Search Results

All Results 435
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
ワンタイムパスワードが使用できなくなりました。
legacy
, knowledgeArticleType: reference, legacy: true, name: ワンタイムパスワードが使用できなくなりました。, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 96077, title: ワンタイムパスワードが使用できなくなりました。
LDAP連携の、認証検索絞り込みに利用可能なトークンの種類
legacy
, knowledgeArticleType: reference, legacy: true, name: LDAP連携の、認証検索絞り込みに利用可能なトークンの種類, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: , title:...
LDAPからのユーザーインポートについて
legacy How To
, knowledgeArticleType: howTo, legacy: true, name: LDAPからのユーザーインポートについて, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: , title: LDAPからのユーザーインポートについて
User ID's and Emails populating due to SSTI vulnerability
legacy Troubleshooting
Issue We've found an undesirable behvavior when using new widget templates on a page. When using the expandoColumnLocalService.CTPersistence.openNewSession(null) function, the the direct SQL query execution within...
Is it Possible to Require an Administrator to Enter Their Password When Changing a User's Password?
legacy
Issue When I want to updates a user's password as an administrator, the system does not require to re-enter my own password for authentication. This is inconsistent with other actions, such as updating a screen...
Password Reset Link Immediately Shows as 'No Longer Valid'
legacy Troubleshooting
Issue When a user requests a password reset, the link in the notification email leads to an error page stating, "Your password reset link is no longer valid." This occurs even if the link is clicked immediately...
StaleStateException Error During Startup with OpenID Connect Configuration
legacy Troubleshooting
Issue During a Liferay DXP startup, the following error message appears in the logs, related to OpenID Connect provider configuration: ERROR [...][BatchingBatch:139] HHH000315: Exception executing batch...
Workflow Task URL for Unauthorized User Returns 404 Instead of Login Page
legacy Troubleshooting
Issue When an unauthorized user attempts to access a workflow task URL, they are shown a 404 error page instead of being redirected to the login page. This issue specifically occurs when the URL follows the...
OAuth2 Token sometimes gets 401 response
legacy Troubleshooting
Issue Sometimes users are unable to log in because their OAuth2 tokens receive a 401 "Unauthorized" response. This seems to happen randomly, and the tokens should be valid. Environment Liferay DXP Resolution...
Despite the fix "Relay state exceeds 80 bytes" error and redirections to IDP
legacy Troubleshooting
Issue Despite the fix "Relay state exceeds 80 bytes" error and redirections to IDP We found this article and had a hotfix with LPS-76246 We found that the fix is not applied correctly. Environment Liferay DXP 7.3...
Time-Based Authenticator QR Code Not Populating
legacy Troubleshooting
Issue When trying to set up the QR Code for MFA settings, following this documentation Multi-Factor Authentication Checkers, we've found that the QR code doesn't populate. It should be populating under "Shared...
Node.js Version for Client Extension Development and Handling Security Vulnerabilities
legacy
Issue When developing client extensions with React for Liferay DXP 2024.Q4 or newer, what is the recommended Node.js version? The official compatibility matrix suggests Node.js version 20.12.2, but this version...
Logging to application always taking to home page instead of request url
legacy Troubleshooting
Issue We are encountering an issue where users are consistently redirected to the application's homepage immediately following SAML authentication, even when an alternative page was initially requested. Environment...
Is Liferay affected by CVE-2024-6783?
legacy
Issue After performing a security scan, a Vue.js vulnerability reported as CVE-2024-6783 is identified. Environment Liferay DXP 7.4 - Quarterly Releases Resolution Liferay is not impacted by CVE-2024-6783 as Liferay DXP...
I received the following error in the log: Feature flag LPD-10588 is not available for company 0
legacy Troubleshooting
Issue After upgrading to 2025.q1.6-lts, I received the following error in the log: Feature flag LPD-10588 is not available for company 0 Environment Liferay Quarterly Release 2025.q1.6-lts Resolution The case has been...
Callback URL of OAuth2 application created via client extension resets after server restart
legacy
Issue After restarting the server, the callback URL for OAuth2 applications created via client extensions, gets reset to the default @protocol@://localhost@port-with-colon@/o/oauth2/redirect, instead of the...
Cross-Site Scripting: Reflected
legacy
Issue A Cross-Site Scripting (XSS) vulnerability was detected in the web application. Cross-Site Scripting occurs when dynamically generated web pages display user input, such as login information, that is not...
Authenticated users with no permission to access Control Panel can navigate to /control_panel/manage with the message: Please select a tool from the left menu.
legacy
Issue I have an issue with authenticated users who do not have privilege to access the Control Panel. A user with no specific role (Only User role), when navigating to /control_panel/manage gets redirected to a page...
Organization's users exposed in UI when modifying groupID in Request Body
legacy Troubleshooting
Issue An organization's member list can be seen by manipulating the role member assign(groupID) in a request. Here are the steps to reproduce: Setup browser proxy to 127.0.0.1:8180. For example with Chrome, navigate to...
