Search Results

All Results 57
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Liferay PaaS - How many custom SSL Certificates can we use?
legacy
Issue We want to upload our own custom SSL Certificates. How many custom certificates can we add?   Environment Liferay PaaS   Resolution As documented in Network Configuration for PaaS, you can upload maximum 14 of...
Residual risk after limiting the usage of unsafe-eval and unsafe-inline
legacy
Issue Can the derivatives unsafe-eval and unsafe-inline be exploited? If yes, how it is done? What is the residual risk associated with this? Can Content Security Policy (CSP) be resolved by adding a reverse...
Remove extend_session for Guest users
legacy
Issue Guest users should not be able to see the extend_session message in the browser once the session has expired. Environment Liferay DXP [7.1-7.4, Quarterly Releases] Resolution Post observing the time...
Github Copilot in Liferay IDE
legacy
Issue Is Github Copilot supported with Liferay IDE? Environment Liferay IDE / Liferay Developer Studio Resolution Liferay does not recommend or allow AI-generated code to land in their codebase. However, if someone...
Which database table should stores the URL of the embedded page
legacy
Issue User creates an embedded page, so the URL under the Layout section will be present in which database table and column. Steps to follow: 1. Start the server. 2. Navigate to the Site Menu > Pages. 3. Create a...
Files uploaded with Guest view permission - Forms Upload field
legacy
Issue When a document is added in the Form Upload field it will have 'Guest view' permission. When a document is added directly in the Document and Media library it will NOT have 'Guest view' permission. Is there a...
Security Issue: CVE-2024-28752 - Apache CXF
legacy
Issue Security vulnerability CVE-2024-28752 details a SSRF vulnerability with the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3, and 3.5.8, which would allow an attacker to perform SSRF style attacks...
Role with permission to view private page cannot view page without site membership
legacy
Issue Within a site with only private pages, a user who is not member of the site but has permission to access and view a private page via some regular role cannot access that private page. Environment Quarterly...
Asset Publisher shows the webcontent folder instead of articles
legacy
Issue Web contents are listed in their respective folders Steps to reproduce: 1. Start the server 2. Navigate to Content & Data > Web Content. 3. Create a Structure (say str-1) using 3 text fields. 4. Create 3...
Bandwidth of Liferay PaaS environments
legacy
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue It is required to know the bandwidth of Liferay PaaS...
Exporting Data through Analytics Cloud API does not return valid JSON
legacy
Issue Export data based on Requesting a Data Export It will download a zip file for you with a JSON file Open the JSON file with a text editor Result: The data format is not valid JSON.   Environment Liferay DXP 7.0+...
Users assigned tasks in the workflow can continue to approve or reject them even after their roles are removed.
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us....
To be able to generate a URL of a Publication so that a reviewer can see a publication without logging in
legacy
Issue Require a feature that allows to send a link to those who are not registered users on the platform in order for them to view a publication. Environment Liferay DXP [all versions] Resolution This requirement...
When editing the code editor in the dispatch details tab, is it possible to register in JSON format?
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us....
Category filter value in a page URL should not change when filtering categorized web content in a collection display fragment after republishing the page
legacy
Issue When I filter categorized web content in a Collection Display Fragment the page URL includes a category filter value. If the page is republished without making any modifications, the category filter value...
The folder structure in the downloaded backup is different from the folder structure in Liferay Service Shell
legacy
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue The folder structure in the downloaded backup is different from the...
Auditing of Site Memberships: Adding/Unassigning UserGroupGroupRoles
legacy
Issue We have found that groups of users are able to assign and unassign site roles to User Group memberships. Is there a way to audit role assignment changes? Environment DXP 7.4 Resolution As of now, there is no...
Changes in one node cause the dropping of the same entry in another node's cache
legacy
Issue  It has been observed  that when a user makes an update of the cache in one node, it removes that entry from the cache in other nodes.   Environment DXP 7.4 Resolution This is an expected behavior. When an entity...
CVE-2020-28885 and CVE-2020-28884
legacy
Issue We would like to know about Liferay's vulnerability to CVE-2020-28885 and CVE-2020-28884. The CVE's claim that it is a vulnerability for an Administrator User to be able to inject commands through the Gogo Shell...
'Questions' portlet not available in Type facet configuration
legacy
Issue  Unable to filter for "Questions" portlet in "Type Facet" configuration Environment Liferay DXP 7.3 Liferay DXP 7.4 Resolution This is intended behavior of Liferay Type Facet narrows search results down to...
Is Liferay vulnerable to CVE-2023-40371 and CVE 2023-38408?
legacy
Issue Is Liferay vulnerable to any of these vulnerabilities? Environment DXP 6.2+ Resolution No, Liferay is not vulnerable to any of these two. Neither CVE relates to any Liferay features, so they do not...
