Search Results

All Results 437
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
The Liferay is vulnerable to the CVE-2023-4863?
legacy
Issue How can I mitigate vulnerability with CVE-2023-4863 regarding Liferay DXP? Environment All environments. Resolution Liferay does not use the libwebp library, so are not vulnerable to CVE-2023-4863. ...
Is Liferay vulnerable to CVE-2023-33946
legacy Troubleshooting
Issue I would like to know if Liferay is vulnerable to CVE-2023-33946? Environment Liferay DXP 7.4 U1-U48 Resolution Yes, the Liferay is vulnerable to this CVE, the resolution is update to Liferay 7.4 U49 (or...
Does Apache Log4j Vulnerability CVE-2021-44832 affect Liferay ?
legacy Troubleshooting
Issue The Liferay uses the log4j-core Library which was reported to have a vulnerability. Environment Liferay DXP 7.1 Liferay DXP 7.2 until fix-pack 16 Liferay DXP 7.3 until SP3 Resolution Yes, the Liferay is...
LDAP Related Queries
legacy
Issue If the password is changed in the Active Directory, the user will still be able to log in to DXP? If we delete the user from Active Directory, the user will still be able to log in to DXP? How to import/ export...
Will a curl vulnerability impact Liferay DXP?
legacy
Issue There have been security announcements that are deemed to be a high-risk vulnerability that is caused by curl 8.4.0.   Environment DXP 7.3 Resolution Liferay DXP does not use the libcurl library. In conclusion,...
Setting up Liferay as both IDP and SP (SAML)
legacy How To
Issue This article outlines how to configure two Liferay DXP bundles for SAML authentication with one functioning as the Service Provider (SP) and the second as the Identity Provider (IdP). Environment DXP...
Updating React dependencies to later version
legacy
Issue As part of the security audit, the old version of the React might be vulnerable to attacks. Is there a way to hide the React version that Liferay displays? Environment Liferay DXP 7.3 Resolution At this...
Vulnerability in CKeditor 4.18.0
legacy Troubleshooting
Issue In Liferay, a vulnerable version of CKEditor 4.18.0 is being used. The vulnerability CVE-2023-28439 is present in the CKEditor versions less than 4.21.0. Environment Liferay DXP 7.0+ Resolution The observed...
Differentiate multiple Identity Provider when click on the Sign-in button
legacy
Issue How the user can login to specific IDP when multiple IDPs are configured on the portal? Environment Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Resolution While using...
CSP headers are not working on DXP-7.4
legacy Troubleshooting
Issue Trying to attempt to work with the CSP feature, which is present in update 90 under feature flags, but users are still experiencing issues where they are unable to edit the page and it is continuously...
Is There A Way To Verify ClamAV Integration With Liferay?
legacy Troubleshooting
Issue We followed the instructions below to enable document virus scanning, but we do not see any way to confirm the ClamAV integration was successful or that file scans are occurring when new files are uploaded to...
How is AntiSamy configured?
legacy
Issue We configured AntiSamy to santize Web Content articles. We would like to understand how AntiSamy works and what parts are expected to be removed in Web Content articles. Environment DXP 7.0+ Resolution In the...
Force Authentication in SAML requiring reauthentication in SP
legacy How To
Issue With SAML and Force Authentication enabled, I am required to reauthenticate requests from the SP Environment DXP 7.3, 7.4 Resolution This behavior is intended, but to avoid manual reauthentication in this...
How long does the content remain in the CDN cache?
legacy
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue What is the policy for cleaning and updating content...
Is there a way identify When was the user Deactivated and by Whom?
legacy How To
Issue Is there a possible way to find out when was the exact date the Liferay user was deactivated and by whom? Environment Liferay DXP 7.3 Liferay DXP 7.4 Resolution Please run the attached Groovy script to get a...
How can I access OpenIdConnectProvider classes in 7.4 U34+?
legacy How To
Issue The Liferay classes com.liferay.portal.security.sso.openid.connect.OpenIdConnectProvider; and com.liferay.portal.security.sso.openid.connect.OpenIdConnectProviderRegistry; were removed in U34+...
User enumeration attack via response time
legacy Troubleshooting
Issue It is possible to determine if an email address is valid or not (i.e., user enumeration) by comparing the request's response time. This can be done by checking the browser's network tab and comparing...
How do we Toggle Requirement for Strangers to Verify their Email Address
legacy How To
Issue How do we toggle the requirement for strangers to verify their email address  Environment DXP 7.4 Resolution This setting can be toggled by going to: Instance Settings > User Authentication. From here, you can...
How to reduce difficulty on captcha for Liferay DXP 7.2
legacy Troubleshooting
Issue The captcha generated in the login is unreadable, even for humans. Environment Liferay DXP 7.2 Resolution Go to System Settings > Security Tools. Find and delete the following properties: ...
Relay state exceeds 80 bytes
legacy Troubleshooting
Issue After configuring SAML, I see Relay state exceeds 80 bytes WARN messages in the logs. How can I prevent the transmission of relay states larger than 80 bytes? Environment DXP 7.X Resolution This issue was...