Search Results

All Results 55
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Are URLs that display/download Liferay JS information a vulnerability?
legacy
Issue Some monitoring tools may identify certain URLs that are accessible during routine scans that should not have allowed access. Among the URLs that are typically detected are URLs that can download Liferay's JS...
Folder naming rules for Web content, documents and media
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...
Deploying to an Existing Build via CLI Tool
legacy
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue The user wants to know if it is possible to deploy to an...
How to store and view what users selected for the Cookie Consent banner?
legacy
Issue We have enabled Liferay's cookie consent banner for our site. Could you please guide us on where to locate the log of cookies accepted by our site visitors? As a point of reference, here is an example of how the...
Blocking requests before reaching the WebServer on Liferay PaaS (Public Cluster)
legacy
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue We have encountered requests from unauthenticated...
Enable Masking on Personal Information Data in Liferay PaaS
legacy
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue We have a requirement to mask the PI (Personal...
Version not available on CDN in the product_info.json
legacy
Issue Liferay version is not available on https://releases-cdn.liferay.com/tools/workspace/.product_info.json. Environment DXP 7.3-u36+ 2023 Q4.x+ Resolution Since the introduction of the Quarterly Releases, it was...
Missing Folder Hierarchy in Related Assets Selection for Web Content
legacy
Issue Currently, it's only possible to find and select related files in a Web Content by searching by name. This becomes impractical when dealing with thousand of files that don't have semantic names but are...
SearchBarPortlet on private page
legacy
Issue We use SearchBarPortlet in our public and private appearance themes. Also, we have configured as 'destination', a results page with '/search-results' as friendlyURL. This page exists as public and private....
When trying to access a user's private page, a "404 Page Not Found" populates instead of the Login prompt
legacy
Issue When trying to access a user's private page, we are transferred to a "404 Page Not Found" error page instead of the Login page that we were expecting.  Environment DXP 7.4 Quarterly Release Resolution Not being...
What is the user password algorithm and format of the stored passwords?
legacy
Issue We would like to understand the formatting of passwords as they're saved in Liferay. What algorithm, salt, and hash format is being used to store passwords?  Environment DXP 7.1 Resolution Example Password:...
Accessibility: Success Criterion 4.1.1 Parsing (WCAG 2.1)
legacy
Issue The tool https://validator.w3.org shows accessibility issues related to success criterion 4.1.1 Parsing. Environment 2024.q1 Resolution Since WCAG 2.2, success criterion 4.1.1 Parsing is considered...
Service Organization Control (SOC) -1 Type 2 report
legacy
Issue Service Organization Control (SOC) -1 Type 2 report for auditing purposes. Environment Liferay DXP Resolution The SOC-1 report focuses on financial controls and their evaluation and this reporting is not...
Time format displayed in AM/PM format instead of 24 hour
legacy
Issue Liferay displays Time format differently on the site's time picker than on the OS. Environment DXP 7.4 + Resolution This behavior is due to the changes of LPS-169277 where the old time picker has been replaced by...
Is Liferay 7.4 vulnerable to CVE-2024-25148?
legacy
Issue We've reviewed the official documentation (https://nvd.nist.gov/vuln/search/results) which lists some Liferay versions affected, so we would like to know if the 7.4 versions is vulnerable to this CVE....
What MySQL version is supported in Liferay Cloud?
legacy
Issue User wishes to know which MySQL version is supported in Liferay Cloud.   Environment Liferay Cloud Resolution Currently MySQL 5.7 is supported in Liferay Cloud. Additional Information MySQL  ,...
Liferay's OpenID Connect implementation does not account for language variations for ui_locales
legacy
Issue Liferay's OpenID Connect implementation does not account for language variations for ui_locales. For example, Selecting English (United States) on Liferay sets ui_locales to en. Selecting Chinese (either Traditional...
A blank SAML redirect screen is seen even with redirect message disabled
legacy
Issue A blank intermediary page (showing "Please select your identity provider" title and /portal/c/portal/login?redirect=%2Fportal%2F&refererPlid=[sanitized]&p_l_id=[sanitized] URL) is being seen even with the hotfix...
Files uploaded with Guest view permission - Forms Upload field
legacy
Issue When a document is added in the Form Upload field it will have 'Guest view' permission. When a document is added directly in the Document and Media library it will NOT have 'Guest view' permission. Is there a...
Security Issue: CVE-2024-28752 - Apache CXF
legacy
Issue Security vulnerability CVE-2024-28752 details a SSRF vulnerability with the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3, and 3.5.8, which would allow an attacker to perform SSRF style attacks...
Role with permission to view private page cannot view page without site membership
legacy
Issue Within a site with only private pages, a user who is not member of the site but has permission to access and view a private page via some regular role cannot access that private page. Environment Quarterly...
