Capability

Security

検索バー

Liferay DXP is built with security in mind. A variety of standards based authentication methods and integrations can be used to ensure secure access to a site and its resources. Robust role-based access control with permissions gives you fine grained control over what authenticated and unauthenticated users can access, share, or edit. Liferay DXP’s web services also have a multi-layered and configurable approach to security and authorization.

Feature
Deployment Approach
Customizing pagination delta values at instance/site level
legacy How To
Issue The pagination options for search results (e.g., the number of items displayed per page) are controlled globally by the search.container.page.delta.values property in the portal-ext.properties...
Performance Issues in Publications after Upgrading to 2024.Q1
legacy Troubleshooting
Issue Users may experience a performance drop when working with Publications. This is especially noticeable when navigating through Web Content within an active publication.   Environment Liferay DXP 2024.Q1  ...
A page's Menu Display widget, Search bar widget, and Footer cannot be removed from a page's layout
legacy Troubleshooting
Issue This article documents a case where a page's Menu Display widget, Search bar widget, and Footer cannot be removed from a page's layout Environment Liferay DXP Quarterly Releases Resolution Pages inherit styles from...
Fieldsets with Custom Names Disappear When Filtering by Translation Status
legacy Troubleshooting
Issue In the web content editor, fieldsets that do not follow the default naming pattern (e.g., Fieldset1234) are hidden when filtering by "Untranslated" fields. This issue is caused by a regex that incorrectly assumes...
"Friendly URL is Already in Use" Error Message Lacks Specifics on its Location
legacy
Issue When creating or updating a page, if a user enters a friendly URL that is already in use by another page, the system displays a generic error message: "The friendly URL is already in use." This error message does...
Is it possible to disable the '/o/graphql' endpoint?
legacy How To
Issue For custom requirements, it may be necessary to disable the /o/graphql endpoint. Is there an out-of-the-box configuration to disable this endpoint? Environment Liferay DXP 7.3, DXP 7.4 and...
Document URL Displays Virtual Instance Domain Instead of Site Virtual Host
legacy
Issue I've configured a Site with its own Virtual Host (www.b.com), but when I upload a document to that site, the document's URL incorrectly displays the parent Virtual Instance's domain (www.a.com). I expected...
Client Extension disappears
legacy Troubleshooting
Issue We've found that our client extension disappears after Liferay is restarted. After a customElement CX is deployed, Liferay is forced to restart and our extension disappears with every restart. Environment SaaS...
Searching in a page created from a content page template does not work
legacy Troubleshooting
Issue I have an issue with searching in pages created from the content page template. When I search in a page and filter to "Pages", nothing happens in the page, and there are no search results. Steps to reproduce...
StaleStateException Error During Startup with OpenID Connect Configuration
legacy Troubleshooting
Issue During a Liferay DXP startup, the following error message appears in the logs, related to OpenID Connect provider configuration: ERROR [...][BatchingBatch:139] HHH000315: Exception executing batch...
Password Reset Link Immediately Shows as 'No Longer Valid'
legacy Troubleshooting
Issue When a user requests a password reset, the link in the notification email leads to an error page stating, "Your password reset link is no longer valid." This occurs even if the link is clicked immediately...
Public resources under /o/
legacy How To
Issue Why /o/marketplace-app-manager-web/icon.jsp is public by default? Are there any other out of the box resources publicly available by default? Environment Liferay DXP any Resolution The Marketplace module is an...
What filtering syntax to use in headless API for filtering for those entries that do not belong to any categories?
legacy
Issue I am using the API GET /v1.0/asset-libraries/{assetLibraryId}/content-elements, but the question might be relevant for other endpoints as well according to...
Unable to add Information Templates after changing Default Language
legacy Troubleshooting
Issue When only one language is available in Instance Settings > Localization and it is not "English (United States)", the Information Templates section under Design > Templates do not load. Environment Quarterly...
Does Liferay have an Attestation of Compliance to be PCI certified?
legacy
Issue We are in the process of reviewing application compliance and want to know if Liferay has an attestation of compliance (related to PCI), specifically the Payment Card Industry Data Security Standard? Environment...
How can I protect against CVE-2025-4388 vulnerability?
legacy Troubleshooting
Issue My Liferay Instance has a vulnerability to CVE-2025-4388 Environment Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Resolution Upgrade to 2024.Q1.13+ Request a Hotfix with LPD-46038, knowledgeArticleType:...
Google Cloud Translation Fails with "Too many segments" Error
legacy Troubleshooting
Issue When attempting to use the automatic translation feature for an entire page o contents with multiple fields, the process fails. The logs show the following error:...
Subtype missing after importing information template
legacy
Issue When an information template is exported from one environment and imported into another, the link to the web content structure's subtype is lost. The template remains linked to the main structure (e.g., Web...
Node.js Version for Client Extension Development and Handling Security Vulnerabilities
legacy
Issue When developing client extensions with React for Liferay DXP 2024.Q4 or newer, what is the recommended Node.js version? The official compatibility matrix suggests Node.js version 20.12.2, but this version...
Environment variable for elastic password
legacy How To
Issue For security reason, we need to handle the Elastic password via an environment variable, using OSGI .config files. Checking the documentation, it seems to not be possible on 7.0...