Capability

Security

検索バー

Liferay DXP is built with security in mind. A variety of standards based authentication methods and integrations can be used to ensure secure access to a site and its resources. Robust role-based access control with permissions gives you fine grained control over what authenticated and unauthenticated users can access, share, or edit. Liferay DXP’s web services also have a multi-layered and configurable approach to security and authorization.

Feature
Deployment Approach
How to Get Website Availability Report for PaaS
legacy
Issue I would like to request a Website Availability Report from Liferay. It should include overall uptime, downtime, incident reports. Environment Liferay PaaS Resolution Liferay monitors API uptime. A report...
Client Extensions Not Visible After Deployment in SaaS
legacy Troubleshooting
Issue Client extensions are successfully deployed to SaaS, the service registers as ready, and are listed in the Client Extensions Control Panel app, but they are not visible in the Widget UI when trying to add them...
Add New Custom Domains and Avoid Downtime while Let's Encrypt certificate Is Generated
legacy Troubleshooting
Issue When new custom domains are appended to to the existing list under "customDomains" in the "certs" part of the webserver LCP.json file, a new Let's Encrypt certificate is issued to include them. In the mean...
How to Exclude User Names (userName field) from Search Queries in Liferay
legacy How To
Issue We want to exclude the userName field from search queries. This is to prevent irrelevant search results based on user names. For instance, if a user's name contains a common search term, Liferay will return content...
Dynamic Blueprint parameters with Search API
legacy How To
Issue Blueprints offer static filtering by field values, but a dynamic approach is needed where search fields enable filtering based on user-provided values for specific structure fields, Is possible to...
Documents and Media widget displays "Copy to" action for Guest users
legacy Troubleshooting
Issue The "Copy to" option is displayed in the Documents and Media widget for Guest users, even though they lack the necessary permissions to perform this action. This can lead to a poor user...
Unassign Site Template from a Site / Export a site without the template it was based on
legacy Troubleshooting
Issue Is there a way to unassign a Site Template from a Site? When importing a site using a .lar file into a company where the associated Site Template doesn't exist, an error occurs: "Site cannot be Imported as Site...
Collection Display Fragment is not responsive when using the CSS Medium Screen Size (col-md)
legacy Troubleshooting
Issue We've observed that when using the Collection Display fragment to display a collection of data/items and selecting the medium screen size (col-md), the responsiveness becomes unreliable.  Environment Quarterly...
XSS Vulnerability present when using Web Content Article's source code
legacy Troubleshooting
Issue We've observed a XSS Vulnerability present when using Web Content Article's source code.  This vulnerability appears to be present when involving the deployment of a payload via the source code.  Steps to...
Custom Widget Gets Rendered Twice
legacy How To
Issue After defining a Custom Element widget and placing it on a page, it is observed that the widget is loaded twice. Sometimes this happens so fast that it is unnoticeable, other times a couple of seconds...
SAML - Can you end the Identity Provider's session when the Service Provider's session times out?
legacy Troubleshooting
Issue We have Liferay configured as a SAML Service Provider (SP), and we use third-party software as the Identity Provider (IdP) Our IdP is used for multiple applications, so its session timeout is set for a...
Old version of an updated file gets downloaded instead of the new version
legacy Troubleshooting
Issue Some team members had to go into the 'Current Assets' asset library and re-version some files that needed updating. After re-versioning the files, when Person A went to download the files to see how...
Is integration of mTLS possible in Liferay?
legacy How To
Issue We are required to use mTLS (Mutual Transport Layer Security) for certain requests Is it possible to integrate mTLS with Liferay? Environment DXP 7.4 Quarterly Releases Resolution Yes, it is possible to...
Creating Display Page Templates for Calendar Events in DXP 7.3
legacy
Issue The documentation Using Display Page Templates in learn.liferay.com mentions you can create Display Page Templates for calendar events, but this for calendar events is missing in Liferay DXP 7.3. Environment...
The site name is appended to every Event/Meeting created in Liferay Calendar
legacy
Issue The site name is appended to every Event/Meeting created in Liferay Calendar. Environment DXP Quarterly Release 2024.Q2.0 Resolution Liferay calendar displays the site name as default when the event or...
Impersonation Clashes with Cached Web Content Templates
legacy Troubleshooting
Issue Web Content Templates can be configured for caching to boost performance. When not cached, the generated HTML is rendered for each request. When cached, the generated HTML is stored in the cache and...
Web Content Not Displayed in Context in Search Results
legacy Troubleshooting
Issue Some web contents are not displayed in context when accessed from search results with the "Display selected search result in context" checkbox selected. For web contents displayed in an asset publisher, the...
How to modify the Cache-Control header to prevent browser caching issues
Troubleshooting
Issue After deploying a new version of my theme, users are experiencing issues due to old Javascript files being loaded from the browser cache. Thus, we would like to modify the Cache-Control header of those...
Cannot add the Indonesia or Hebrew language to instance after changing locale codes to ISO 639 language codes
legacy Troubleshooting
Issue From Java 8 to Java 17, changes were made in locale support, specifically with the language codes for Hebrew(Israel) and Indonesian(Indonesia), according to this article:...
