Capability

Security

Liferay DXP is built with security in mind. A variety of standards based authentication methods and integrations can be used to ensure secure access to a site and its resources. Robust role-based access control with permissions gives you fine grained control over what authenticated and unauthenticated users can access, share, or edit. Liferay DXP’s web services also have a multi-layered and configurable approach to security and authorization.

Feature
Deployment Approach
Liferay form security
Issue The form can be submitted with an invalid captcha value Steps to Reproduce: 1) Navigate to Content & Data > Forms 2) Add a Form 3) Add a text field 4) Click on kebab on the top right and navigate to Settings...
Asset Publisher view.jsp has potential XSS vulnerability
Issue When a user tries to retrieve the assetEntryId in asset-publisher-web/view.jsp, the content is not validated or escaped. This means XSS could occur. Reproduction Steps: 1. Add 3 journal articles. 2. Add an...
Commerce Orders are not visible to users with view permissions
Issue When view permissions are assigned to users to see the commerce orders with a custom role. But, when login users are unable to see the orders. Steps to reproduce. 1. Create Minium Site( With Admin User) 2....
LAR files from export processes are exhausting disk space
Issue When trying to publish content (like staging or exporting pages) a message appears that there is no space left in the storage device Cleaning temporary app server files doesn't help   Environment...
Regular pagination is not working for asset publisher
Issue Steps to Reproduce Add the Asset Publisher widget to any page. Go to content & data and create more than 3 basic web contents Go to Asset Publisher configuration -> Display Settings Set "Number of Items to...
A section's background image is not published to Live site when using Content Pages with Staging
Issue A section's background image is not published to the Live site when using Content Pages with Staging Steps to Reproduce: 1) Enable Staging on the target site 2) Check the Group ID of the site in Site...
In Safari, wrong button press is read when SPA is enabled
Issue In Safari (macOS and iOS versions) wrong button press is read when SPA is enabled Steps to reproduce: 1. Deploy testspaformmultiplesubmit1-1.0.0.jar 2. Open Safari browser, add a module to a page, and make...
With Firefox, the UI publication process is not feasible
Issue Users are experiencing issues on the UI with the latest version of Firefox (86.0.1). Steps to reproduce: 1) Start a clean instance of Liferay 7.0 2) Open the portal in Firefox version 86.0.1 3) Open a...