Capability

Security

検索バー

Liferay DXP is built with security in mind. A variety of standards based authentication methods and integrations can be used to ensure secure access to a site and its resources. Robust role-based access control with permissions gives you fine grained control over what authenticated and unauthenticated users can access, share, or edit. Liferay DXP’s web services also have a multi-layered and configurable approach to security and authorization.

Feature
Deployment Approach
Reported Vulnerabilities with Gradle Workspace Plugin
legacy
Issue We've been made aware of a vulnerability: NVD - CVE-2022-1471 NVD - CVE-2017-18640 NVD - CVE-2022-25857 Environment Liferay Workspace (gradle v10.1.3) Resolution Jackson Dataformat YAML Dependency:...
ServiceBuilder Updates Not Reflected in Database
legacy Troubleshooting
Issue Service Builder changes does not apply updates on database after add or delete a column in service.xml Environment Quarterly Releases Resolution Liferay has the property...
Translating static texts with Fragments
legacy How To
Issue Translating static text with the help of fragments and language overrides Environment Liferay DXP 7.4 [all updates] Liferay DXP 2023.Q1 Liferay DXP 2024.Q1 Resolution Step 1: a) Navigate to Applications...
Known Issue [Resolved]: Control Panel access not correctly being provided through role assigned to user group
legacy Troubleshooting
Issue A user is not able to see the control panel, even though they are in a user group which correctly has assigned the application permissions and resource permissions relating to control panel access Environment...
Permissions assignments only save the most recently viewed page's selections
legacy How To
Issue When assigning permissions to Documents or Web Content assets, after selecting permissions for users on the first page, navigating to the second page, and saving, only the permissions selected on the second...
When adding a User to a child organization, it automatically assigns them to the parent organization
legacy How To
Issue I've observed a difference in behavior when assigning a User to a child organization. DXP 7.2: the user would only be assigned to the child organization and not the parent organization. Quarterly Release: the...
Guest user is not redirected to the login page when accessing the portal with site URL
legacy Troubleshooting
Issue When I access https://www.myapp.com/mysite without logging in, it shows 404. When I add  the page name to the URL e.g. https://www.myapp.com/mysite/sitepage, then it redirects to login screen. The login prompt...
Configuring Default Permissions for New Folders: Addressing Inherited Permissions for Guests
legacy Troubleshooting
Issue The default selection of "Site Member" is preventing the inheritance of guest permissions. This default behavior occurs because a private page exists in the site, influencing the default...
Facing issues in setting 'liferay.workspace.product' property for Liferay Workspace
legacy Troubleshooting
Issue Upgrading the portal from Liferay DXP 7.4 Update 67 to Liferay DXP Quarterly Release 2024.Q1.9 and trying to set 'liferay.workspace.product = dxp-2024.q1.9' in the gradle.properties however, it is not...
Is Elasticsearch 8.14.x or 8.15.x compatible with Liferay DXP Quarterly Release?
legacy
Issue The compatibility matrix does not list newer releases of Elasticsearch, like 8.14.x or 8.15.x, are they compatible? We've been made aware of CVE-2024-23445 and CVE-2024-37280, can we upgrade to...
Upgrade Fails: Error after upgrading using the Database Upgrade Tool (MS SQL Server)
legacy Troubleshooting
Issue After running `db_upgrade_client.bat` my upgrade failed with no explanation in the logs. Upgrade failed, when it was attempted again it was successful but Liferay won't start After upgrading, Liferay...
Can you add a theme or fragments to action pages?
legacy Troubleshooting
Issue How do I add fragments to action pages like /c/portal/update_password and /c/portal/update_reminder_query? Our theme reverts on utility/action pages /c/ When a user is taken to the...
Unable to see the list of assignees for Site Roles, Organization Roles, Asset Library Roles and Account Roles
legacy How To
Issue I would like to access a list of Roles and Assignees for "Site Roles", "Organization Roles", "Asset Library Roles", and "Account Roles" without having to go through each individual account to get...
Document status is not getting updated in search indexes
legacy Troubleshooting
Issue Unable to update the document status in the search indexes. Steps to reproduce: 1. Start the server. 2. Deploy the JAR file. 3. Navigate to the Control Panel > Custom Fields. 4. Add 2 custom fields,...
Captcha does not appear on each submission attempt in the form
legacy How To
Issue Create a form by enabling the CAPTCHA and submit it for the first time, try to submit it again, then the CAPTCHA will not appear. Steps to Reproduce: 1. Start the server. 2. Navigate to the Site Menu >...
Polyfill.io Vulnerability: Is Liferay affected?
legacy
Issue An attribute polyfill:true is observed in the source code of the website. Does it have anything to do with the domain 'https://polyfill.io'? Is Liferay affected by the Polyfill.js vulnerability? ...
On authentication types to Azure Blob Storage
legacy
Issue We would like to use Azure Blob Storage for documents and media, as described at https://learn.liferay.com/web/guest/w/dxp/system-administration/file-storage/other-file-store-types/microsoft-azure-blob-storage...
How Will Special Characters Be Scoped Regarding LPS-78008?
legacy
Issue Will special characters be scoped at site level and not only instance level per LPS-78008? Environment Quarterly Releases  Resolution After further review, it has been confirmed that LPS-78008 will not be...
The Impersonation Attempt Fails Without Errors in the Logs or UI
legacy Troubleshooting
Issue Admin users are unable to impersonate other users. When attempting to impersonate, a new tab opens, but it remains on the original user. Impersonation attempts fail, the `doAsUserId?` is missing from...
How to define user and email notifications for each asset
legacy How To
Issue I want to disable email notifications for blogs How to configure notifications for each asset to receive them by email or as user notifications. Environment DXP 7.4 Resolution It is possible to choose the...