Capability

Security

検索バー

Liferay DXP is built with security in mind. A variety of standards based authentication methods and integrations can be used to ensure secure access to a site and its resources. Robust role-based access control with permissions gives you fine grained control over what authenticated and unauthenticated users can access, share, or edit. Liferay DXP’s web services also have a multi-layered and configurable approach to security and authorization.

Feature
Deployment Approach
Console errors when local staging is on
legacy Troubleshooting
Issue There is a staging initialization failure within the console when local staging is on.  Steps to reproduce:  Publishing > Staging > Toggle Local Staging On Navigate to the Home Page and check the console within...
Staging Object Entries
legacy
Issue I would like to enable Staging for my Object Entries Environment Quarterly Releases Resolution This feature is not yet available in Liferay, however, it is already on the roadmap You may view the...
"assetURL" not redirecting to the desired 'Product Detail' page
legacy Troubleshooting
Issue The issue regarding the POST /v1.0/suggestions API. Specifically, when using the API, the page does not redirect to the desired 'Product Detail' page, whereas the same functionality works correctly via the UI....
Failed upgrade process for module com.liferay.portal.workflow.kaleo.service: Unable to convert XML to JSON
legacy Troubleshooting
Issue We are currently upgrading our DXP 7.4 u92 DB to 2024.Q1.12 We configured things for DB upgrade based on...
Getting invalid checksum error when building the Liferay Workspace
legacy Troubleshooting
Issue Facing an error when attempting to initialize a Liferay DXP bundle in the user's Liferay workspace. Steps to reproduce: 1. Create a Liferay workspace project. 2. Set the following in gradle.properties:...
Is Session Prediction Possible in Liferay
legacy
Issue Is it possible an attacker could predict the JSESSIONID and gain unauthorized access, referencing an example from a 'Session Prediction' article? Explanation of Issue Using the "Catalog" Page in Postman: If a...
Certain values are lost or altered upon submitting a large form
legacy Troubleshooting
Issue For very long forms, some input values may be unexpectedly lost or modified after submission. Some fields are submitted correctly, but from a certain point onwards, they start persisting with incorrect values...
Delay in "Add to Cart" Button Rendering on Slow Internet Compared to Other Platforms
legacy How To
Issue The "Add to Cart" button takes time to appear when using a slow internet connection in comparison to other platforms like Amazon, the button is immediately visible, although it remains non-functional until...
Liferay Learn Resources Taglib
legacy Troubleshooting
Issue In recent versions of Liferay, the liferay-learn taglib has been introduced to automatically include links to the official Liferay Learn documentation. This functionality is controlled by the...
Unable to see the add button to create a new language override key
legacy Troubleshooting
Issue When create a new user and assigning that user to a newly created regular role, then the add button to create a language override key is not visible to that user. Steps to reproduce: 1. Navigate to Control...
Unable to Run Developer Studio 3.9.8 with JDK 17
legacy Troubleshooting
Issue When attempting to run Liferay Developer Studio 3.9.8 on JDK 17, there's no option available to configure JDK 17 when navigating to Window -> Preferences -> Java -> Compiler -> Compiler compliance level.  Environment...
Unauthorized modification in Open Order Status
legacy Troubleshooting
Issue The user who doesn't have the permission of 'Manage Order' is still able to update the order from an "Open" status to a "Quote Requested" status. Steps to reproduce: 1. Create a 'Minium' site. 2. Navigate to...
The package.json and config.js files are accessible via URLs
legacy
Issue Observed potential security vulnerabilities where the package.json and config.js files expose sensitive information like file paths, testing configurations, dependencies with versions, build scripts,...
Delete commerce orders from the database
legacy Troubleshooting
Issue There is an inconsistency in commerce orders between the Portal and Database. That means there are more number of orders than the number of orders in the Portal. Is there any script that can delete all...
Block access of com_liferay_login_web_portlet_LoginPortlet
legacy Troubleshooting
Issue There is a security vulnerability found wherein someone can create a page after being able to login through com_liferay_login_web_portlet_LoginPortlet. Therefore, how to block access of...
Automatic Fragment Propagation and Liferay startup time
legacy Troubleshooting
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue Customers with a large number of Content Pages extensively...
"Tablet Landscape" display device is not available in Page Edit Mode
legacy
Issue While page editing, only four viewports are visible: Desktop () Tablet () (Portrait) Landscape phone () Portrait Phone () But, the "Tablet Landscape" viewport is missing/not available. Environment Liferay DXP...
Discrepancy in Batch Behavior: headless-commerce-admin-account vs. headless-admin-user
legacy How To
Issue We’ve encountered a discrepancy in how batch operations work for Accounts between the headless-commerce-admin-account API (now deprecated) and the newer headless-admin-user API. Previous Behavior...
Liferay and CVE-2025-24813
legacy
Issue Does Liferay DXP have the vulnerability CVE-2025-24813? Environment Liferay DXP Quarterly Releases 2025.Q1 Resolution Liferay bundles and docker images are not affected due to the attribute...
How to run the Liferay PaaS webserver service locally to test configuration changes
legacy How To
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). NOTE: Liferay Support does not recommend or endorse specific...