Is Liferay Affected by CVE-2025-29927?
legacy
Issue Is Liferay affected by vulnerability CVE-2025-29927?   Environment Liferay DXP Quarterly Releases   Resolution The vulnerability CVE-2025-29927 is related to Next.js, a technology not used by Liferay as a...
Property "redirect.url.security.mode" has invalid value: domain,domain
legacy Troubleshooting
Issue After setting the property redirect.url.security.mode=domain we are now seeing WARN messages such as Property "redirect.url.security.mode" has invalid value: domain,domain Environment Liferay DXP Resolution Please...
Audit portlet only available for Administrators
legacy How To
Issue After upgrading to U78+ you might encounter a behavior where the Audit portlet is only available for Administrators, whereas before U78 you could create a regular role with access to it The reason behind this...
Can we set different instance configurations on sites?
legacy
Issue Can we have different instance level settings like One-Time-Password or Multi-Factor Authentication configurations applied on different sites in the same virtual instance? Environment DXP 7.3+ Resolution The...
How to configure email sender and email logging for Multi-Factor Authentication?
legacy How To
Issue I would like to understand where sender email address for Multi-Factor Authentication comes from. I would like to set the log levels so I can see when emails are sent. Environment Liferay DXP 7.4 Resolution Set...
"Unable to extend the HTTP session" WARN logs
legacy Troubleshooting
Issue These warnings are frequently found in the logs:  Unable to extend the HTTP session. or Unable to extend the HTTP session. Review the portal property "session.timeout" if this warning is displayed...
Is it possible to add additional columns to the CSV Log Message Formatter system setting?
legacy
Issue While looking into configuring CSV Log Auditing for an environment, our team noticed that the CSV Log Message Formatter system setting (within System Settings > Audit) has +/- buttons to add/remove columns. Is...
How to add security, authentication to my REST service?
legacy How To
Issue We developed a REST service and it works. But we need endpoint security. At the moment it is available without any credentials. We do not want to give access to a REST Web service without credentials.  How can...
LDAP settings and upgrading from 5.2.x to 6.x
legacy Troubleshooting
This article pertains to portals in which LDAP is configured in Liferay Portal 5.2.x and an upgrade is performed. When a user attempts to login, an error is thrown, and the user is not...
User's group membership not updating with LDAP after upgrading to Liferay Portal 6.0 EE SP2
legacy Troubleshooting
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. Beginning in Liferay 6.0 EE SP2, the...
Apache Tomcat Security Advisory: CVE-2018-1336
legacy Troubleshooting
General Information CVE-2018-1336 reports that, "an improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service." This...
poi-3.16.jar
legacy Troubleshooting
, knowledgeArticleType: troubleshooting, legacy: true, name: poi-3.16.jar, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 105139, title: ポイ-3.16.jar
'Credential cannot be null' when trying to log in with a customer database
legacy Troubleshooting
, knowledgeArticleType: troubleshooting, legacy: true, name: 'Credential cannot be null' when trying to log in with a customer database, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber:...
How to verify that a Log4j patch has resolved all Log4j vulnerabilities
legacy How To
, knowledgeArticleType: howTo, legacy: true, name: How to verify that a Log4j patch has resolved all Log4j vulnerabilities, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 68123, title:...
Fake SMTP Server for Local Bundle Email Interception
legacy Troubleshooting
, knowledgeArticleType: troubleshooting, legacy: true, name: Fake SMTP Server for Local Bundle Email Interception, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 63413, title: ローカルバンドルメール傍受用偽SMTPサーバ
SAML Plugin
legacy Troubleshooting
, knowledgeArticleType: troubleshooting, legacy: true, name: SAML Plugin , showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 61697, title: SAMLプラグイン
How to remove SSLHandshakeException?
legacy Troubleshooting
, knowledgeArticleType: troubleshooting, legacy: true, name: How to remove SSLHandshakeException?, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 40818, title: SSLHandshakeException を削除するには?
Product Navigation Menu will not close upon Sign Out
legacy
, knowledgeArticleType: troubleshooting, legacy: true, name: Product Navigation Menu will not close upon Sign Out, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 12688, title:...
Email Address Validation for Forgot Password
Issue The Forgot Password option does not validate if the user enters a correct email address. You can enter anything and the field will accept it. Two types of validation are expected: Email format validation (to...
User profile is visible when accessing the /web/test
legacy Troubleshooting
Issue When accessing localhost:8080/web/test, the user profile is visible to guest users. The concern is that the user data being accessible to guest users poses a security threat. Environment Liferay DXP 7.4...
Password syntax checking error does not appear when configuring with Minimum Lowercase 1 when creating a new account
Troubleshooting
Issue I have an issue with checking the password syntax. When they configure the password syntax with Minimum Lowercase 1, Minimum Symbols 1, and Minimum Uppercase 1, try to create an account for a guest user, type a...
How to allow unauthenticated (guest user) requests for GraphQL
Troubleshooting
Issue I implemented ReactJS Widget that relies on GraphQL requests for custom object values, with a widget exposing object entries to the public. However, unauthenticated GrapQL requests are disabled by default and...
