Search Results

All Results 433
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Unable to bind to the LDAP server javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
legacy Troubleshooting
Issue Unable to connect to Open LDAP in DXP due to the following UI error Environment Liferay DXP 7.4 Resolution These errors typically occur when Liferay is unable to communicate with LDAP or when mapping mistakes...
How to update moment.js library
legacy Troubleshooting
Issue For security reasons we need to update the moment.js library from version 2.24.0 to version 2.29.4 How do I update the moment.js library in Liferay DXP? Security vulnerabilities in moment.js 2.24.0:...
Detected Vulnerabilities related to Struts
legacy
Issue A security scan has picked up the following vulnerabilities related to struts-core:  CVE-2012-1007, CVE-2014-0112 CVE-2014-0112: ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict...
Errors Suggesting a Search Bot Attack
legacy Troubleshooting
Issue We are seeing many abnormal errors in our Liferay catalina logs all of sudden. We have tried restarting, but the errors continue. What could these mean? ERROR [ajp-nio-0.0.0.0-8009-exec-19][MVCPortlet:557]...
Existing users password encryption algorithm is not updated on password reset
legacy Troubleshooting
Issue The password encryption algorithm of existing users is not being updated after doing a password reset. Environment DXP 7.4 Resolution To resolve this behavior, open a help center ticket to request a hotfix...
Search in Control Panel > Audit makes long URL
legacy
Issue A search in Control Panel > Security > Audit always sends empty search parameters in the GET URL. As a result, URLs are very long and can be blocked by firewall-infrastructure. Steps to reproduce: Navigate to...
Is there a limit to the number of IdPs registered?
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us....
Detected vulnerabilities related to Jettison
legacy Troubleshooting
Issue A security scan has picked up the following vulnerabilities related to jettison-1.x.x jar: CVE-2022-40150 & CVE-2022-40149. This jar is found in marketplace\Liferay Foundation - Liferay Portal Remote -...
Special characters which are used for XSS can be saved as an input without any warning
legacy
Issue Characters as <, >, /, (, ), ", ' which can be used to make scripts, used in HTML and JavaScript are valid to use in the portal as inputs and values, and it can raise security questions The use of these...
Behavior when a session expires while posting on the bulletin board
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...
How to change the number of digits in the CSRF token parameter "p_auth
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...
Users who are not registered with Liferay application are able to log in
legacy Troubleshooting
Issue Users who are not registered with the Liferay application are able to log in even though they have no connections. Environment Liferay DXP 7.0 to 7.4 Resolution Users log into Liferay DXP by using...
Lodash Security Vulnerability
legacy Troubleshooting
Issue In Liferay, a vulnerable version of Lodash 4.17.14 is being used. Environment Liferay DXP 7.0 Resolution The observed behavior is a known issue LPE-17236 and has already been fixed in the latest fix...
SSO at site level
legacy
Issue Is there any OOTB option to configure SAML for two sites on the same instance? Whether creating a new instance for a site would help to configure SAML? Environment Liferay DXP 7.2 Liferay DXP 7.3...
When logging in with an OpenID Provider, the portal shows "Internal Server Error"
legacy Troubleshooting
Issue When configuring an OpenID Provider and trying to log in with an user, the callback to the portal shows an error message similar to the one below: Internal Server Error An error occurred while...
Is Liferay creating cookies site base?
legacy
Issue Is Liferay creating a cookies site base? If so, where exactly on the Liferay server would all the cookies be physically kept?  Environment Liferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4...
Enabling information about server errors in the JSON response
legacy Troubleshooting
Issue There is no error messages from api json services. How to manage the serialization and access to  Json services In Liferay Portal 6.2 or DXP7.0 the server response is serialized and shows information related...
Use Custom certificate and Let's encrypt at same time in different domains
legacy How To
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue We need to have some domains with custom certificates and...
Failed to verify signature and/or establish trust using any KeyInfo-derived credentials
legacy Troubleshooting
Issue SAML has abruptly stopped working, and no user can log in. The Liferay console contains the following errors: DEBUG [ajp-nio-172.1.129.26-8080-exec-351][BaseSignatureTrustEngine:200] Attempting to establish...
Does CVE-2022-34305 affect Liferay?
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...
Portal prints error stacktrace on the browser, disclosing technical information
legacy Troubleshooting
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue When navigating some incorrectly crafted URLs...
Error message is not displayed when an error occurs in JSONWS
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...
Unable to send message: 554 X.X.XXX SendAsDenied
legacy Troubleshooting
Issue When sending emails, the error "unable to send message: 554 X.X.XXX SendAsDenied" occurs. Steps to reproduce: 1. Configure the outlook mail server to send email notifications in Liferay 2. Sometimes, the...