Full Day Event Overlaps Two Days in Calendar Month View
legacy How To
Issue When creating an all-day event that spans from 12:00 AM on one day to 12:00 AM on the next day, the event appears on both days in the calendar month view. Expected behavior is for the event to only be visible on...
How to decouple User and Email notifications?
legacy
Issue The user wishes to decouple User and Email notifications. Environment Liferay Quarterly Release  Resolution The email and user notifications are tied together in the system. There is no option to...
Implementing strict rules for virtual hosts and friendly URLs
legacy Troubleshooting
Issue Having the different URLs for the same content could potentially impact SEO by affecting how pages are indexed. Even when a virtual host is defined for a site, it is possible to access that site...
Structures showing as 'Not Translated' after upgrading to 7.4+
legacy Troubleshooting
Issue After upgrading from Liferay DXP 7.3 (or prior versions) to 7.4, some Web Content Structures are showing as not translated in the UI, even though the translations exist in the database. The structure's fields...
Migration Guidelines from Cloud Stack Version 4.x to 5.x
legacy How To
Introduction With the End of Functionality for Cloud Service Stack Version 4 on January 14, 2025, existing builds using Version 4 images will fail moving forward. As Liferay Cloud Version 5 introduces new features and...
Client Extension Build Fails Due to Unresolved Dependency
legacy Troubleshooting
Issue When building a Client Extension of type jsImportMapsEntry, the build fails if the Client Extension depends on another Client Extension, because the build cannot resolve the dependency. Environment Liferay DXP...
Default Language not being applied to not translated content
legacy Troubleshooting
Issue There is an undesirable behavior present when creating an object and utilizing the language translation. The content is empty instead of showcasing the content translated. Steps to reproduce: Instance Settings...
Filtering Products by Category via API
legacy Troubleshooting
Issue I need to display related products on a product details page, filtered by a specific category. Attempts to filter products by category using an Information Template and API calls with...
ClayDatePicker making everything inaccessible
legacy Troubleshooting
Issue We've discovered that the page becomes unresponsive when using the ClayDatePicker in a react element.  Steps to reproduce: Click on Date Picker Field  Click on year dropdown within the Date Picker Without...
Hotfix created for 2025.Q1.X won't install
legacy Troubleshooting
Issue A hotfix created for 2025.Q1.X won't install even though it is being installed on the required version. The following information appears in the patching-tool info file. Product information: * DXP version:...
Login URL Parameters Reported as Security Threat
legacy Troubleshooting
Issue Vulnerability Assessment and Penetration Testing (VAPT) reports the parameters passed in the login request as a security threat. How can these parameters be removed or mitigated? Environment Liferay DXP 7.4+...
User profile is visible when accessing the /web/test
legacy Troubleshooting
Issue When accessing localhost:8080/web/test, the user profile is visible to guest users. The concern is that the user data being accessible to guest users poses a security threat. Environment Liferay DXP 7.4...
How to create a Clay Dropdown Menu with Button in Liferay 2024.Q2
legacy How To
Issue Cannot create a dropdown menu with checkboxes and an Apply button that is used to save the selection in the menu using Clay UI. Environment DXP 7.4 2024.Q2 Resolution You can add button functionality to modul by...
How to approach creating a MessageListener to verify a Publish while using Publications?
legacy How To
Issue How to approach to creating a MessageListener to verify a Publish while using Publications? Environment DXP 7.3 DXP 7.4 Resolution The Customer Support team has limited ability to provide a complete...
Can I add internal vocabularies through the Site Initializer?
legacy
Issue We use the site initializer to create sites and we want to use internal vocabularies to categorize content. Environment DXP 7.4 Resolution This is not available out of the box in 7.4, but this feature has...
How can I use environment variables to get the URL of other CX micro-services?
legacy How To
Issue Currently we can access the dynamic urls for DXP using the following variables. "LIFERAY_ROUTES_CLIENT_EXTENSION": "/etc/liferay/lxc/ext-init-metadata", "LIFERAY_ROUTES_DXP": "/etc/liferay/lxc/dxp-metadata" Is...
"Copy Page" button doesn't copy the page contents properly
legacy Troubleshooting
Issue We have observed that the "Copy Page" button in the kebab menu of the pages search result screen does not work as expected. The content of the source and destination pages are changed during the copy process. ...
Calendar Widget displays Custom fields differently
legacy Troubleshooting
Issue When users create Custom fields via Control Panel → Custom Fields → Calendar Events,  Custom Fields are not displayed in the same way as Native/Non-Custom fields when viewing Calendar Event details.  Environment...
Organization tab do not shows the user when user is added to organization via Groovy Script
legacy Troubleshooting
Issue After the execution of the below syntax in the Groovy Script, the Organization name gets appended to the user and can be seen only under the "User's details Organization Tab" but not under the...
Content created within Publication is searchable using the search results widget but not via Blueprint
legacy Troubleshooting
Issue Steps to reproduce: Navigate to Control Panel->Applications->Publications and Enable Publications. Click on the "+" button and add 2 new publications as Dev 1 and Dev 2. Create web content for each...