Search Results

All Results 433
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Password reminder answers are not masked
legacy Troubleshooting
Issue As Liferay DXP does not hide password reminder answers, attackers can capture user's password reminder answers through man-in-the-middle or shoulder surfing attacks. Environment Liferay DXP 7.0 Liferay DXP...
The birthday is reset to {01/01/1970} on LDAP import
legacy Troubleshooting
Issue Every time a user is logged in, the birthday is automatically updated to the default value {01-01-1970}. We configured the LDAP server in Instance Settings. Environment Liferay DXP 7.2 Liferay DXP 7.3...
"Content security policy" header is not available in the application response
legacy
Issue The "Content security policy" header is not available in the application response. How to add or enable the CSP? Environment Liferay DXP 7.3 Resolution Liferay doesn't directly support the CSP as there are no...
Version of spring-** jars after installing a hotfix
legacy
Issue To address the Spring4Shell vulnerabilities, the patched version of spring-beans.jar should be in its manifest file after the hotfix installation, is spring-webmvc.jar included in this? Environment Liferay...
Guest users are able to access an endpoint if PortalSessionAuthVerifier is enabled
legacy Troubleshooting
Issue We have followed this How-To article: How to add security, authentication to my REST service? (Section 5.1), but guest users are still able to access our endpoint from a browser. If we enable...
Error "Invalid domain for site key" when using reCAPTCHA
legacy Troubleshooting
Issue When using Google's reCAPTCHA, the CAPTCHA option won't show, instead the message "Invalid domain for site key" is displayed where the CAPTCHA should be. Environment Any Liferay DXP version with...
After changing the password, site members are not redirected to a page where they don't have the guest view permission
legacy Troubleshooting
Issue After changing the password, site members are not redirected to a page Steps to reproduce: 1) Start the server, login as Admin 2) Create a new page e.g. /testpage and remove the VIEW permission for the Guest...
log4j-core-2.13.3.jar exists inside the fix pack
legacy Troubleshooting
Issue This article highlights the concern with the following path of log4j lower version jars. {liferay_home}/patching-tool/patches/liferay-fix-pack-dxp-16-7210.zip!binaries/MODULES_BASE_PATH/marketplace/Liferay...
Is there a REST API method to revoke the OAuth2 tokens?
legacy How To
Issue We want to provide a public REST API method to revoke the OAuth2 tokens following the RFC 7009 specification https://datatracker.ietf.org/doc/html/rfc7009#section-2.1 Does Liferay provide this functionality?...
Forgot Password is not popped up with an error when providing an email address that doesn't exist in the DB
legacy
Issue In the 'Forgot Password' option, while trying to provide an email id that doesn't exist in the database, the user can proceed to answer the security question. Whereas an error is not popped up saying the user's...
Is functionality impacted when upgrading to Bootstrap 5 in portal 6.2 ? Is it supported ?
legacy
Issue Requirement is to upgrade the Bootstrap library.  Is functionality impacted when upgrading to Bootstrap 5 in portal 6.2 ?  Is Liferay portal 6.2 compatible with Bootstrap 5? Is it supported ? Environment...
Is there a way to allow upper cases in a screen name?
legacy
Issue Is there any way to ensure that a user's screen name maintains the same capitalization that is present in the AD (Active Directory) when the user is imported into Liferay? Environment Liferay DXP 7.2...
Post deployment of SAML plugin the SAML Admin page is blank
legacy Troubleshooting
Issue After deploying the SAML plugin in the Liferay instance, the SAML admin page displayed blank. Below Stack trace occurs in the log at the time of performing the above actions. 2021-03-23 19:14:22.610 WARN...
Restrict guest users from accessing login page when attempting to access a protected page or resource
legacy How To
Issue By default, guest users are prompted to the login page when they are attempting to hit a url or access a resource that is protected and not available to guest users. I do not want guest users to be redirected to...
What difference is there between System Setting and Instance Setting LDAP configurations?
legacy
Issue There are two locations within Liferay DXP where LDAP configurations can be set. One is the System Settings (Control Panel -> Configuration -> System Settings -> Security -> LDAP) and the other the Instance...
How do I Add More Than One Field To the Custom Mapping Sections in My 7.0 LDAP Setup?
legacy How To
Issue I would like to add multiple fields to the custom mappings section in my LDAP setup. Environment DXP 7.0 Resolution During LDAP setup, navigate to Control Panel > Configuration > Instance Settings, in...
New Virtual Instance cannot be created if "passwords.default.policy.check.syntax=" is set to true
legacy Troubleshooting
Issue If I set passwords.default.policy.check.syntax=true in my portal-ext.properties file, I cannot create a New Virtual Instance I get an error in the logs: ERROR...
How to prevent user enumeration attacks through the Forgot Password functionality
legacy How To
Issue Insecure default configuration may allow remote attackers to enumerate users' email addresses via the forgot password functionality. This can be a risk in the case of public-facing deployments. Environment...
Session Timeout value is overridden during fix pack upgrade
legacy How To
Issue During installation of a fix pack, the value of <session-timeout> is reset to default within web.xml. Is the value of session timeout can be changed 'permanently'? Environment DXP 7.2 Resolution Currently,...
SAML changes post upgrade from DXP 7.0 to higher version
legacy How To
Issue SAML authentication is being used in DXP 7.0. After upgrading the DXP 7.0 to any higher version, how to configure SAML in the upgraded environment? Environment Liferay DXP 7.1 Liferay DXP 7.2...