Search Results

All Results 437
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Disabling jQuery in Control Panel
legacy How To
Issue I've found vulnerabilities in our current jQuery version. Since I can't find jQuery used anywhere, I would like to disable it. Environment Liferay DXP 7.2 Resolution Go to Control Panel --> System Settings -->...
Blank screen is seen after password reset
legacy Troubleshooting
Issue A blank screen (with url http://localhost:8080/c) is seen after user password is reset. The expected behavior after password reset is for users to A) be successfully redirected to Liferay home page and B) remain...
How to protect against the vulnerabilities related to SnakeYaml in version 1.27
legacy Troubleshooting
Issue How can I mitigate vulnerability CVE-2022-38749, CVE-2022-38750, CVE-2022-38751 and CVE-2022-38752 regarding Liferay DXP? Environment Liferay Portal 6.2 EE Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2...
Vulnerability:About CVE-2022-45143
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...
Unable to bind to the LDAP server javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
legacy Troubleshooting
Issue Unable to connect to Open LDAP in DXP due to the following UI error Environment Liferay DXP 7.4 Resolution These errors typically occur when Liferay is unable to communicate with LDAP or when mapping mistakes...
How to add security, authentication to my REST service?
legacy How To
Issue We developed a REST service and it works. But we need endpoint security. At the moment it is available without any credentials. We do not want to give access to a REST Web service without credentials.  How can...
LDAP settings and upgrading from 5.2.x to 6.x
legacy Troubleshooting
This article pertains to portals in which LDAP is configured in Liferay Portal 5.2.x and an upgrade is performed. When a user attempts to login, an error is thrown, and the user is not...
User's group membership not updating with LDAP after upgrading to Liferay Portal 6.0 EE SP2
legacy Troubleshooting
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. Beginning in Liferay 6.0 EE SP2, the...
Apache Tomcat Security Advisory: CVE-2018-1336
legacy Troubleshooting
General Information CVE-2018-1336 reports that, "an improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service." This...
poi-3.16.jar
legacy Troubleshooting
, knowledgeArticleType: troubleshooting, legacy: true, name: poi-3.16.jar, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 105139, title: ポイ-3.16.jar
'Credential cannot be null' when trying to log in with a customer database
legacy Troubleshooting
, knowledgeArticleType: troubleshooting, legacy: true, name: 'Credential cannot be null' when trying to log in with a customer database, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber:...
How to verify that a Log4j patch has resolved all Log4j vulnerabilities
legacy How To
, knowledgeArticleType: howTo, legacy: true, name: How to verify that a Log4j patch has resolved all Log4j vulnerabilities, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 68123, title:...
Fake SMTP Server for Local Bundle Email Interception
legacy Troubleshooting
, knowledgeArticleType: troubleshooting, legacy: true, name: Fake SMTP Server for Local Bundle Email Interception, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 63413, title: ローカルバンドルメール傍受用偽SMTPサーバ
SAML Plugin
legacy Troubleshooting
, knowledgeArticleType: troubleshooting, legacy: true, name: SAML Plugin , showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 61697, title: SAMLプラグイン
Do source map (.map) files for JS source code represent a vulnerability issue?
legacy
, knowledgeArticleType: reference, legacy: true, name: Do source map (.map) files for JS source code represent a vulnerability issue?, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 76754, title:...
Where is the SAML assertion information stored in Liferay?
legacy
, knowledgeArticleType: reference, legacy: true, name: Where is the SAML assertion information stored in Liferay?, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 63806, title:...
Security vulnerability in CBOR 4.2.0 (Multi-Factor Authentication)
legacy Troubleshooting
, knowledgeArticleType: troubleshooting, legacy: true, name: Security vulnerability in CBOR 4.2.0 (Multi-Factor Authentication), showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: , title: CBOR...
How to remove SSLHandshakeException?
legacy Troubleshooting
, knowledgeArticleType: troubleshooting, legacy: true, name: How to remove SSLHandshakeException?, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 40818, title: SSLHandshakeException を削除するには?
Sensitive data such the user password is printed in our logs
legacy Troubleshooting
, knowledgeArticleType: troubleshooting, legacy: true, name: Sensitive data such the user password is printed in our logs, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 39641, title:...
SQL injection Vulnerability on path /o/js_resolve_modules
legacy
, knowledgeArticleType: troubleshooting, legacy: true, name: SQL injection Vulnerability on path /o/js_resolve_modules, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 54485, title: パス...
/html/common/referer_jsp.jsp vulnerability
legacy
, knowledgeArticleType: troubleshooting, legacy: true, name: /html/common/referer_jsp.jsp vulnerability, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 45080, title: /html/common/referer_jsp.jsp...
The potential CSRF for Liferay default logout link (/c/portal/logout)
legacy
, knowledgeArticleType: reference, legacy: true, name: The potential CSRF for Liferay default logout link (<Site address>/c/portal/logout), showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: , title: Liferay...