Is there any risk in the time zone change?
legacy
Issue We want to change the time Zone from GMT+2 to GMT+3. Does this change have any impact or risk on the production environment?   Environment Liferay DXP 7.2   Resolution Our suggestion is not to change...
HTML Injection in the Classic Search Portlet (Legacy)
legacy
Issue Our security tool identified HTML Injection issue. Reproduction Steps: 1. Start up Liferay DXP 7.4 Update 62 2. On the home page, add a widget "Search". 3. In the address bar, enter the URL...
Asset Publisher widget configuration saves by itself
legacy
Issue The Asset Publisher widget configuration saves itself when changing the Asset Selection Environment Liferay Portal EE 6.2 Liferay DXP 7.0+ Resolution  This is the expected behavior of the Asset Publisher...
Does Liferay support more than one SAML connection?
legacy
Issue Can Liferay connect to more than one Service or Identity Provider? Environment  DXP 7.0  DXP 7.1  DXP 7.2  DXP 7.3  DXP 7.4 Resolution Yes, Liferay does support more than one SAML or Identity Provider...
Does having a script in the Analytics section qualify as a potential XSS vulnerability?
legacy
Issue We can put Javascript code in the Matomo (DXP 7.4) or Piwiki (DXP 7.0-7.3) field where the code can be executed on every other page Go to a Site's Configuration -> Site Settings -> Analytics Under the...
Unable to delete all public pages in the default site 'Guest'
legacy
Issue When I try to remove the last public page in 'Guest' site, the 'Delete' option is missing from the Options Menu. It is not possible to revoke View permission for Guest users either because the option appears...
Supported favicon file formats
legacy
Issue Which favicon file formats are supported in Liferay DXP? Environment Liferay DXP 7.4 Resolution Common file formats such as ICO and PNG are supported, as are JPG, GIF and SVG files. This is highly dependent on a...
User Creation and Migration with Limited Attributes and Information
legacy
Issue When migrating existing users from an old system to Liferay, there are user requirements posed by Liferay (screen name, email address, first name, and last name). Old systems may not have all the information...
SOC (Security Operations Center) and Threat Monitoring in Liferay SaaS and Liferay PaaS
legacy
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue Does Liferay have a SOC (Security Operations Center) team and...
When creating a publication it generates many records
legacy
Issue When creating a publication it is generating many records, even when there is only one change. Is it an expected behavior of the portal? Environment Liferay DXP 7.4 Resolution This would be an expected...
Using a Display Page Template for a Blog that has its own scope (page scope)
legacy
Issue We have created a normal content page and we have added a blog widget to the page. That blog widget has its own scope. So any blog posts/content that has been created is stored in that scope. However, when a user...
Pressing tab skips the contents of the Navigation Menu
legacy
Issue I would like to switch between interactive objects in a Liferay Page, using the Tab button. However, User-created pages in the navigation menu are skipped when pressing the Tab button. Environment DXP 7.3, DXP 7.4...
0Auth2.0 issues new token every time even before token's expiration time
legacy
Issue The access_token expiration default is set to 10 minutes. When invoking the /oauth2/token before the previous token expires, a brand new token is issued instead of the original token.  Environment DXP 7.4...
How to configure Google Merchant
legacy
Issue In Global Menu → Control Panel → CONFIGURATION → System Settings → COMMERCE there is the Google Merchant option with two configurations:  Product Definition System Configuration SFTP Upload Configuration I...
Does having a script in a fragment qualify as a potential XSS vulnerability?
legacy
Issue We can put Javascript code in a fragment's HTML section where the code can be executed, when the fragment is opened, like <img src=x onerror="alert(document.cookie)"> Can that be a vulnerability to...
Does having a script in a button fragment qualify as a potential XSS vulnerability?
legacy
Issue We can put a Javascript code in the Button fragment's URL field, so it can be executed when we click on the button, like javascript:alert(document.cookie) Can that be a vulnerability to Cross Site...
When moving a web content to another folder, the modification date of the web content is updated
legacy
Issue When moving a web content from a folder to another, the modification date of all versions of the web content are updated. Is this an expected behavior? Environment Liferay DXP 7.2 Liferay DXP 7.3 Resolution...
Unable to save home page, must use unique friendly url
legacy
Issue Cannot save a public and private page with the same Friendly URL on DXP 7.3. Upon saving you get the following error: Please enter a unique friendly URL. Environment DXP 7.3  Resolution This is an intended...
Categories displaying ID in URLs
legacy
Issue When using a Category Filter with an Asset Publisher in my Portal, when selecting the category, my URL displays the ID of that category instead of its name. Is it possible to configure my URL so that it displays...