Search Results

All Results 435
ソート
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
The Liferay is vulnerable to the CVE-2023-4863?
legacy
Issue How can I mitigate vulnerability with CVE-2023-4863 regarding Liferay DXP? Environment All environments. Resolution Liferay does not use the libwebp library, so are not vulnerable to CVE-2023-4863. ...
Is Liferay vulnerable to CVE-2023-33946
legacy Troubleshooting
Issue I would like to know if Liferay is vulnerable to CVE-2023-33946? Environment Liferay DXP 7.4 U1-U48 Resolution Yes, the Liferay is vulnerable to this CVE, the resolution is update to Liferay 7.4 U49 (or...
Does Apache Log4j Vulnerability CVE-2021-44832 affect Liferay ?
legacy Troubleshooting
Issue The Liferay uses the log4j-core Library which was reported to have a vulnerability. Environment Liferay DXP 7.1 Liferay DXP 7.2 until fix-pack 16 Liferay DXP 7.3 until SP3 Resolution Yes, the Liferay is...
Is it Liferay vulnerable to the Log4j Vulnerability CVE-2019-17571?
legacy
Issue After search in the following folder:/tomcat/webapps/ROOT/WEB-INF/lib/log4j-extras.jar is notice that the log4 is available as part of product, so the Liferay is it vulnerable to this lib? Environment All...
Setting up Liferay as both IDP and SP (SAML)
legacy How To
Issue This article outlines how to configure two Liferay DXP bundles for SAML authentication with one functioning as the Service Provider (SP) and the second as the Identity Provider (IdP). Environment DXP...
Updating React dependencies to later version
legacy
Issue As part of the security audit, the old version of the React might be vulnerable to attacks. Is there a way to hide the React version that Liferay displays? Environment Liferay DXP 7.3 Resolution At this...
High CPU utilisation while using script to login users continuously
legacy Troubleshooting
Issue Facing high CPU utilization while logging-in high number of users per minute continuously (24x7) using username-password authentication, mostly while fetching data using some scripts. Environment Liferay DXP...
How long does the content remain in the CDN cache?
legacy
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue What is the policy for cleaning and updating content...
Security Issue Concerning Google Guava Versions 1.0 to 32
legacy How To
Issue There is a present vulnerability with Google Guava that affects the versions from 1.0 to 31.1. Liferay is currently bundled with Guava. It has been reported that...
User enumeration attack via response time
legacy Troubleshooting
Issue It is possible to determine if an email address is valid or not (i.e., user enumeration) by comparing the request's response time. This can be done by checking the browser's network tab and comparing...
How to reduce difficulty on captcha for Liferay DXP 7.2
legacy Troubleshooting
Issue The captcha generated in the login is unreadable, even for humans. Environment Liferay DXP 7.2 Resolution Go to System Settings > Security Tools. Find and delete the following properties: ...
Relay state exceeds 80 bytes
legacy Troubleshooting
Issue After configuring SAML, I see Relay state exceeds 80 bytes WARN messages in the logs. How can I prevent the transmission of relay states larger than 80 bytes? Environment DXP 7.X Resolution This issue was...
CVE-2023-33950
legacy Troubleshooting
Issue We would like to determine whether Liferay is vulnerable to CVE-2023-33950 The CVE claims that Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allow regular...
How to verify the current Implementation version of log4j.jar file
legacy How To
Issue We would like to verify the implementation version of a log4j.jar file, either to verify the application of an update or to assess current vulnerability.  Environment DXP 7.3, DXP 7.4 Resolution You can find the...
Does Liferay support more than one SAML connection?
legacy
Issue Can Liferay connect to more than one Service or Identity Provider? Environment  DXP 7.0  DXP 7.1  DXP 7.2  DXP 7.3  DXP 7.4 Resolution Yes, Liferay does support more than one SAML or Identity Provider...
How can we set the requireSSL property?
legacy How To
Issue How can we enable the requireSSL attribute in Liferay? Environment Liferay DXP 7.0+ Resolution You can set that in your JDBC properties:...
Does having a script in the Analytics section qualify as a potential XSS vulnerability?
legacy
Issue We can put Javascript code in the Matomo (DXP 7.4) or Piwiki (DXP 7.0-7.3) field where the code can be executed on every other page Go to a Site's Configuration -> Site Settings -> Analytics Under the...
SSO SP connection doesn't send unauthenticated users to /c/portal/login
legacy How To
Issue Once we setup a SAML SP connection, the SAML adapter doesn't recognize unauthenticated users and redirect them to /c/portal/login Environment DXP 7.4 Resolution This is intended behavior with the “Prompt Enabled”...
User is redirected to the 404 page instead of the login page when the session expires.
legacy How To
Issue The user is not prompted for login but to a 404 page when navigating in pages with restricted access if the user session expires or, if the user is not logged in and tries to access directly the url. ...
Unable to process SAML request
legacy Troubleshooting
Issue Some users are unable to login via SAML Steps to reproduce: Login User for the first time The user gets logged-in successfully Now, log out and try logging in again Result: Throws unable to process SAML...