Search Results

All Results 435
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Vulnerability in Apache Tomcat (CVE-2023-46589)
legacy Troubleshooting
Issue This security vulnerability (CVE-2023-46589) has been reported, and it is fixed in Tomcat 9.0.83. However, our current Liferay DXP 7.4 update 67 has a 9.0.71 Tomcat version. Environment Liferay DXP 7.4...
Liferay 6.2 EE 173 and CVE-2024-25145
legacy
Issue We have found the following article CVE-2024-25145 Stored XSS with search results if highlighting is disabled, however it does not specify whether Liferay 6.2 EE 173 is affected or not. Environment Liferay 6.2 EE...
Can SAML be used to send an attribute that can be used to assign site roles?
legacy
Issue Currently, SAML is not designed to be utilized to send an attribute that can be used to assign site roles. Environment Quarterly Releases Resolution This is an ongoing task, LPD-6336, for Liferay. Liferay is...
OpenID Connect Error - "Signed JWT rejected" with CAS
legacy Troubleshooting
Issue When configuring authentication using OpenID Connect, login fails and the following error is reported: Unable to validate tokens: Signed JWT rejected: Another algorithm expected, or no matching key(s) found...
/c/ redirects to login page
legacy
Issue When the user tries to access the URL: 'http://localhost:8080/c/', even if the 'c' page doesn't exist, it redirects to the login page instead of a 404 page not found. Environment Liferay DXP [all versions]...
Log messages for Stored XSS vulnerabilities
legacy Troubleshooting
Issue We would like to know whether there are any strings to search for in log files, to check if any of the following vulnerabilities have been exploited in our environment? LSV-1237 / CVE-2023-42628 LSV-1236 /...
Getting 'DuplicateSamlIdpSsoSessionException' in the Debug Logs
legacy Troubleshooting
Issue Users are facing intermittent login issues in the SAML environment; however, the below error is observed frequently in their log files: DEBUG [default task-73687][BaseSamlStrutsAction:61] null...
Security Vulnerability CVE-2023-28708
legacy How To
Issue This security vulnerability (CVE-2023-28708) has been reported, and it is fixed in Tomcat 9.0.72. However, our current Liferay DXP 7.3 SP1 has a 9.0.40 Tomcat version. Environment Liferay DXP 7.3 Resolution...
Error "Invalid site key" when using reCAPTCHA v3
legacy Troubleshooting
Issue When configuring reCAPTCHA v3 and testing it on the "Forgot Password" page, the following error message is reported: "ERROR for site owner: Invalid site key". Environment Liferay DXP 7.2+ Resolution Liferay...
How to enable cookies and the banner, consent panel
legacy How To
Issue How to enable the cookie preference handling as well as the configuration options for both the banner and the consent panel. Environment Liferay DXP 7.4 Resolution This feature was introduced in the Liferay...
SAML Sessions remain Active despite Logout in Liferay
legacy Troubleshooting
Issue We have integrated SAML with our Liferay configuration. We have noticed that after a User logs out, their session remains active in Liferay. Environment Liferay DXP 7.3 Resolution This issue may occur if the...
Requests to Liferay with an invalid HOST request HTTP header returns the default site
legacy Troubleshooting
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue Requests to Liferay with an invalid HOST request...
Access-control-allow-origin CORS Header not honoring System setting Configuration
legacy
Issue When configuring CORS headers in System Settings we are seeing that access-control-allow-origin header doesn't always have the configured value. Environment Liferay DXP 7.4 Resolution According to the...
Security Managers, Vul ID: V-222936 STIG 
legacy
Issue Vul ID: V-222936 STIG is flagged when Java Security Managers are not enabled. It states that "The Java Security Manager must be enabled." Environment  DXP 7.1 Resolution Liferay DXP does not currently support...
Duplicate user errors when setting up a SAML Authentication to replace an existing Token-Based SSO
legacy Troubleshooting
Issue When trying to set up a SAML authentication to replace existing Token-Based SSO, there are errors that populate stating that the user and/or email address is already in use.  A user with company 1xxxx and email...
LDAP Related Queries
legacy
Issue If the password is changed in the Active Directory, the user will still be able to log in to DXP? If we delete the user from Active Directory, the user will still be able to log in to DXP? How to import/ export...
Will a curl vulnerability impact Liferay DXP?
legacy
Issue There have been security announcements that are deemed to be a high-risk vulnerability that is caused by curl 8.4.0.   Environment DXP 7.3 Resolution Liferay DXP does not use the libcurl library. In conclusion,...
Vulnerability in CKeditor 4.18.0
legacy Troubleshooting
Issue In Liferay, a vulnerable version of CKEditor 4.18.0 is being used. The vulnerability CVE-2023-28439 is present in the CKEditor versions less than 4.21.0. Environment Liferay DXP 7.0+ Resolution The observed...
Nested Azure AD Groups are not assigned to Liferay groups
legacy Troubleshooting
Issue You want to assign Liferay user groups via dynamic Azure AD groups when logging in with SAML. For this, certain rules of Azure AD groups are in place based on your needs. There might be an issue where nested...
Differentiate multiple Identity Provider when click on the Sign-in button
legacy
Issue How the user can login to specific IDP when multiple IDPs are configured on the portal? Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Resolution While using...