Capability

Security

検索バー

Liferay DXP is built with security in mind. A variety of standards based authentication methods and integrations can be used to ensure secure access to a site and its resources. Robust role-based access control with permissions gives you fine grained control over what authenticated and unauthenticated users can access, share, or edit. Liferay DXP’s web services also have a multi-layered and configurable approach to security and authorization.

Feature
Deployment Approach
Is Liferay vulnerable to CVE-2024-38819: SpringFramework (spring-core-5.3.39)?
legacy
Issue CVE-2024-38819: Path traversal vulnerability in functional web frameworks (2nd report) is related to the usage of WebMvc.jar. Is Liferay vulnerable to this vulnerability? Environment Liferay DXP 7.3...
Liferay instance node going into hang mode - Failed to validate connection
legacy Troubleshooting
Issue Liferay instance node goes into hang mode and the following error appears: HikariPool-1 - Failed to validate connection ... (This connection has been closed.) ... Possibly consider using a...
What is Synchronous Database Replication and how does It enhance Data Consistency in Liferay?
legacy
Issue What is Synchronous Database Replication and how does It enhance Data Consistency in Liferay? Environment Liferay DXP 7.4 Resolution Synchronous database replication is used in Liferay and it is a...
Multilingual PDF search indexing fails with web content
legacy
Issue Why does the main document entry contain only the metadata and not the content of PDFs? Is it possible to add the content of PDFs along with the metadata of PDFs in the main document entry? Steps to...
Vulnerabilities reported in classes generated by Liferay Service Builder
legacy Troubleshooting
Issue While performing security scans, there are vulnerabilities found in custom classes that are generated by Liferay Service Builder. Environment Liferay DXP 7.4 Resolution Sometimes, these warnings are...
Is there a release date for implementing the Content Security Policy (CSP) at Liferay?
legacy
Issue If CSP is in beta mode, how is Liferay protecting its system from vulnerability? Is there a timescale for when the CSP will be fully deployed in the portal? Once the CSP has been successfully implemented,...
Is it feasible to hide fields in the upload Section of Document and Media?
legacy How To
Issue Is there an OOTB feature to hide the following fields in the Document and Media Upload section? Document Type Display Page Categorization Expiration Date Friendly URL Related Assets Permissions Environment...
Updating Custom Account Entry Fields Fails for Person Accounts with a Specific Role
legacy Troubleshooting
Issue 'users do not have permission' exception is showing when trying to update the same custom field on Person type accounts. Steps to reproduce: 1. Start a clean 2024.q1.1 bundle 2. Navigate to configuration >...
Do I need to request an activation key for my Liferay service on Liferay PaaS?
legacy
Issue This article discusses whether PaaS subscribers will need to request a new activation key for the Liferay service. Environment Liferay PaaS Resolution An activation key will automatically be generated and applied for...
Asset Publisher Subscriptions Only Trigger Email for New Assets
legacy
Issue When using the Asset Publisher with subscriptions enabled, email notifications are only sent when a new asset is added to the selection. Updating an existing asset's content does not trigger a new notification....
Updates are not visible without a page refresh
legacy Troubleshooting
Issue After editing and publishing a fragment or page, the changes are not immediately visible, but a similar behavior could be reproduced in other ways. A manual page refresh is required to see the...
How to change the generated OTP from alphanumeric to numeric in multi-factor authentication?
legacy How To
NOTE: The following resolution requires customization and should only be implemented at the discretion of your team. Liferay Support will not be able to assist with designing or implementing customizations. Issue...
"HTTP Status 400 – Bad Request" error occured when Updating Blogs' Custom Friendly URL
legacy Troubleshooting
Issue While updating the "Blogs" custom-friendly URL from "/liferay-blog" to "test-blogs/liferay-blogs," an HTTP Status 400 - Bad Request error appears on the UI. (A video demonstrating the issue has been attached.)...
Form Container does not display relationship field for parent object
legacy Troubleshooting
Issue I have an object A with a one-to-many relationship to object B. When I add a Form Container to a page and map it to object A, I cannot select the related object B entries. Environment Liferay DXP 7.4+ Resolution...
Knowledge Base Section Widget does not displaying the current version of Knowledge Base Article
legacy Troubleshooting
Issue When displaying Knowledge Base Articles using a Knowledge Base Section widget, once an article is edited, the displayed content will not reflect the changes made This behavior is reproducible when the Knowledge...
How to create Charts in Quarterly Versions
legacy How To
Issue The Chart Tag Library was removed in 2023.Q4 with no direct replacement. I would like to know how to create charts in a Liferay version higher than 2023.Q4. Environment 2023.Q4+ Resolution On GitHub, you...
Can I change the Article ID after disabling Autogeneration of IDs for Journal Articles?
legacy
Issue When I change the ID of a previously created Web Content, after Publishing, the ID does not change. I have System settings → Web Content → Administration → Journal Article Force Autogenerate ID disabled...
Brave Browser Issues
legacy Troubleshooting
Issue I am experiencing an issue in Liferay, that is only reproducible in Brave browser, but not reproducible in Chrome, Firefox, Safari, or Edge. Environment Quarterly Releases Resolution The Compatibility...
Tomcat Vulnerabilities CVE-2024-50379 and CVE-2024-56337 in Liferay DXP
legacy Troubleshooting
Issue Vulnerability for Tomcat discovered after moving to Liferay DXP 7.4. How to remediate Apache Tomcat 9 Remote Code Execution (RCE) Via Write Enabled Default Servlet Vulnerability (CVE-2024-50379) and...
Why doesn't the database's "userId_" update within the PLOEntry table with the ID of the last user to edit?
legacy
Issue We've found that when updating any Liferay Language Override key-value, the PLOEntry table within the database is not being updated with the ID of the last user to edit. It is our understanding that the table...