How To Get Additional Search Metrics From Liferay
legacy
Issue Is there any other source of information where we could get additional search history information from Liferay or directly from Elasticsearch? How can we provide customers with metrics, beyond the top...
What does the TempFileEntriesMessageListener actually do?
legacy
Issue In our logs we see some errors apparently related to an hourly job, TempFileEntriesMessageListener the triggering interval of this job seems to be set in System Settings/ Documents and Media/Service/Temporary File...
The sitemap.xml rendering is not showing tree view when xml.sitemap.index.enabled is set to false
legacy
Issue The sitemap.xml rendering is not showing tree view after setting xml.sitemap.index.enabled=false Environment Liferay DXP 7.4, Quarterly Release Resolution This is expected behavior. The XML file that is generated is...
Do Units Of Measure need to be configured individually for each SKU?
legacy
Issue Units Of Measure (UOM) need to be created and configured for each SKU. Can we create UOM centrally and then only select it (reuse it) for SKUs?   Environment Commerce   Resolution UOM needs to be defined...
Critical Remote Code Execution Backdoor Vulnerability
legacy
Issue A critical remote code Backdoor vulnerability was discovered on the open source XZ utils. This is CVE-2024-3094 with a maximum CVSS3 score of 10.0 Environment Liferay DXP 7.4 Resolution The Docker images,...
Clock icon does not appear during Web Content scheduling with Firefox browser
legacy
Issue Firefox browser does not show the Clock icon on Web Content Schedule Dates. Environment Liferay DXP 7.4 Resolution The way browsers handle input for Time fields is not specific to Liferay. It is related to...
Is there a configuration that controls the retention of comments?
legacy
Issue Let's suppose, a user can create a page with a comments area. Other users may leave comments. How long has the comment been left? How many comments can be stored per page? Can those values be managed, or does...
Special char "~" in the URL
legacy
Issue Special char "~" in the URL: /group/user-view/~/control_panel/manage/-/site/settings? Environment Liferay DXP [all versions] Resolution Liferay has confirmed that the URL's special char "~" is part of the URL...
Cipher Keys used in DXP 7.1 and 7.3
legacy
Issue Our security team would like to know whether Liferay DXP 7.1 and DXP 7.3 uses any of the following cipher keys? DES, 3DES, IDEA or RC2 Environment Liferay DXP 7.1 Liferay DXP 7.3 Resolution The algorithms...
Liferay PaaS - Can I only access the database through the MySQL Client?
legacy
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue I am using the MySQL client to access the database: Using the...
Liferay Cookies and GDPR Compliance in Liferay Cloud
legacy
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue How do cookies travel within regions? Environment Liferay...
Is Liferay Affected by CVE-2023-49070?
legacy
Issue How can I mitigate vulnerability with CVE-2023-49070 regarding Liferay DXP? Environment All environments. Resolution Liferay does not use the Apache OFBiz, so Liferay is not impacted by this vulnerability....
Sites and Libraries breadcrumb only displays current site
legacy
Issue When making a selection from a web content display widget, clicking the “Sites and Libraries” breadcrumb link only displays the current site. Here are the steps to reproduce: Start a 2023.Q4.4 instance. Add a new site...
How to identify customized pages
legacy
Issue I need to locate pages that specify an outdated attribute in their custom look and feel. I haven't found what database column indicates that a page is customized. Can you please point out the column to identify...
Is it possible to manage resources per instance in Liferay?
legacy
Issue You have a Liferay server and several virtual instances, and want to know if it’s possible to configure resources for each virtual instance. Environment DXP 7.2+ Resolution Unfortunately handling...
Can I sort Liferay object entries in alphanumeric order?
legacy
Issue After sorting by the field name in ascending alphanumeric order, the results are currently sorted lexicographically. Environment Liferay DXP 7.4 Liferay Quarterly Release  Resolution This is the expected...
Wrong guest view permission assigned to images inserted into message boards threads (not following the thread's guest view permission)
legacy
Issue if there is no private page on a site, and we create a message boards thread with "Viewable By"="Site Members", and you insert an image in the message (with the editor's image icon), that image will in the Documents...
What is the minimum Database Privilege Required for Liferay?
legacy
Issue Is it safe to limit the database permissions in any way? Can it be customized to use the minimum amount of Database Privilege and still be functional?  Environment DXP 7.0+ Quarterly Release Resolution...
BaseUpgradeServiceModuleRelease not available in 7.4 anymore, is there a replacement class?
legacy
Issue The class BaseUpgradeServiceModuleRelease was previously available in 7.3 and below and is used as a start/stop method to override and be used as a service tracker.  Environment DXP 7.4+ Resolution This class...