Search Results

All Results 433
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Redirecting to login page when authenticated via SAML returns a 500 error
legacy Troubleshooting
Issue Navigating to to the login page /c/portal/login on the SP throws a 500 error when already logged in through SAML. Environment DXP 7.3 DXP 7.4 Resolution This is a known issue affecting DXP 7.4 U80 and lower and...
Vulnerability on spring-web
legacy
Issue The security scanner flagged the Liferay with the security vulnerability due to the JAR containing the vulnerable classes, reported here CVE-2016-1000027. Environment Liferay DXP 7.4 Resolution It's been...
GDPR-compliant 3rd party cookie handling in 7.3
legacy
Issue Can you backport GDPR-compliant 3rd party cookie handling to 7.3 SP3?  Environment The feature got implemented in DXP 7.4.13-u66. Backporting this feature to 7.3 is not feasible. Resolution There are 3 options...
Database Permissions Required for Liferay
legacy
Issue Could you please provide us with a list of Database Permissions required for Liferay to function? (We are optimizing our application security concerning the Database) Environment Liferay DXP 7.1...
LOGOUT event is not added to Audit Table
legacy Troubleshooting
Issue LOGOUT event is not being audited when SAML SLO is enabled. Environment Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Resolution This happens because LogoutPreAction and LogoutPostAction classes do not get...
Unable to process OpenID Connect authentication response: Requested value and approved state do not match
legacy
Issue From time to time, error messages like the following appear in logs: 2024-02-14 13:31:55.099 ERROR [http-nio-8080-exec-120][OpenIdConnectFilter:132] Unable to process OpenID Connect authentication response:...
Setting up Liferay as both IDP and SP (SAML)
legacy How To
Issue This article outlines how to configure two Liferay DXP bundles for SAML authentication with one functioning as the Service Provider (SP) and the second as the Identity Provider (IdP). Environment DXP...
Updating React dependencies to later version
legacy
Issue As part of the security audit, the old version of the React might be vulnerable to attacks. Is there a way to hide the React version that Liferay displays? Environment Liferay DXP 7.3 Resolution At this...
Will a curl vulnerability impact Liferay DXP?
legacy
Issue There have been security announcements that are deemed to be a high-risk vulnerability that is caused by curl 8.4.0.   Environment DXP 7.3 Resolution Liferay DXP does not use the libcurl library. In conclusion,...
Is it Liferay vulnerable to the Log4j Vulnerability CVE-2019-17571?
legacy
Issue After search in the following folder:/tomcat/webapps/ROOT/WEB-INF/lib/log4j-extras.jar is notice that the log4 is available as part of product, so the Liferay is it vulnerable to this lib? Environment All...
Nested Azure AD Groups are not assigned to Liferay groups
legacy Troubleshooting
Issue You want to assign Liferay user groups via dynamic Azure AD groups when logging in with SAML. For this, certain rules of Azure AD groups are in place based on your needs. There might be an issue where nested...
Vulnerability in CKeditor 4.18.0
legacy Troubleshooting
Issue In Liferay, a vulnerable version of CKEditor 4.18.0 is being used. The vulnerability CVE-2023-28439 is present in the CKEditor versions less than 4.21.0. Environment Liferay DXP 7.0+ Resolution The observed...
Differentiate multiple Identity Provider when click on the Sign-in button
legacy
Issue How the user can login to specific IDP when multiple IDPs are configured on the portal? Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Resolution While using...
Is SELinux compatible with Liferay DXP 7.4?
legacy
Issue Is SELinux configuration compatible with Liferay DXP 7.4? Environment Liferay DXP 7.4 Running on one of the supported Operating Systems Resolution It is possible to set up SELinux to work with Liferay DXP 7.4 It is up to...
Insecure Cross Document Messaging
legacy Troubleshooting
Issue Cross Document Messaging (also known as Web Messaging) introduced the postMessage() method, with which plaintext messages can be sent cross-origin. It consists of two parameters: “message”, and...
Can Liferay be affected by the IceApple framework?
legacy
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue CrowdStrike’s Falcon Overwatch has discovered a...
How to Update Webserver Credentials
legacy How To
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue I would like to change my webserver login credentials....
OAuth 2.0 with Kerberos
legacy Troubleshooting
Issue You might encounter an issue where after the SSO setup, you start having problems with OAuth 2.0 and the call to /o/oauth2/token is failing with a "401 Unauthorized error". Also if you use Apache you might...
How to protect the portal against Bootstrap: CVE-2019-8331 vulnerability
legacy How To
Issue Liferay 7.0 uses a Bootstrap versión that has this vulnerability: CVE-2019-8331 - XSS is possible in the tooltip or popover data-template attribute. Bootstrap issue 20184 - XSS in data-target attribute....
InvalidNameIDPolicy errors
legacy Troubleshooting
Issue The following error occurs while configuring Liferay as SP and ADFS as Idp. At Liferay