JSESSIONID not secure by default
legacy Troubleshooting
Issue The JSESSIONID cookie that comes with Liferay requests in the browser is not secure by default when inspected in the browser. Environment Liferay DXP 7.3 Resolution Set the JSESSIONID in web.xml...
Could not connect to the SMTP host exceptions
legacy Troubleshooting
Issue When sending emails, the error "unable to send message: Could not connect to SMTP host: smtp.office365.com, port: 587" occurs. Steps to reproduce: 1. Configure the outlook mail server to send email...
What should be done when answers to the security questions are forgotten?
legacy How To
Issue My users keep forgetting their answers to the security questions is there a way to disable this? Also is there an alternative to the forgot password option? Environment DXP 7.4 Resolution Liferay already sends a...
Unable to process SAML request
legacy Troubleshooting
Issue Some users are unable to login via SAML Steps to reproduce: Login User for the first time The user gets logged-in successfully Now, log out and try logging in again Result: Throws unable to process SAML...
After configuring a CDN, Liferay does not load images and throws error in browser console
legacy Troubleshooting
Issue We have configured a CDN with our Liferay environment. The portal is unable to load Liferay JS/CSS and images and we see errors in the browser console: Access to XMLHttpRequest at 'https...(CDN)' from origin...
SSO SP connection doesn't send unauthenticated users to /c/portal/login
legacy How To
Issue Once we setup a SAML SP connection, the SAML adapter doesn't recognize unauthenticated users and redirect them to /c/portal/login Environment DXP 7.4 Resolution This is intended behavior with the “Prompt Enabled”...
User is redirected to the 404 page instead of the login page when the session expires.
legacy How To
Issue The user is not prompted for login but to a 404 page when navigating in pages with restricted access if the user session expires or, if the user is not logged in and tries to access directly the url. ...
0Auth2.0 issues new token every time even before token's expiration time
legacy
Issue The access_token expiration default is set to 10 minutes. When invoking the /oauth2/token before the previous token expires, a brand new token is issued instead of the original token.  Environment DXP 7.4...
Does having a script in a fragment qualify as a potential XSS vulnerability?
legacy
Issue We can put Javascript code in a fragment's HTML section where the code can be executed, when the fragment is opened, like <img src=x onerror="alert(document.cookie)"> Can that be a vulnerability to...
Does having a script in a button fragment qualify as a potential XSS vulnerability?
legacy
Issue We can put a Javascript code in the Button fragment's URL field, so it can be executed when we click on the button, like javascript:alert(document.cookie) Can that be a vulnerability to Cross Site...
Liferay accepts only fully signed SAML responses. Can this requirement be turned off?
legacy
Issue From a security standpoint, it's a best practice to sign the Response. However, we can switch off this requirement in our other apps. I can understand that Liferay by default requires the complete signature of...
Does CVE-2022-1471 affects DXP 7.4?
legacy Troubleshooting
Issue Our scanner reported that the Liferay DXP image as well as the Elasticsearch image are vulnerable to CVE-2022-1471, which is about an issue with SnakeYaml. Could you please confirm if we have to address this...
Is Liferay vulnerable to CVE-2023-40371 and CVE 2023-38408?
legacy
Issue Is Liferay vulnerable to any of these vulnerabilities? Environment DXP 6.2+ Resolution No, Liferay is not vulnerable to any of these two. Neither CVE relates to any Liferay features, so they do not...
How to extract the okta authorization token for each user?
legacy Troubleshooting
Issue Once users log in to Liferay, the user should get redirected to Okta. After successful authentication, Okta is supposed to return an authorization token for that specific user.  Concern: After successful Okta...
Unable to extend user session on Weblogic
legacy Troubleshooting
Issue When I call Liferay.Session.extend(); from Liferay 7.4 running on Weblogic, the user session terminates. Environment DXP 7.4 Weblogic Resolution This behavior is resolved by LPS-190923. Please open a help...
AuditEvent not saved after migrating from Portal 6.2 to DXP 7.4
legacy Troubleshooting
Issue After migrating to DXP 7.4. If we use the portal normally, there aren't new entries in Audit_AuditEvents table. Environment Liferay DXP 7.4 Resolution Go to System Settings -> Audit -> Persistent...
Is One Time Password's expiration configurable?
legacy
Issue When does One Time Password expire? Can you set the validity timeframe of the OTP? Environment DXP 7.2+ Resolution OTP is HTTP session based, if the session expires, OTP expires as well. And it can only be used...
How to verify the current Implementation version of log4j.jar file
legacy How To
Issue We would like to verify the implementation version of a log4j.jar file, either to verify the application of an update or to assess current vulnerability.  Environment DXP 7.3, DXP 7.4 Resolution You can find the...
