Search Results

All Results 433
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Vulnerabilities reported in classes generated by Liferay Service Builder
legacy Troubleshooting
Issue While performing security scans, there are vulnerabilities found in custom classes that are generated by Liferay Service Builder. Environment Liferay DXP 7.4 Resolution Sometimes, these warnings are...
Is there a release date for implementing the Content Security Policy (CSP) at Liferay?
legacy
Issue If CSP is in beta mode, how is Liferay protecting its system from vulnerability? Is there a timescale for when the CSP will be fully deployed in the portal? Once the CSP has been successfully implemented,...
Vulnerability CVE-2024-52046 in Liferay DXP
legacy How To
Issue Is Liferay vulnerable to the vulnerability described in CVE-2024-52046? Environment Liferay DXP 7.3 and above Resolution Liferay uses the affected Apache Mina library (`mina-core`) only in LDAP-related code. If...
How to change the generated OTP from alphanumeric to numeric in multi-factor authentication?
legacy How To
NOTE: The following resolution requires customization and should only be implemented at the discretion of your team. Liferay Support will not be able to assist with designing or implementing customizations. Issue...
Getting BadPaddingException errors in the logs after an upgrade
legacy Troubleshooting
Issue After upgrading Liferay DXP, javax.crypto.BadPaddingException errors appear in the logs when using 'Auto Login' feature ('Remember me'). Example error message: ERROR [AutoLoginFilter:247] Current URL /home...
"http://localhost:8080/o/oauth2/authorize" URL redirect to the Login Page
legacy Troubleshooting
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue When accessing the OAuth2 authorization URL...
Unexpected SAML calls: com.liferay.saml.internal.servlet.filter.SpSessionTerminationSamlPortalFilter.doProcessFilter
legacy Troubleshooting
Issue When navigating through the portal with SAML disabled, there are a few SAML-related filters that are still being processed, leading to database calls and causing slower performance. at...
SAML Authentication Error: "This message decoder only supports the HTTP POST method
legacy Troubleshooting
Issue The following SAML errors appear in the Liferay logs: ERROR [http-nio-8080-exec-5][BaseSamlStrutsAction:53] org.opensaml.messaging.decoder.MessageDecodingException: This message decoder only supports the...
In SAML setup user is not getting login in the SP and receiving warning on the UI
legacy Troubleshooting
Issue After setting up the SAML process, the user tries to log in receiving the warning below and not being logged in. Environment Liferay 2023.Q4.0 Resolution If users are setting up an identity provider as...
CORS request is failing
legacy Troubleshooting
Issue If the user allows any origin (Access-Control-Allow-Origin: *) to access the resource, the CORS request fails. Steps to reproduce: 1. Start Liferay DXP 7.4 U90 2. Navigate to Control Panel > Instance...
Is it possible to offer both SAML and OIDC as SSO options?
legacy How To
Issue Both SAML and OpenID Connect(OIDC) can be configured on the same Liferay instance. However, the option to authenticate using OIDC is missing whenever SAML is enabled. Is it possible for a user to select either SSO...
SAML Logout Issues: Multiple Login Entries and Optimistic Locking Exceptions
legacy Troubleshooting
Issue When a user logs out after authenticating via SAML, multiple login entries might be recorded in the audit logs. This can lead to HibernateOptimisticLockingException errors, particularly during...
LIFERAY.HEADLESS.DELIVERY scope missing or delayed in OAuth 2 applications
legacy Troubleshooting
Issue The LIFERAY.HEADLESS.DELIVERY scope is missing or delayed in appearing when creating or managing OAuth 2 applications. The issue can occur intermittently, with the scope sometimes appearing after a delay of...
Access-control-allow-origin CORS Header not honoring System setting Configuration
legacy
Issue When configuring CORS headers in System Settings we are seeing that access-control-allow-origin header doesn't always have the configured value. Environment Liferay DXP 7.4 Resolution According to the...
Security Managers, Vul ID: V-222936 STIG 
legacy
Issue Vul ID: V-222936 STIG is flagged when Java Security Managers are not enabled. It states that "The Java Security Manager must be enabled." Environment  DXP 7.1 Resolution Liferay DXP does not currently support...
Duplicate user errors when setting up a SAML Authentication to replace an existing Token-Based SSO
legacy Troubleshooting
Issue When trying to set up a SAML authentication to replace existing Token-Based SSO, there are errors that populate stating that the user and/or email address is already in use.  A user with company 1xxxx and email...
Can I integrate an additional Captcha Engine?
legacy
Issue Currently, Liferay offers 2 Captcha Engines out of the box: Simple Captcha and Google reCaptcha 2 We would like to use another Captcha service.   Environment Liferay DXP 7.4   Resolution At the moment it is not...
Malware detected in Liferay Bundle - eicar.jpg
legacy
Issue We were notified of a possible malware infection. The location is my extracted source code of a Liferay DXP bundle. The file in question is eicar.jpg Environment Liferay DXP 7.4 Resolution EICAR files can...
The Liferay is vulnerable to the CVE-2023-4863?
legacy
Issue How can I mitigate vulnerability with CVE-2023-4863 regarding Liferay DXP? Environment All environments. Resolution Liferay does not use the libwebp library, so are not vulnerable to CVE-2023-4863. ...
Is Liferay vulnerable to CVE-2023-33946
legacy Troubleshooting
Issue I would like to know if Liferay is vulnerable to CVE-2023-33946? Environment Liferay DXP 7.4 U1-U48 Resolution Yes, the Liferay is vulnerable to this CVE, the resolution is update to Liferay 7.4 U49 (or...