Product Navigation Menu will not close upon Sign Out
legacy
, knowledgeArticleType: troubleshooting, legacy: true, name: Product Navigation Menu will not close upon Sign Out, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 12688, title:...
User did not provide a valid CSRF token Error
Troubleshooting
Issue Portlet Action requests intermittently returning a 403 error code. In the logs the following error message regarding invalid CSRF token gets printed whenever the 403 error is thrown. "User [user_id] did not provide...
Email Address Validation for Forgot Password
Issue The Forgot Password option does not validate if the user enters a correct email address. You can enter anything and the field will accept it. Two types of validation are expected: Email format validation (to...
Login URL Parameters Reported as Security Threat
legacy Troubleshooting
Issue Vulnerability Assessment and Penetration Testing (VAPT) reports the parameters passed in the login request as a security threat. How can these parameters be removed or mitigated? Environment Liferay DXP 7.4+...
User profile is visible when accessing the /web/test
legacy Troubleshooting
Issue When accessing localhost:8080/web/test, the user profile is visible to guest users. The concern is that the user data being accessible to guest users poses a security threat. Environment Liferay DXP 7.4...
Password syntax checking error does not appear when configuring with Minimum Lowercase 1 when creating a new account
Troubleshooting
Issue I have an issue with checking the password syntax. When they configure the password syntax with Minimum Lowercase 1, Minimum Symbols 1, and Minimum Uppercase 1, try to create an account for a guest user, type a...
Can Liferay pass User Roles to the Service Provider?
legacy
Issue In a SAML configuration where Liferay acts as the Identity Provider, is Liferay able to pass its User Roles to the Service Provider?   Environment Liferay 7.4   Resolution Yes, it is possible. Liferay will send...
XSS Vulnerability present when using Web Content Article's source code
legacy Troubleshooting
Issue We've observed a XSS Vulnerability present when using Web Content Article's source code.  This vulnerability appears to be present when involving the deployment of a payload via the source code.  Steps to...
SAML - Can you end the Identity Provider's session when the Service Provider's session times out?
legacy Troubleshooting
Issue We have Liferay configured as a SAML Service Provider (SP), and we use third-party software as the Identity Provider (IdP) Our IdP is used for multiple applications, so its session timeout is set for a...
Is integration of mTLS possible in Liferay?
legacy How To
Issue We are required to use mTLS (Mutual Transport Layer Security) for certain requests Is it possible to integrate mTLS with Liferay? Environment DXP 7.4 Quarterly Releases Resolution Yes, it is possible to...
Tomcat's vulnerability CVE-2023-44487
legacy
Issue Is DXP 7.4 affected by Tomcat's Rapid Reset CVE-2023-44487? Environment Liferay DXP 7.4 Resolution If user is not using Tomcat with DXP, then it is not affected by “Tomcat's Rapid Reset CVE-2023-44487”. If...
Is Liferay vulnerable to CVE-2024-38819: SpringFramework (spring-core-5.3.39)?
legacy
Issue CVE-2024-38819: Path traversal vulnerability in functional web frameworks (2nd report) is related to the usage of WebMvc.jar. Is Liferay vulnerable to this vulnerability? Environment Liferay DXP 7.3...
Vulnerabilities reported in classes generated by Liferay Service Builder
legacy Troubleshooting
Issue While performing security scans, there are vulnerabilities found in custom classes that are generated by Liferay Service Builder. Environment Liferay DXP 7.4 Resolution Sometimes, these warnings are...
Is there a release date for implementing the Content Security Policy (CSP) at Liferay?
legacy
Issue If CSP is in beta mode, how is Liferay protecting its system from vulnerability? Is there a timescale for when the CSP will be fully deployed in the portal? Once the CSP has been successfully implemented,...
How to change the generated OTP from alphanumeric to numeric in multi-factor authentication?
legacy How To
NOTE: The following resolution requires customization and should only be implemented at the discretion of your team. Liferay Support will not be able to assist with designing or implementing customizations. Issue...
Vulnerability CVE-2024-52046 in Liferay DXP
legacy How To
Issue Is Liferay vulnerable to the vulnerability described in CVE-2024-52046? Environment Liferay DXP 7.3 and above Resolution Liferay uses the affected Apache Mina library (`mina-core`) only in LDAP-related code. If...
"http://localhost:8080/o/oauth2/authorize" URL redirect to the Login Page
legacy Troubleshooting
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue When accessing the OAuth2 authorization URL...
Getting BadPaddingException errors in the logs after an upgrade
legacy Troubleshooting
Issue After upgrading Liferay DXP, javax.crypto.BadPaddingException errors appear in the logs when using 'Auto Login' feature ('Remember me'). Example error message: ERROR [AutoLoginFilter:247] Current URL /home...