Search Results

All Results 435
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
The users imported from LDAP cannot change their password
legacy Troubleshooting
Issue The users who were imported from LDAP cannot modify their passwords from My Account. Environment All Liferay DXP environments Resolution Make sure that LDAP Export option is enabled. Ensure that the credentials...
Web Server keeps asking for basic authentication when using a Client Extension that makes a request via OAuth to Liferay API
legacy Troubleshooting
Issue A Web Server before the Liferay environment is configured with Basic Auth. Liferay uses a Client Extension (CX) that makes a request to a Liferay API using OAuth. When the page using the CX is loaded, the Web...
Microsoft Azure Key Vault with Liferay DB
legacy How To
Issue Can we use Azure Key Vault with DB setup configuration in Liferay instead of having it in plain text in the properties file? Is there any way to configure the DB in Liferay using Azure Key Vault? How we can use...
'Email Account Activity: New Sign-In detected for your account' received which is an unwanted email
legacy
Issue Receiving unwanted email notifications like "Your email account abc@xyz.org.in was signed into from a new location, device, browser, or application" from GoDaddy. Below are the details received:   From:...
Tomcat Vulnerability Impact (CVE-2023-28708)
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...
Liferay's OpenID Connect implementation does not account for language variations for ui_locales
legacy
Issue Liferay's OpenID Connect implementation does not account for language variations for ui_locales. For example, Selecting English (United States) on Liferay sets ui_locales to en. Selecting Chinese (either Traditional...
Observing 'Your connection is not private' Warning on Help Center Downloads
legacy Troubleshooting
Issue When trying to download a quarterly release from Liferay's Help Center we are getting a browser error that says 'Your connection is not private... Attackers might be trying to steal your information...'...
Is Liferay Affected by CVE-2023-49070?
legacy
Issue How can I mitigate vulnerability with CVE-2023-49070 regarding Liferay DXP? Environment All environments. Resolution Liferay does not use the Apache OFBiz, so Liferay is not impacted by this vulnerability....
Obfuscating property values and rendering them as asterisks(*****) in the Control Panel.
legacy How To
Issue Certain property values need to be hidden in the Control Panel.  Environment DXP 7.4 Resolution To obfuscate the value of a portal property and have it appear as a string of asterisks (****) in the Control Panel,...
Is there a way to bypass CAPTCHA without having to disable it?
legacy How To
Issue We will do some Automation tests in our QA environment and would like to know if it is possible to bypass CAPTCHA using configuration settings without having to disable it. Environment Liferay DXP 7.4...
Can we obfuscate HTML of the sites?
legacy
Issue I would like to increase our protection from man in the middle attacks by obfuscating our site's HTML. Is there a method for this already implemented in Liferay? Environment DXP 7.0+ Resolution There is no...
/language showing 403 forbidden url
legacy Troubleshooting
Issue When the user tries to access the URL: 'http://localhost:8080/language', even if the language page doesn't exist, it shows a 403 Forbidden error on UI instead of a 404 page not found. Logs error: ERROR...
Error: Only known users are allowed to sign in using OpenID Connect.
legacy Troubleshooting
Issue You might encounter an error when using OpenID Connect, and users who are not yet been registered to Liferay are unable to login as they are identified as strangers. The error appears as the...
X-Xss-Protection response header is not working in DXP 7.4
legacy
Issue To enable X-Xss-Protection, add the below property in system-ext.properties http.header.secure.x.xss.protection=1; mode=block and restarted the server. But it is not working in the Liferay. Environment...
p_auth token missing from GET request
legacy
Issue After enabling CSRF Tokens, a p_auth token is appended to URLs, as expected. However, we noticed that if we manually remove this from the end of a URL and hit enter, we are still able to access the page,...
After enabling LDAP authentication, administrator users who do not exist in LDAP can log in
legacy
Issue We have enabled LDAP authentication, checking it as required and we have unchecked Ignore User Search Filter for Authentication. With this configuration applied the administrator users can login even if...
Setting sameSite attribute in Cookie for header response on JBoss EAP 7.2
legacy How To
Issue How to add the sameSite attribute as 'Strict' on the cookies JSESSIONID,COOKIE_SUPPORT,GUEST_LANGUAGE_ID on JBoss EAP 7.2 Environment Liferay DXP 7.4 JBoss EAP 7.2 Resolution In JBoss, navigate...
Vulnerability issues related to the EJS version in Fragments Toolkit
legacy Troubleshooting
Issue Vulnerability issues (ejs template injection vulnerability) were reported related to the EJS version inside the yarn.lock file while building fragments using the fragments toolkit. The EJS version is...
Can I integrate an additional Captcha Engine?
legacy
Issue Currently, Liferay offers 2 Captcha Engines out of the box: Simple Captcha and Google reCaptcha 2 We would like to use another Captcha service.   Environment Liferay DXP 7.4   Resolution At the moment it is not...
Malware detected in Liferay Bundle - eicar.jpg
legacy
Issue We were notified of a possible malware infection. The location is my extracted source code of a Liferay DXP bundle. The file in question is eicar.jpg Environment Liferay DXP 7.4 Resolution EICAR files can...
