Search Results

All Results 435
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
CVE-2021-27568 json-smart v2 through v2.4
legacy Troubleshooting
Issue Steps to Reproduce: The json-smart.jar's can be found here:...
How to Configure Liferay DXP with Multiple IdPs (OKTA via SAML and OIDC)
legacy How To
This article documents the way to configure Liferay DXP 7.x as a Service Provider working with two SSO protocols (Okta using SAML 2.0 and Google OpenID Connect). The basic configuration can be achieved within Liferay out of...
How to kill the session on browser (tab or window) close?
legacy Troubleshooting
Issue The user session should be terminated immediately if they close the browser tab or window. Environment DXP 7.0 + Resolution Liferay maintains the session of 30 minutes by default and Liferay doesn't provide any...
Reset Connection option is missing on the License page in DXP 7.3
legacy Troubleshooting
Issue The reset connection option is missing on the License page in DXP 7.3 which is available on the previous releases. Environment Liferay DXP 7.3 GA1 Resolution This is a known limitation of the product that might...
Disable password verification for SSO users
legacy How To
Issue When changing the screen name or email address of a user, the portal now requires a password verification. This was not a requirement for previous versions of Liferay. Environment DXP 7.3+ Resolution This is a...
I cannot create new Virtual Instance with error Screen name must not be null
legacy Troubleshooting
Issue When I try to create a new Virtual Instance, the portal displays the error "Your request failed to complete". The portal log shows the following error: ERROR [default...
Importing LDAP settings through osgi/config files does not import password
legacy
Issue LDAP settings can be imported into the Liferay environment using osgi/config files These settings are imported into System Settings, and can then be configured for an individual instance in Instance Settings When...
Content-Security-Policy Header Integration
legacy
Issue How can a CSP (content security policy) HTTP header that enables only specific external resources to be loaded in the frontend be implemented? Environment Liferay DXP 7.2 Resolution CSP is not currently...
HTTP Strict Transport Security (HSTS) Header Not Used
legacy How To
Issue The HSTS header cannot completely defend against man-in-the-middle attacks. However, it can be useful in defending against an attack in which an attacker establishes an encrypted connection to the application and...
Verbose Error Messages
legacy How To
Issue The name of the technologies used, such as Apache Coyote, Tomcat, etc. are visible. Environment Liferay DXP 7.2, DXP 7.3 Resolution  Each application is responsible for allowing its information to be displayed...
Known Vulnerabilities with Liferay AntiSamy
legacy Troubleshooting
The following issue may compromise the security of your Liferay Digital Experience Platform implementation.  Vulnerability Information The Liferay AntiSamy app depends on third party libraries that have known...
Avoid or allow that some applications can be dynamically displayed in a page
legacy How To
Issue The permissions system for an application (portlet) includes a security check when the application is going to be displayed in a page. Normally, the users should not be able to see applications if the...
Replacing NTLM SSO with Kerberos in Liferay Portal 6.2
legacy How To
Issue NTLM SSO protocol has some vulnerabilities addressed by Microsoft in CVE-2020-1472 (external link), forcing to use the secure RPC connection. See also How to manage the changes in Netlogon secure channel...
Unable to upload file bigger than 10MB with ClamAVSizeLimitException after enabling Antivirus
legacy Troubleshooting
Issue Unable to upload a file bigger than 10MB after enabling antivirus with the following error in the log 2021-07-19 08:35:43.476 ERROR [http-nio-8080-exec-9][PortletServlet:119] javax.portlet.PortletException:...
Known Vulnerabilities with Liferay Fjord Theme and 1975 London Theme
legacy Troubleshooting
The following issue may compromise the security of your Liferay Digital Experience Platform implementation.  Vulnerability Information The Liferay Fjord Theme and Liferay 1975 London Theme depend on third party...
/c/ redirects to login page
legacy
Issue When the user tries to access the URL: 'http://localhost:8080/c/', even if the 'c' page doesn't exist, it redirects to the login page instead of a 404 page not found. Environment Liferay DXP [all versions]...
Log messages for Stored XSS vulnerabilities
legacy Troubleshooting
Issue We would like to know whether there are any strings to search for in log files, to check if any of the following vulnerabilities have been exploited in our environment? LSV-1237 / CVE-2023-42628 LSV-1236 /...
Can we obfuscate HTML of the sites?
legacy
Issue I would like to increase our protection from man in the middle attacks by obfuscating our site's HTML. Is there a method for this already implemented in Liferay? Environment DXP 7.0+ Resolution There is no...
Error "Invalid site key" when using reCAPTCHA v3
legacy Troubleshooting
Issue When configuring reCAPTCHA v3 and testing it on the "Forgot Password" page, the following error message is reported: "ERROR for site owner: Invalid site key". Environment Liferay DXP 7.2+ Resolution Liferay...
Error: Only known users are allowed to sign in using OpenID Connect.
legacy Troubleshooting
Issue You might encounter an error when using OpenID Connect, and users who are not yet been registered to Liferay are unable to login as they are identified as strangers. The error appears as the...
X-Xss-Protection response header is not working in DXP 7.4
legacy
Issue To enable X-Xss-Protection, add the below property in system-ext.properties http.header.secure.x.xss.protection=1; mode=block and restarted the server. But it is not working in the Liferay. Environment...