Does Liferay support more than one SAML connection?
legacy
Issue Can Liferay connect to more than one Service or Identity Provider? Environment  DXP 7.0  DXP 7.1  DXP 7.2  DXP 7.3  DXP 7.4 Resolution Yes, Liferay does support more than one SAML or Identity Provider...
Does having a script in the Analytics section qualify as a potential XSS vulnerability?
legacy
Issue We can put Javascript code in the Matomo (DXP 7.4) or Piwiki (DXP 7.0-7.3) field where the code can be executed on every other page Go to a Site's Configuration -> Site Settings -> Analytics Under the...
How can we set the requireSSL property?
legacy How To
Issue How can we enable the requireSSL attribute in Liferay? Environment Liferay DXP 7.0+ Resolution You can set that in your JDBC properties:...
Security configuration related to session management
legacy
Issue There are some security configuration requirement regarding session management. Environment Liferay DXP 7.4 Resolution Application uses the 'referrer' header as a supplemental check only, and not just for any...
SAML Download Certificate button is broken, with Redirect URL errors seen
legacy Troubleshooting
Issue The Download Certificate button doesn't work in the SAML Admin. When I click on the Download Certificate button, nothing happens. Redirect URL errors are seen in Liferay logs, such as:...
Disabling jQuery in Control Panel
legacy How To
Issue I've found vulnerabilities in our current jQuery version. Since I can't find jQuery used anywhere, I would like to disable it. Environment Liferay DXP 7.2 Resolution Go to Control Panel --> System Settings -->...
SQL injection Sleepy user agent attack
legacy
Issue Liferay does not restrict a URL that has a 'sleepy user agent' query appended to it like: https://domain/page?1%2b(select*from(select(sleep(x)))a)%2b=1 Environment Liferay DXP 7.4 Resolution Sleepy user agent...
SAML Admin - "Metadata XML is null" error
legacy Troubleshooting
Issue When attempting to create a new Identity Provider under SAML Admin, having entered the required information, when ‘Save’ is clicked the UI displays: "Error: Please enter a valid identity provider entity ID."...
Blank screen is seen after password reset
legacy Troubleshooting
Issue A blank screen (with url http://localhost:8080/c) is seen after user password is reset. The expected behavior after password reset is for users to A) be successfully redirected to Liferay home page and B) remain...
Not Found page seen instead of Login Prompt when logged out and navigating to private pages
legacy How To
Issue When not logged in, and user attempts to navigate to private page's URL, instead of being prompted to log in, a 'Not Found' page is seen instead. Environment DXP 7.4 Resolution In DXP 7.3, when users are not logged...
Users see the message "Redirecting to your identity provider" before redirecting to OKTA login screen
legacy Troubleshooting
Issue The guest user observed the message "Redirecting to your identity provider" showed up before the OKTA user login screen showed up. The behavior just happened after upgrading the environment to 7.4 Update 56. We don't...
Vulnerability:About CVE-2022-45143
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...
Forgot Password is not popped up with an error when providing an email address that doesn't exist in the DB
legacy
Issue In the 'Forgot Password' option, while trying to provide an email id that doesn't exist in the database, the user can proceed to answer the security question. Whereas an error is not popped up saying the user's...
Is functionality impacted when upgrading to Bootstrap 5 in portal 6.2 ? Is it supported ?
legacy
Issue Requirement is to upgrade the Bootstrap library.  Is functionality impacted when upgrading to Bootstrap 5 in portal 6.2 ?  Is Liferay portal 6.2 compatible with Bootstrap 5? Is it supported ? Environment...
Any user who has not securely logged out will have their session terminated?
legacy
Issue Terminating the session of any user who has not properly logged out, for example, who has unexpectedly closed the transaction window, etc. This user does not have to wait for the default time-out to be...
Is there a way to allow upper cases in a screen name?
legacy
Issue Is there any way to ensure that a user's screen name maintains the same capitalization that is present in the AD (Active Directory) when the user is imported into Liferay? Environment Liferay DXP 7.2...
Password verification needed at time of changing user screen name & email address
legacy
Issue Password verification is required whenever a user needs to update its screen name or email address Environment Liferay DXP 7.3 Resolution A feature request has been already created in order to add a toggle for...
When Setting Okta up as an SSO for Liferay PaaS, how can I generate IdP metadata in Okta without first having SP metadata?
legacy Troubleshooting
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue The documentation for setting up an SSO with Liferay PaaS...
Does the Encryption Key that is generated per company id for the Liferay Installation ever change?
legacy
Issue Does the Encryption Key that is generated per company id for the Liferay Installation ever change? Environment Liferay 7.2 Resolution The following portal properties will alter the encryption key for a Liferay...