Staging Object Entries
legacy
Issue I would like to enable Staging for my Object Entries Environment Quarterly Releases Resolution This feature is not yet available in Liferay, however, it is already on the roadmap You may view the...
Console errors when local staging is on
legacy Troubleshooting
Issue There is a staging initialization failure within the console when local staging is on.  Steps to reproduce:  Publishing > Staging > Toggle Local Staging On Navigate to the Home Page and check the console within...
How to create Web Content with large images from text file?
legacy Troubleshooting
Issue Copy-pasting large images from text file prevents the Web Content from being published, although it appears correctly in the editor. Environment Liferay DXP 7.4 Resolution When images are copy-pasted...
How to preserve the structureId and formId during export/import to avoid mismatches between environments?
legacy Troubleshooting
Issue When we export/import web content articles and forms, their IDs sometimes change.  How to preserve the structureId and formId during export/import to avoid mismatches between environments? Environment...
Modified date not match the author of a web content, document or any other asset.
legacy
Issue The author displayed for content/documents is inconsistent when modifications are made by users other than the original author. When a user edits and publishes the content, the displayed author is...
Handling an excess number of User Notifications
legacy Troubleshooting
Issue As my Liferay system sends out User Notifications over time, the UserNotificationEvent table accumulates many records quickly. I would like to schedule the cleanup of old User Notifications, so that the...
Defining Permissions for Object Entries
legacy
Issue The creator/owner of an object entry (or any other data type) has full permissions to manage that entry (update, delete, view). I would like to give Object Admins the possibility to define/restrict...
I can select a Display Date in the past for a Web Content
legacy How To
Issue After creating a Web Content, when I go to the Properties tab > Schedule section, I can select a Display Date in the past. No error message appears when I save the Web Content with a past Display Date....
Email Settings not resetting completely from Instance Settings
legacy Troubleshooting
Issue If a user wants to reset Mail Settings from Instance Settings, it is not resetting completely Environment SaaS Resolution Open a Help Center ticket to have Support manage the environment Additional...
Is it possible to create Style Books directly from a Client Extension?
legacy
Issue Is it possible to create Style Books directly from a Client Extension? Environment DXP Quarterly Release 2024.Q4.0 Resolution Client Extensions can be created to modify the Liferay backend elements, like the...
Using Required for system configurations.
legacy Troubleshooting
Issue We would like to add required = true configuration to our system configuration. Upon requesting the data through a groovy script the string returns empty when required = true is set. Environment DXP 7.4+...
Tomcat's vulnerability CVE-2023-44487
legacy
Issue Is DXP 7.4 affected by Tomcat's Rapid Reset CVE-2023-44487? Environment Liferay DXP 7.4 Resolution If user is not using Tomcat with DXP, then it is not affected by “Tomcat's Rapid Reset CVE-2023-44487”. If...
How to Determine if JUnit is installed on Liferay Cloud
legacy How To
Issue How to determine if JUnit is installed on Liferay Cloud? How do users install JUnit on Liferay Cloud and integrate it with Jenkins? Environment Liferay Cloud Resolution JUnit is pre-installed on Liferay...
If Form entries are saved into an Object, email notification about Form submission is not sent
legacy Troubleshooting
Issue We have created an Object and a Form. We save Form entries into the Object. When a Guest user submits the form, the notification is not sent out. We are getting the following error in the logs: ERROR...
How to clear the data folder of Glowroot in Liferay PaaS
legacy How To
Issue How to clear the data folder of Glowroot in Liferay PaaS. Environment Liferay DXP 7.4 Liferay PaaS Resolution To clear the data folder through the Glowroot UI. Follow the below steps: 1. Visit the site and...
Is Liferay vulnerable to CVE-2024-38819: SpringFramework (spring-core-5.3.39)?
legacy
Issue CVE-2024-38819: Path traversal vulnerability in functional web frameworks (2nd report) is related to the usage of WebMvc.jar. Is Liferay vulnerable to this vulnerability? Environment Liferay DXP 7.3...
Liferay instance node going into hang mode - Failed to validate connection
legacy Troubleshooting
Issue Liferay instance node goes into hang mode and the following error appears: HikariPool-1 - Failed to validate connection ... (This connection has been closed.) ... Possibly consider using a...
What is Synchronous Database Replication and how does It enhance Data Consistency in Liferay?
legacy
Issue What is Synchronous Database Replication and how does It enhance Data Consistency in Liferay? Environment Liferay DXP 7.4 Resolution Synchronous database replication is used in Liferay and it is a...
Multilingual PDF search indexing fails with web content
legacy
Issue Why does the main document entry contain only the metadata and not the content of PDFs? Is it possible to add the content of PDFs along with the metadata of PDFs in the main document entry? Steps to...
Vulnerabilities reported in classes generated by Liferay Service Builder
legacy Troubleshooting
Issue While performing security scans, there are vulnerabilities found in custom classes that are generated by Liferay Service Builder. Environment Liferay DXP 7.4 Resolution Sometimes, these warnings are...
Is there a release date for implementing the Content Security Policy (CSP) at Liferay?
legacy
Issue If CSP is in beta mode, how is Liferay protecting its system from vulnerability? Is there a timescale for when the CSP will be fully deployed in the portal? Once the CSP has been successfully implemented,...