The Liferay is vulnerable to the CVE-2023-4863?
legacy
Issue How can I mitigate vulnerability with CVE-2023-4863 regarding Liferay DXP? Environment All environments. Resolution Liferay does not use the libwebp library, so are not vulnerable to CVE-2023-4863. ...
Is Liferay vulnerable to CVE-2023-33946
legacy Troubleshooting
Issue I would like to know if Liferay is vulnerable to CVE-2023-33946? Environment Liferay DXP 7.4 U1-U48 Resolution Yes, the Liferay is vulnerable to this CVE, the resolution is update to Liferay 7.4 U49 (or...
Does Apache Log4j Vulnerability CVE-2021-44832 affect Liferay ?
legacy Troubleshooting
Issue The Liferay uses the log4j-core Library which was reported to have a vulnerability. Environment Liferay DXP 7.1 Liferay DXP 7.2 until fix-pack 16 Liferay DXP 7.3 until SP3 Resolution Yes, the Liferay is...
Is it Liferay vulnerable to the Log4j Vulnerability CVE-2019-17571?
legacy
Issue After search in the following folder:/tomcat/webapps/ROOT/WEB-INF/lib/log4j-extras.jar is notice that the log4 is available as part of product, so the Liferay is it vulnerable to this lib? Environment All...
Setting up Liferay as both IDP and SP (SAML)
legacy How To
Issue This article outlines how to configure two Liferay DXP bundles for SAML authentication with one functioning as the Service Provider (SP) and the second as the Identity Provider (IdP). Environment DXP...
Updating React dependencies to later version
legacy
Issue As part of the security audit, the old version of the React might be vulnerable to attacks. Is there a way to hide the React version that Liferay displays? Environment Liferay DXP 7.3 Resolution At this...
High CPU utilisation while using script to login users continuously
legacy Troubleshooting
Issue Facing high CPU utilization while logging-in high number of users per minute continuously (24x7) using username-password authentication, mostly while fetching data using some scripts. Environment Liferay DXP...
How long does the content remain in the CDN cache?
legacy
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue What is the policy for cleaning and updating content...
Security Issue Concerning Google Guava Versions 1.0 to 32
legacy How To
Issue There is a present vulnerability with Google Guava that affects the versions from 1.0 to 31.1. Liferay is currently bundled with Guava. It has been reported that...
User enumeration attack via response time
legacy Troubleshooting
Issue It is possible to determine if an email address is valid or not (i.e., user enumeration) by comparing the request's response time. This can be done by checking the browser's network tab and comparing...
How to reduce difficulty on captcha for Liferay DXP 7.2
legacy Troubleshooting
Issue The captcha generated in the login is unreadable, even for humans. Environment Liferay DXP 7.2 Resolution Go to System Settings > Security Tools. Find and delete the following properties: ...
Relay state exceeds 80 bytes
legacy Troubleshooting
Issue After configuring SAML, I see Relay state exceeds 80 bytes WARN messages in the logs. How can I prevent the transmission of relay states larger than 80 bytes? Environment DXP 7.X Resolution This issue was...
CVE-2023-33950
legacy Troubleshooting
Issue We would like to determine whether Liferay is vulnerable to CVE-2023-33950 The CVE claims that Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allow regular...
How to verify the current Implementation version of log4j.jar file
legacy How To
Issue We would like to verify the implementation version of a log4j.jar file, either to verify the application of an update or to assess current vulnerability.  Environment DXP 7.3, DXP 7.4 Resolution You can find the...
Does Liferay support more than one SAML connection?
legacy
Issue Can Liferay connect to more than one Service or Identity Provider? Environment  DXP 7.0  DXP 7.1  DXP 7.2  DXP 7.3  DXP 7.4 Resolution Yes, Liferay does support more than one SAML or Identity Provider...
How can we set the requireSSL property?
legacy How To
Issue How can we enable the requireSSL attribute in Liferay? Environment Liferay DXP 7.0+ Resolution You can set that in your JDBC properties:...
Does having a script in the Analytics section qualify as a potential XSS vulnerability?
legacy
Issue We can put Javascript code in the Matomo (DXP 7.4) or Piwiki (DXP 7.0-7.3) field where the code can be executed on every other page Go to a Site's Configuration -> Site Settings -> Analytics Under the...
SSO SP connection doesn't send unauthenticated users to /c/portal/login
legacy How To
Issue Once we setup a SAML SP connection, the SAML adapter doesn't recognize unauthenticated users and redirect them to /c/portal/login Environment DXP 7.4 Resolution This is intended behavior with the “Prompt Enabled”...
User is redirected to the 404 page instead of the login page when the session expires.
legacy How To
Issue The user is not prompted for login but to a 404 page when navigating in pages with restricted access if the user session expires or, if the user is not logged in and tries to access directly the url. ...
Unable to process SAML request
legacy Troubleshooting
Issue Some users are unable to login via SAML Steps to reproduce: Login User for the first time The user gets logged-in successfully Now, log out and try logging in again Result: Throws unable to process SAML...