Search Results

Issue Navigating to to the login page /c/portal/login on the SP throws a 500 error when already logged in through SAML. Environment DXP 7.3 DXP 7.4 Resolution This is a known issue affecting DXP 7.4 U80 and lower and some DXP 7.3 versions. Please upgrade to a more recent release or open...

Issue If there is any problem related with the way two-factor is working or do you simply want to deactivate it for some reason. Environment Liferay DXP 7.4 2023 Q1 - 2023 Q4 2024 Q1 Resolution There are two ways to enable or disable the multi-factor authentication: Through the portal,...

Issue The users who were imported from LDAP cannot modify their passwords from My Account. Environment All Liferay DXP environments Resolution Make sure that LDAP Export option is enabled. Ensure that the credentials used to connect from Liferay DXP to LDAP have sufficient permissions to...

Issue Can you backport GDPR-compliant 3rd party cookie handling to 7.3 SP3?  Environment The feature got implemented in DXP 7.4.13-u66. Backporting this feature to 7.3 is not feasible. Resolution There are 3 options available: Upgrading to a version which contains the required feature...

Issue At the moment, we are using LDAP server connection to authenticate our users. Our question is: in which moment the query to authenticate users is executed? More exactly, when the field 'Authentication Search Filter' is applied? We are using as 'Authentication Search Filter' this...

Issue A Web Server before the Liferay environment is configured with Basic Auth. Liferay uses a Client Extension (CX) that makes a request to a Liferay API using OAuth. When the page using the CX is loaded, the Web Server keeps asking for the basic credentials, even after they've been...

Issue Can we use Azure Key Vault with DB setup configuration in Liferay instead of having it in plain text in the properties file? Is there any way to configure the DB in Liferay using Azure Key Vault? How we can use Azure Key Vault to store the DB username and password and read it...

Issue Receiving unwanted email notifications like "Your email account abc@xyz.org.in was signed into from a new location, device, browser, or application" from GoDaddy. Below are the details received:   From: GoDaddy <donotreply@godaddy.com> Sent: Monday, May 27, 2024 11:42 AM To: ABC...

Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue Regarding the vulnerability in Apache tomcat regarding sending...

Issue Some monitoring tools may identify certain URLs that are accessible during routine scans that should not have allowed access. Among the URLs that are typically detected are URLs that can download Liferay's JS (JavaScript) to the equipment being accessed. For example, if you inject...

Issue When trying to access a user's private page, we are transferred to a "404 Page Not Found" error page instead of the Login page that we were expecting.  Environment DXP 7.4 Quarterly Release Resolution Not being able to access a user's private pages is the expected behavior despite...

Issue We would like to understand the formatting of passwords as they're saved in Liferay. What algorithm, salt, and hash format is being used to store passwords?  Environment DXP 7.1 Resolution Example Password: {PBKDF2WABCDMAEFGH1}ABCDoABC/ABCD644e/XY3ZAbcde8hI0jKLOnBcEE7U7TuuV The...

Issue Service Organization Control (SOC) -1 Type 2 report for auditing purposes. Environment Liferay DXP Resolution The SOC-1 report focuses on financial controls and their evaluation and this reporting is not applicable in the Liferay context. Therefore, Liferay does not make this type...

Issue Liferay's OpenID Connect implementation does not account for language variations for ui_locales. For example, Selecting English (United States) on Liferay sets ui_locales to en. Selecting Chinese (either Traditional or Simplified) sets ui_locales to zh. In this example, we would...

Issue A blank intermediary page (showing "Please select your identity provider" title and /portal/c/portal/login?redirect=%2Fportal%2F&refererPlid=[sanitized]&p_l_id=[sanitized] URL) is being seen even with the hotfix installed (with fix LPS-172619) and the...

Issue How do you disable CAPTCHA on pages? Site Administration pages like the Gogo Shell now have a CAPTCHA verification. How do you disable CAPTCHA on pages? Adding “-1” (Never Check), doesn’t work. Previously, CAPTCHA could be “disabled” by navigating to Control Panel → Configuration →...

Issue Security vulnerability CVE-2024-28752 details a SSRF vulnerability with the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3, and 3.5.8, which would allow an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of...

Issue When importing users by Groups and enabling ‘Creating Roles on Import’, the roles and groups will be created/imported, but the users are not imported. Error reads PermissionChecker not initialized after scheduled LDAP import. I’m connected to my LDAP server, all tests are working,...

Issue A critical remote code Backdoor vulnerability was discovered on the open source XZ utils. This is CVE-2024-3094 with a maximum CVSS3 score of 10.0 Environment Liferay DXP 7.4 Resolution The Docker images, or DXP, are not vulnerable. Our Docker images use Ubuntu Jammy, and in the...

Issue I cannot embed widgets on another site (with a different domain) even though I have the checkbox "Allow users to add <portlet> to any website" enabled. "<Hostname> refused connection" error may be seen.  Environment Liferay DXP 7.3 Resolution Currently, the checkbox "Allow users to...