Tomcat's vulnerability CVE-2023-44487
legacy
Issue Is DXP 7.4 affected by Tomcat's Rapid Reset CVE-2023-44487? Environment Liferay DXP 7.4 Resolution If user is not using Tomcat with DXP, then it is not affected by “Tomcat's Rapid Reset CVE-2023-44487”. If...
Vulnerabilities reported in classes generated by Liferay Service Builder
legacy Troubleshooting
Issue While performing security scans, there are vulnerabilities found in custom classes that are generated by Liferay Service Builder. Environment Liferay DXP 7.4 Resolution Sometimes, these warnings are...
Is there a release date for implementing the Content Security Policy (CSP) at Liferay?
legacy
Issue If CSP is in beta mode, how is Liferay protecting its system from vulnerability? Is there a timescale for when the CSP will be fully deployed in the portal? Once the CSP has been successfully implemented,...
How to change the generated OTP from alphanumeric to numeric in multi-factor authentication?
legacy How To
NOTE: The following resolution requires customization and should only be implemented at the discretion of your team. Liferay Support will not be able to assist with designing or implementing customizations. Issue...
Vulnerability CVE-2024-52046 in Liferay DXP
legacy How To
Issue Is Liferay vulnerable to the vulnerability described in CVE-2024-52046? Environment Liferay DXP 7.3 and above Resolution Liferay uses the affected Apache Mina library (`mina-core`) only in LDAP-related code. If...
Is Liferay Vulnerable to CVE-2023-45960?
legacy
Issue I would like to know if Liferay is vulnerable to CVE-2023-45960?  Is Liferay affected by CVE-2023-45960? Environment Quarterly Release 2024.Q1.7 Resolution The NIST listing for CVE-2023-45960 has been withdrawn and...
Enabling real-time antivirus scanning without asynchronous background scans
legacy How To
Issue We would like to enable real-time antivirus scanning for uploaded files but disable asynchronous background scanning of the document library. The issue arises because: Enabling...
Embedding videos using basic web content
legacy Troubleshooting
Issue When we try to embed a video using <iframe> tags, during the creation the video displays, however after publishing the content and editing it again, the video is not displayed anymore and the source is updated...
Liferay Throws java.lang.ClassCastException: class org.apache.xerces.parsers on Login
legacy Troubleshooting
Issue Liferay throws a ClassCastException after upgrading, the upgrade logs show no errors.  Liferay throws an error after non-graceful shutdown ERROR [http-nio-8080-exec-8][AutoLoginFilter:247] Current URL...
Is Liferay DXP affected by CVE-2024-38286?
legacy Troubleshooting
Issue Is Liferay DXP affected by CVE-2024-38286? CVE-2024-38286 is an Apache Tomcat vulnerability wherein Apache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by...
[T003] Open redirect in /c/document_library/find_folder with DNS rebinding vulnerability
legacy Troubleshooting
Issue Medium threat found during the performance testing: [T003] Open redirect in /c/document_library/find_folder with DNS rebinding Environment Liferay Quarterly release Resolution The reported concern has been...
Enabling SSO for our Liferay Console prevents logging in with email and password
legacy
Issue After enabling SSO for our Liferay Console, we are no longer able to log in with email and password.  Environment DXP 7.4 Resolution This is expected behavior, as per the Official documentation for SSO: "The first...
HTTP Strict-Transport-Security Header in Liferay
legacy
Issue Is HTTP Strict-Transport-Security Header enabled in Liferay? Environment Liferay DXP 7.4 Resolution Liferay enables HTTP security headers such as 'http.header.secure.x.content.type.options',...
Unable to Cancel Shutdown Event
legacy Troubleshooting
Issue After scheduling a shutdown event, and trying to cancel it, you see an error: "Error:Text verification failed."   When trying to cancel a shutdown event, I'm prompted to input a CAPTCHA, but there is...
A simple example and key factors to check when testing custom OAuth 2.0 applications
legacy How To
Issue You have created an OAuth 2.0 application and would like to set up the minimum configuration to be able to test it. This article provides a simple example that could be adapted to your needs....
OpenID Connect Client Secret field must be filled
legacy Troubleshooting
Issue I configured an OpenID Connect Provider Connection. When I try to login using the OpenID  Connect Client Name, I get an internal server error. In logs, a java exception is thrown: WARN [http...
Residual risk after limiting the usage of unsafe-eval and unsafe-inline
legacy
Issue Can the derivatives unsafe-eval and unsafe-inline be exploited? If yes, how it is done? What is the residual risk associated with this? Can Content Security Policy (CSP) be resolved by adding a reverse...
Is Liferay vulnerable to CVE-2023-50164?
legacy
Issue After running a scan, we received an alert about a possible vulnerability in Liferay. We want to confirm if we are vulnerable to CVE-2023-50164. Environment All environments. Resolution Liferay is not...
Deprecation of Liferay Sync
legacy
Issue I'd like to inquire about the support for Liferay 7.4 in the Liferay Sync. Currently, the Compatibility Matrix only lists support for Liferay DXP 7.3. Environment Liferay DXP 7.4+ Resolution Liferay Sync got...