Capability

Security

Liferay DXP is built with security in mind. A variety of standards based authentication methods and integrations can be used to ensure secure access to a site and its resources. Robust role-based access control with permissions gives you fine grained control over what authenticated and unauthenticated users can access, share, or edit. Liferay DXP’s web services also have a multi-layered and configurable approach to security and authorization.

Feature
Deployment Approach
Build error while doing buildService
Issue User gets below error when doing buildService outside the *-service module: FAILURE: Build failed with an exception. * What went wrong: Some problems were found with the configuration of task...
Can we prevent editors from injecting executable code in Web Content fields?
Issue When rendering the text fields stored for a Web Content through Web Content Templates, the resulting markup might execute undesired code if the editor has introduced executable code like: <img src=x...
Set Message Boards 'to email address' for notifications
Issue Message Boards email notification's 'to address' uses 'from address' instead. When you go to Content&Data → Message Boards → Configuration → Email from and set a valid email address, Message Boards will...
Object Mapping: No object 'type' for an upload field
Issue Having created a new object, we can then create a new field. This example shows a new field for 'date' and is assigned the Type* Date When creating a field for a file upload, there is no applicable Type* that...
Unable to bind to the LDAP server javax.naming.CommunicationException: [Root exception is java.lang.ClassNotFoundException: javax.net.ssl.SSLSocketFactory cannot be found by com.liferay.saml.web_
Issue During the time of portal login using the LDAP users, the user('s) are able to log in successfully, LDAP connections have an active connection but observed the below warnings in the Liferay log.  2021-12-17...
Session logs out intermittently after being redirected by the payment link
Issue After being redirected by the payment link, the session logs out. Steps to reproduce : 1. Login in Liferay. 2. Call the API in Postman. Request parameters are attached (SSL Commerz Request Parameters.txt)...
Asset Publisher view.jsp has potential XSS vulnerability
Issue When a user tries to retrieve the assetEntryId in asset-publisher-web/view.jsp, the content is not validated or escaped. This means XSS could occur. Reproduction Steps: 1. Add 3 journal articles. 2. Add an...
Liferay form security
Issue The form can be submitted with an invalid captcha value Steps to Reproduce: 1) Navigate to Content & Data > Forms 2) Add a Form 3) Add a text field 4) Click on kebab on the top right and navigate to Settings...