Search Results

All Results 435
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Tomcat Vulnerability Impact (CVE-2023-28708)
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...
Service Organization Control (SOC) -1 Type 2 report
legacy
Issue Service Organization Control (SOC) -1 Type 2 report for auditing purposes. Environment Liferay DXP Resolution The SOC-1 report focuses on financial controls and their evaluation and this reporting is not...
Liferay's OpenID Connect implementation does not account for language variations for ui_locales
legacy
Issue Liferay's OpenID Connect implementation does not account for language variations for ui_locales. For example, Selecting English (United States) on Liferay sets ui_locales to en. Selecting Chinese (either Traditional...
A blank SAML redirect screen is seen even with redirect message disabled
legacy
Issue A blank intermediary page (showing "Please select your identity provider" title and /portal/c/portal/login?redirect=%2Fportal%2F&refererPlid=[sanitized]&p_l_id=[sanitized] URL) is being seen even with the hotfix...
LDAP import PermissionChecker not initialized
legacy Troubleshooting
Issue When importing users by Groups and enabling ‘Creating Roles on Import’, the roles and groups will be created/imported, but the users are not imported. Error reads PermissionChecker not initialized...
Security Issue: CVE-2024-28752 - Apache CXF
legacy
Issue Security vulnerability CVE-2024-28752 details a SSRF vulnerability with the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3, and 3.5.8, which would allow an attacker to perform SSRF style attacks...
Unable to get OpenID Connect's link to work after upgrading to a Quarterly Release
legacy Troubleshooting
Issue After upgrading to Quarterly Release 2023.Q3.4 from DXP 7.3, we've found that OpenID Connect is no longer working. The button is no longer populating within the UI even after enabling it using this article:...
Multi-Factor Authentication via SMS
legacy
Issue We want to set up MFA via SMS without using any external Apps. Is this possible with Liferay out-of-the-box? Environment Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Resolution MFA by SMS is not...
[T003] Open redirect in /c/document_library/find_folder with DNS rebinding vulnerability
legacy Troubleshooting
Issue Medium threat found during the performance testing: [T003] Open redirect in /c/document_library/find_folder with DNS rebinding Environment Liferay Quarterly release Resolution The reported concern has been...
Embedding videos using basic web content
legacy Troubleshooting
Issue When we try to embed a video using <iframe> tags, during the creation the video displays, however after publishing the content and editing it again, the video is not displayed anymore and the source is updated...
Is Liferay DXP affected by CVE-2024-38286?
legacy Troubleshooting
Issue Is Liferay DXP affected by CVE-2024-38286? CVE-2024-38286 is an Apache Tomcat vulnerability wherein Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by...
SCIM API is not working as expected to link existing users to SCIM Client
legacy
Issue I'm unable to use the PUT API to update users as linked to the SCIM Client. I'm not able to add new users and then update them using the PUT API linking them to the SCIM client. Environment 2024.Q1+ Resolution...
Password for LDAP and Liferay users should not expire
legacy Troubleshooting
Issue After integrating Liferay with the LDAP server for users, the passwords for the users are expiring after some time and are required to be reset again. Is there any way for the passwords to never...
Enabling SSO for our Liferay Console prevents logging in with email and password
legacy
Issue After enabling SSO for our Liferay Console, we are no longer able to log in with email and password.  Environment DXP 7.4 Resolution This is expected behavior, as per the Official documentation for SSO: "The first...
Resolving 401 Errors When Using Authorization Bearer Tokens in RestBuilder APIs
legacy Troubleshooting
Issue When making calls to a REST API service created with RestBuilder that includes the Authorization Bearer token header, the responses often return a 401 Unauthorized status. However, when the same service is...
High CPU and memory use with stacktraces associated to password encryption
legacy Troubleshooting
Issue The environment starts using a large amount of CPU and also memory. Reviewing thread dumps taking during that time, there are many threads associated to PBKDF2PasswordEncryptor.encrypt, such as:...
Enabling real-time antivirus scanning without asynchronous background scans
legacy How To
Issue We would like to enable real-time antivirus scanning for uploaded files but disable asynchronous background scanning of the document library. The issue arises because: Enabling...
Enabling both Liferay's default login and SAML login so that users can use either option
legacy How To
Issue I would like to configure and enable SAML login while also having Liferay's default login available to users so that they can have two options for logging in. Environment DXP 7.4+ Quarterly Release Resolution...
Is Session Prediction Possible in Liferay
legacy
Issue Is it possible an attacker could predict the JSESSIONID and gain unauthorized access, referencing an example from a 'Session Prediction' article? Explanation of Issue Using the "Catalog" Page in Postman: If a...
Is Liferay Vulnerable to CVE-2023-45960?
legacy
Issue I would like to know if Liferay is vulnerable to CVE-2023-45960?  Is Liferay affected by CVE-2023-45960? Environment Quarterly Release 2024.Q1.7 Resolution The NIST listing for CVE-2023-45960 has been withdrawn and...
Obfuscating property values and rendering them as asterisks(*****) in the Control Panel.
legacy How To
Issue Certain property values need to be hidden in the Control Panel.  Environment DXP 7.4 Resolution To obfuscate the value of a portal property and have it appear as a string of asterisks (****) in the Control Panel,...
