server Resolution This...