Is SELinux compatible with Liferay DXP 7.4?
legacy
Issue Is SELinux configuration compatible with Liferay DXP 7.4? Environment Liferay DXP 7.4 Running on one of the supported Operating Systems Resolution It is possible to set up SELinux to work with Liferay DXP 7.4 It is up to...
Insecure Cross Document Messaging
legacy Troubleshooting
Issue Cross Document Messaging (also known as Web Messaging) introduced the postMessage() method, with which plaintext messages can be sent cross-origin. It consists of two parameters: “message”, and...
CSP headers are not working on DXP-7.4
legacy Troubleshooting
Issue Trying to attempt to work with the CSP feature, which is present in update 90 under feature flags, but users are still experiencing issues where they are unable to edit the page and it is continuously...
High CPU utilisation while using script to login users continuously
legacy Troubleshooting
Issue Facing high CPU utilization while logging-in high number of users per minute continuously (24x7) using username-password authentication, mostly while fetching data using some scripts. Environment Liferay DXP...
Is Liferay vulnerable to CVE-2023-40371 and CVE 2023-38408?
legacy
Issue Is Liferay vulnerable to any of these vulnerabilities? Environment DXP 6.2+ Resolution No, Liferay is not vulnerable to any of these two. Neither CVE relates to any Liferay features, so they do not...
Not Found page seen instead of Login Prompt when logged out and navigating to private pages
legacy How To
Issue When not logged in, and user attempts to navigate to private page's URL, instead of being prompted to log in, a 'Not Found' page is seen instead. Environment DXP 7.4 Resolution In DXP 7.3, when users are not logged...
Users see the message "Redirecting to your identity provider" before redirecting to OKTA login screen
legacy Troubleshooting
Issue The guest user observed the message "Redirecting to your identity provider" showed up before the OKTA user login screen showed up. The behavior just happened after upgrading the environment to 7.4 Update 56. We don't...
How to protect against the vulnerabilities related to SnakeYaml in version 1.27
legacy Troubleshooting
Issue How can I mitigate vulnerability CVE-2022-38749, CVE-2022-38750, CVE-2022-38751 and CVE-2022-38752 regarding Liferay DXP? Environment Liferay Portal 6.2 EE Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2...
Vulnerability in Apache Tomcat (CVE-2023-46589)
legacy Troubleshooting
Issue This security vulnerability (CVE-2023-46589) has been reported, and it is fixed in Tomcat 9.0.83. However, our current Liferay DXP 7.4 update 67 has a 9.0.71 Tomcat version. Environment Liferay DXP 7.4...
Obfuscating property values and rendering them as asterisks(*****) in the Control Panel.
legacy How To
Issue Certain property values need to be hidden in the Control Panel.  Environment DXP 7.4 Resolution To obfuscate the value of a portal property and have it appear as a string of asterisks (****) in the Control Panel,...
Liferay 6.2 EE 173 and CVE-2024-25145
legacy
Issue We have found the following article CVE-2024-25145 Stored XSS with search results if highlighting is disabled, however it does not specify whether Liferay 6.2 EE 173 is affected or not. Environment Liferay 6.2 EE...
Email are not sent from Liferay when Office365 is used as the server
legacy Troubleshooting
Issue Emails are not sent out from Liferay In the log, we see the following error: liferay[liferay-7] [dxp] ERROR [liferay/mail-6][MailEngine:74] Unable to send message: 535 5.7.139 Authentication unsuccessful, the...
OpenID Connect Error - "Signed JWT rejected" with CAS
legacy Troubleshooting
Issue When configuring authentication using OpenID Connect, login fails and the following error is reported: Unable to validate tokens: Signed JWT rejected: Another algorithm expected, or no matching key(s) found...
Is there a way to bypass CAPTCHA without having to disable it?
legacy How To
Issue We will do some Automation tests in our QA environment and would like to know if it is possible to bypass CAPTCHA using configuration settings without having to disable it. Environment Liferay DXP 7.4...
Can SAML be used to send an attribute that can be used to assign site roles?
legacy
Issue Currently, SAML is not designed to be utilized to send an attribute that can be used to assign site roles. Environment Quarterly Releases Resolution This is an ongoing task, LPD-6336, for Liferay. Liferay is...
Getting 'DuplicateSamlIdpSsoSessionException' in the Debug Logs
legacy Troubleshooting
Issue Users are facing intermittent login issues in the SAML environment; however, the below error is observed frequently in their log files: DEBUG [default task-73687][BaseSamlStrutsAction:61] null...
Security Vulnerability CVE-2023-28708
legacy How To
Issue This security vulnerability (CVE-2023-28708) has been reported, and it is fixed in Tomcat 9.0.72. However, our current Liferay DXP 7.3 SP1 has a 9.0.40 Tomcat version. Environment Liferay DXP 7.3 Resolution...
/language showing 403 forbidden url
legacy Troubleshooting
Issue When the user tries to access the URL: 'http://localhost:8080/language', even if the language page doesn't exist, it shows a 403 Forbidden error on UI instead of a 404 page not found. Logs error: ERROR...
Vulnerable JavaScript dependency Bootstrap-select 1.12.4
legacy
Issue The version of bootstrap-select 1.12.4 is vulnerable to attacks. To overcome this, bootstrap-select should be upgraded to a non-vulnerable version. Environment Liferay DXP 7.3  Resolution Liferay does not...