Site Search - Liferay Learn

Why can't I see the name of the resource in the Audit app?

Issue I am an Administrator in Liferay DXP Someone deleted an asset (for example an Organization) I check the events in the Audit app (Control Panel > Configuration > Audit) I open the delete event I can only see the...

Impact of Google Chrome 80 and changes in the default behavior of the SameSite cookie setting on SAML

legacy Troubleshooting

Issue Updated (May 31, 2021): The behavior is enabled by default since Chrome 84. Updated (April 3, 2020): Chrome is Temporarily rolling back SameSite Cookie Changes Updated (June 12, 2020): Added information about...

Why certain Security Headers are not included in the HTTP Request and Response of Liferay DXP

legacy

Issue The following headers are missing in Liferay: Missing ”X-Content-Type-Options” header Missing ”X-XSS Protection” header Missing ”X-Frame-Options” header Missing ”Content-Security-Policy” header...

Encryption keys can be used at Liferay

legacy How To

Issue How to disable/stop using DES as it possesses Security Threat. Environment Liferay DXP 7.0 Resolution Encryption keys can be used at Liferay end are: # For more details about encryption keys, see the Java...

Can SAML or LDAP be accessed via Liferay APIs?

legacy

Issue We would like to remotely configure SAML and/or LDAP authentication using Liferay APIs. Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Resolution Neither SAML or LDAP APIs are publicly exposed...

Configuring Liferay to display CAPTCHA's with numbers only - 7.2

Issue Configuring Liferay to display CAPTCHA's with numbers only instead of alphanumeric characters. Environment This issue affects Liferay 7.2 Resolution While the default CAPTCHAs in Liferay generated by...

Will Liferay DXP 7.1 support X-Frame-Options, X-XSS-Protection, X-Content-Type-Options headers?

legacy How To

Issue Will Liferay DXP 7.1 support X-Frame-Options, X-XSS-Protection, X-Content-Type-Options headers? If yes, how to enable the same. Environment Liferay DXP 7.1 Resolution Liferay DXP 7.1 is already...

Security Vulnerability: Remote-Code-Execution (RCE) With ImageMagick

legacy Troubleshooting

Issue Symptom: CVE-2016-3714 - Insufficient shell characters filtering leads to potentially remote-code-execution vulnerability in ImageMagick. Environment ImageMagick before 6.9.3-10...

Import nested groups and users from Microsoft Active Directory

legacy How To

Issue What configuration is needed in Liferay so that the nested groups and the users are imported from AD? Environment DXP 7.2 DXP 7.1 DXP 7.0 Resolution Change the User attribute of the Group Mapping in the LDAP server...

Users are being logged in as some other user

legacy Troubleshooting

Issue When any user logs into the portal, they see the user profile of another user instead of seeing their own profile. Environment Liferay DXP 7.0 Resolution There are usually two root causes for the...

Disabling the Authentication System and Delegating It to an LDAP Server

legacy How To

By default, the Liferay platform always uses its own authentication system that checks and validates the user password in its own database. Even if you enable LDAP settings and set it...

Spring Framework Security Vulnerabilities: CVE-2018-1270, CVE-2018-1271, CVE-2018-1272

legacy

QUESTION: How are Liferay Digital Enterprise 7.0 and Liferay Portal affected by the Spring Framework Vulnerabilities: CVE-2018-1270, CVE-2018-1271, and CVE-2018-1272? Resolution Impact to Liferay CVE-2018-1270: Liferay...

Defining Encryption Algorithms for Passwords Stored in the Database

legacy How To

By default, Liferay encrypts the passwords that go into the database. The default algorithm is SHA-1 in 6.0 and 6.1 versions, which changed to PBKDF2WithHmacSHA1/160/128000 in version...

Elasticsearch and Liferay Enterprise Search Security Advisory: CVE-2018-3831

legacy

CVE-2018-3831 reports that, "Elasticsearch Alerting and Monitoring in versions before 6.4.1 or 5.6.12 have an information disclosure issue when secrets are configured via the API. The Elasticsearch _cluster/settings...

Open LDAP setup guide

legacy How To

Liferay Support does not recommend or endorse specific third-party products over others. Liferay is not responsible for any instructions herein or referenced regarding these products. Any implementation of these principles...

Java NPEs in the Console When Refreshing the CAPTCHA Image

legacy Troubleshooting

This article documents a known issue where refreshing the CAPTCHA image causes a Java NullPointerException (NPE) to be triggered. Please note that the CAPTCHA image will still be refreshed. Steps to Reproduce Start the...

Avoiding Authentication Errors With IE8 and IE9

legacy Troubleshooting

This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. When a session of Liferay times-out, an...

Apache Struts 2 Vulnerability: CVE-2017-9805 and CVE-2017-12611 - REST XStream FreeMarker

legacy

The following Common Vulnerabilities and Exposures (CVE) have been reported for Apache Struts 2: CVE-2017-9805 CVE-2017-12611 CVE-2018-1327 - REST XStream FreeMarker CVE-2018-11776 How are Liferay DXP (both 7.0 and...

JSESSIONID Changes as Part of Liferay Security

legacy

This article documents Liferay's position regarding the Session Identifier (JSESSIONID), including how and why a new JSESSIONID is generated. Resolution Customers doing their own security scan of the Liferay platform...

Excluding User Groups Not Part of the BaseDN In LDAP Import

legacy How To

This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. In older versions of Liferay Portal...

Search Results