Capability

Security

Liferay DXP is built with security in mind. A variety of standards based authentication methods and integrations can be used to ensure secure access to a site and its resources. Robust role-based access control with permissions gives you fine grained control over what authenticated and unauthenticated users can access, share, or edit. Liferay DXP’s web services also have a multi-layered and configurable approach to security and authorization.

Feature
Deployment Approach
If Form entries are saved into an Object, email notification about Form submission is not sent
Issue We have created an Object and a Form. We save Form entries into the Object. When a Guest user submits the form, the notification is not sent out. We are getting the following error in the logs: ERROR...
Liferay instance node going into hang mode - Failed to validate connection
Issue Liferay instance node goes into hang mode and the following error appears: HikariPool-1 - Failed to validate connection ... (This connection has been closed.) ... Possibly consider using a...
Is Liferay vulnerable to CVE-2024-38819: SpringFramework (spring-core-5.3.39)?
Issue CVE-2024-38819: Path traversal vulnerability in functional web frameworks (2nd report) is related to the usage of WebMvc.jar. Is Liferay vulnerable to this vulnerability? Environment Liferay DXP 7.3...
Vulnerabilities reported in classes generated by Liferay Service Builder
Issue While performing security scans, there are vulnerabilities found in custom classes that are generated by Liferay Service Builder. Environment Liferay DXP 7.4 Resolution Sometimes, these warnings are...
How to clear the data folder of Glowroot in Liferay PaaS
Issue How to clear the data folder of Glowroot in Liferay PaaS. Environment Liferay DXP 7.4 Liferay PaaS Resolution To clear the data folder through the Glowroot UI. Follow the below steps: 1. Visit the site and...
What is Synchronous Database Replication and how does It enhance Data Consistency in Liferay?
Issue What is Synchronous Database Replication and how does It enhance Data Consistency in Liferay? Environment Liferay DXP 7.4 Resolution Synchronous database replication is used in Liferay and it is a...
Updates are not visible without a page refresh
Issue After editing and publishing a fragment or page, the changes are not immediately visible, but a similar behavior could be reproduced in other ways. A manual page refresh is required to see the...
Updating Custom Account Entry Fields Fails for Person Accounts with a Specific Role
Issue 'users do not have permission' exception is showing when trying to update the same custom field on Person type accounts. Steps to reproduce: 1. Start a clean 2024.q1.1 bundle 2. Navigate to configuration >...
"HTTP Status 400 – Bad Request" error occured when Updating Blogs' Custom Friendly URL
Issue While updating the "Blogs" custom-friendly URL from "/liferay-blog" to "test-blogs/liferay-blogs," an HTTP Status 400 - Bad Request error appears on the UI. (A video demonstrating the issue has been attached.)...
How to change the generated OTP from alphanumeric to numeric in multi-factor authentication?
NOTE: The following resolution requires customization and should only be implemented at the discretion of your team. Liferay Support will not be able to assist with designing or implementing customizations. Issue...
Form Container does not display relationship field for parent object
Issue I have an object A with a one-to-many relationship to object B. When I add a Form Container to a page and map it to object A, I cannot select the related object B entries. Environment Liferay DXP 7.4+ Resolution...
Asset Publisher Subscriptions Only Trigger Email for New Assets
Issue When using the Asset Publisher with subscriptions enabled, email notifications are only sent when a new asset is added to the selection. Updating an existing asset's content does not trigger a new notification....
Knowledge Base Section Widget does not displaying the current version of Knowledge Base Article
Issue When displaying Knowledge Base Articles using a Knowledge Base Section widget, once an article is edited, the displayed content will not reflect the changes made This behavior is reproducible when the Knowledge...
Do I need to request an activation key for my Liferay service on Liferay PaaS?
Issue This article discusses whether PaaS subscribers will need to request a new activation key for the Liferay service. Environment Liferay PaaS Resolution An activation key will automatically be generated and applied for...
Tomcat Vulnerabilities CVE-2024-50379 and CVE-2024-56337 in Liferay DXP
Issue Vulnerability for Tomcat discovered after moving to Liferay DXP 7.4. How to remediate Apache Tomcat 9 Remote Code Execution (RCE) Via Write Enabled Default Servlet Vulnerability (CVE-2024-50379) and...
Can I change the Article ID after disabling Autogeneration of IDs for Journal Articles?
Issue When I change the ID of a previously created Web Content, after Publishing, the ID does not change. I have System settings → Web Content → Administration → Journal Article Force Autogenerate ID disabled...
How to create Charts in Quarterly Versions
Issue The Chart Tag Library was removed in 2023.Q4 with no direct replacement. I would like to know how to create charts in a Liferay version higher than 2023.Q4. Environment 2023.Q4+ Resolution On GitHub, you...
Enabling ElasticSearch Sidecar logs
Issue I would like to raise the log levels for ElasticSearch Sidecar The folder [liferay-home]/elasticsearch-sidecar/7.x.x/logs does not contain any log files Environment Quarterly Releases Resolution The...
Why doesn't the database's "userId_" update within the PLOEntry table with the ID of the last user to edit?
Issue We've found that when updating any Liferay Language Override key-value, the PLOEntry table within the database is not being updated with the ID of the last user to edit. It is our understanding that the table...
Brave Browser Issues
Issue I am experiencing an issue in Liferay, that is only reproducible in Brave browser, but not reproducible in Chrome, Firefox, Safari, or Edge. Environment Quarterly Releases Resolution The Compatibility...