Search Results

All Results 437
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Authenticated users with no permission to access Control Panel can navigate to /control_panel/manage with the message: Please select a tool from the left menu.
legacy
Issue I have an issue with authenticated users who do not have privilege to access the Control Panel. A user with no specific role (Only User role), when navigating to /control_panel/manage gets redirected to a page...
Changes to Site Templates are not propagated to pages
legacy Troubleshooting
Issue Changes made to a site template are not propagated to the pages that use the template. We can see the next error in the server log: [LayoutSetPrototypeMergeBackgroundTaskExecutor:219] Merge fail count...
Organization's users exposed in UI when modifying groupID in Request Body
legacy Troubleshooting
Issue An organization's member list can be seen by manipulating the role member assign(groupID) in a request. Here are the steps to reproduce: Setup browser proxy to 127.0.0.1:8180. For example with Chrome, navigate to...
Is Liferay Affected by CVE-2025-29927?
legacy
Issue Is Liferay affected by vulnerability CVE-2025-29927?   Environment Liferay DXP Quarterly Releases   Resolution The vulnerability CVE-2025-29927 is related to Next.js, a technology not used by Liferay as a...
Property "redirect.url.security.mode" has invalid value: domain,domain
legacy Troubleshooting
Issue After setting the property redirect.url.security.mode=domain we are now seeing WARN messages such as Property "redirect.url.security.mode" has invalid value: domain,domain Environment Liferay DXP Resolution Please...
Security scan detected a "Reference to Windows file path is present in HTML"
legacy Troubleshooting
Issue Our security scan detected a "Reference to Windows file path is present in HTML" in the following URL:...
Audit portlet only available for Administrators
legacy How To
Issue After upgrading to U78+ you might encounter a behavior where the Audit portlet is only available for Administrators, whereas before U78 you could create a regular role with access to it The reason behind this...
Can we set different instance configurations on sites?
legacy
Issue Can we have different instance level settings like One-Time-Password or Multi-Factor Authentication configurations applied on different sites in the same virtual instance? Environment DXP 7.3+ Resolution The...
How to configure email sender and email logging for Multi-Factor Authentication?
legacy How To
Issue I would like to understand where sender email address for Multi-Factor Authentication comes from. I would like to set the log levels so I can see when emails are sent. Environment Liferay DXP 7.4 Resolution Set...
"Unable to extend the HTTP session" WARN logs
legacy Troubleshooting
Issue These warnings are frequently found in the logs:  Unable to extend the HTTP session. or Unable to extend the HTTP session. Review the portal property "session.timeout" if this warning is displayed...
Session lost on page redirect using POST method when request header is SameSite=LAX
legacy Troubleshooting
Issue The problem is happening when using POST method to receive data from another portal on a different domain, which is considered unsafe when request header is SameSite=LAX, that because if this header is not...
Is it possible to add additional columns to the CSV Log Message Formatter system setting?
legacy
Issue While looking into configuring CSV Log Auditing for an environment, our team noticed that the CSV Log Message Formatter system setting (within System Settings > Audit) has +/- buttons to add/remove columns. Is...
HttpOnly flag in JSESSIONID cookie using JBOSS application server
legacy Troubleshooting
Issue JSESSIONID cookie does not contain the HttpOnly flag. Environment Liferay Portal 6.2 JBOSS Resolution You need to change it on your application server configuration, in the...
Existing users password encryption algorithm is not updated on password reset
legacy Troubleshooting
Issue The password encryption algorithm of existing users is not being updated after doing a password reset. Environment DXP 7.4 Resolution To resolve this behavior, open a help center ticket to request a hotfix...
Special characters which are used for XSS can be saved as an input without any warning
legacy
Issue Characters as <, >, /, (, ), ", ' which can be used to make scripts, used in HTML and JavaScript are valid to use in the portal as inputs and values, and it can raise security questions The use of these...
Is there a limit to the number of IdPs registered?
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us....
Search in Control Panel > Audit makes long URL
legacy
Issue A search in Control Panel > Security > Audit always sends empty search parameters in the GET URL. As a result, URLs are very long and can be blocked by firewall-infrastructure. Steps to reproduce: Navigate to...
Detected vulnerabilities related to Jettison
legacy Troubleshooting
Issue A security scan has picked up the following vulnerabilities related to jettison-1.x.x jar: CVE-2022-40150 & CVE-2022-40149. This jar is found in marketplace\Liferay Foundation - Liferay Portal Remote -...
Behavior when a session expires while posting on the bulletin board
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...
How to change the number of digits in the CSRF token parameter "p_auth
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...