Vulnerable JavaScript dependency Bootstrap-select 1.12.4
legacy
Issue The version of bootstrap-select 1.12.4 is vulnerable to attacks. To overcome this, bootstrap-select should be upgraded to a non-vulnerable version. Environment Liferay DXP 7.3  Resolution Liferay does not...
CVE-2022-23305, CVE-2022-23307, and CVE-2017-5645
legacy Troubleshooting
Issue This article outlines the concerns of CVE-2022-23305, CVE-2022-23307, and CVE-2017-5645 vulnerabilities with respect to the Liferay DXP Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Liferay DXP...
Error when configuring SAML in a clustered environment for the first time
legacy Troubleshooting
Issue When configuring SAML in a clustered environment and entering the configuration Idp connection an error is shown: java.lang.RuntimeException: java.lang.NullPointerException at...
The birthday is reset to {01/01/1970} on LDAP import
legacy Troubleshooting
Issue Every time a user is logged in, the birthday is automatically updated to the default value {01-01-1970}. We configured the LDAP server in Instance Settings. Environment Liferay DXP 7.2 Liferay DXP 7.3...
Known vulnereabilities in jackson-databind-2.9.6
legacy Troubleshooting
Issue apio-architect-impl has a dependency of jackson-databind-2.9.6 which has the following known vulnerabilities: CVE-2018-19362 CVE-2018-19361 CVE-2018-19360 CVE-2018-14721 CVE-2018-14720 CVE-2018-14719...
Apache Log4j 1.x has reached its end-of-life
legacy
Issue Log4j 1.x has reached end-of-life status: https://blogs.apache.org/foundation/entry/apache_logging_services_project_announces Environment Liferay DXP 7.0  Liferay DXP 7.1 Liferay DXP 7.2  Liferay DXP 7.3 ...
javax.portlet.PortletException: java.lang.IllegalStateException: getAttribute: Session already invalidated error
legacy
Issue Why does this error gets triggered? What would be the cause? INFO  [http-nio-8080-exec-2573][CustomLoginPortlet:726] url redirect = https://xxxx/group/yyyy ERROR [http-nio-8080-exec-2573][PortletServlet:112]...
Getting mixed content on the portal
legacy Troubleshooting
Issue After enabling SSL and routing the domain, getting mixed content on the portal that is the pages in the https://www.abc.in referring the http://www.abc.in for the stylesheet, javascript, and henceforth....
Browser console error : The connection used to load resources from https://www.xxx.yyyy used TLS 1.0 or TLS 1.1, which are deprecated and will be disabled in the future
legacy Troubleshooting
Issue Browser console error as "The connection used to load resources from https://www.xxx.yyyy used TLS 1.0 or TLS 1.1, which are deprecated and will be disabled in the future. Once disabled, users will be prevented...
Force Basic and Force Digest Auth option are not honored
legacy Troubleshooting
Issue Steps to reproduce: Configure Digest Authentication: System Settings > API Authentication > Digest Authentication: Force Digest Authentication: True Enabled: True Hosts Allowed: n/a URLs Excludes: n/a URLs...
Error signing via SAML: com.liferay.saml.runtime.exception.AudienceException: Unable verify audience
legacy Troubleshooting
Issue Liferay is configured as a SAML Service Provider. When trying to sign in to Liferay it is not possible and the following error is shown in the logs: 2022-01-20 11:50:38.554 ERROR [default...
Session logs out intermittently after being redirected by the payment link
legacy Troubleshooting
Issue After being redirected by the payment link, the session logs out. Steps to reproduce : 1. Login in Liferay. 2. Call the API in Postman. Request parameters are attached (SSL Commerz Request Parameters.txt)...
Access revoked after task assignment to another user
legacy How To
Issue Once the user assigns the task to another user, then the previous user loses access to that task and is unable to see that in the 'Assigned to my roles' tab of 'My workflow Tasks'. Steps to reproduce: 1....
A simple example and key factors to check when testing custom OAuth 2.0 applications
legacy How To
Issue You have created an OAuth 2.0 application and would like to set up the minimum configuration to be able to test it. This article provides a simple example that could be adapted to your needs....
OpenID Connect Client Secret field must be filled
legacy Troubleshooting
Issue I configured an OpenID Connect Provider Connection. When I try to login using the OpenID  Connect Client Name, I get an internal server error. In logs, a java exception is thrown: WARN [http...
Residual risk after limiting the usage of unsafe-eval and unsafe-inline
legacy
Issue Can the derivatives unsafe-eval and unsafe-inline be exploited? If yes, how it is done? What is the residual risk associated with this? Can Content Security Policy (CSP) be resolved by adding a reverse...
Remove extend_session for Guest users
legacy
Issue Guest users should not be able to see the extend_session message in the browser once the session has expired. Environment Liferay DXP [7.1-7.4, Quarterly Releases] Resolution Post observing the time...
CVE-2013-3587- enable of HTTP compression
legacy Troubleshooting
Issue Security vulnerability CVE-2013-3587 details a breach attack that is possible with the enable of HTTP compression and Deflate. Steps to see the behvaior: Navigate to any of the pages on the Liferay server....
Unable to embed widgets even with "Allow users to add to any website" enabled
legacy Troubleshooting
Issue I cannot embed widgets on another site (with a different domain) even though I have the checkbox "Allow users to add <portlet> to any website" enabled. "<Hostname> refused connection" error may be seen. ...