Search Results

All Results 437
Resource Type
Applicable Versions
Deployment Approach
Capability
Feature
Disabling jQuery in Control Panel
legacy How To
Issue I've found vulnerabilities in our current jQuery version. Since I can't find jQuery used anywhere, I would like to disable it. Environment Liferay DXP 7.2 Resolution Go to Control Panel --> System Settings -->...
Blank screen is seen after password reset
legacy Troubleshooting
Issue A blank screen (with url http://localhost:8080/c) is seen after user password is reset. The expected behavior after password reset is for users to A) be successfully redirected to Liferay home page and B) remain...
How to protect against the vulnerabilities related to SnakeYaml in version 1.27
legacy Troubleshooting
Issue How can I mitigate vulnerability CVE-2022-38749, CVE-2022-38750, CVE-2022-38751 and CVE-2022-38752 regarding Liferay DXP? Environment Liferay Portal 6.2 EE Liferay DXP 7.0 Liferay DXP 7.1 Liferay DXP 7.2...
Vulnerability:About CVE-2022-45143
legacy
Please be aware that the page you are viewing has been machine translated from Japanese into English and may contain some translation errors. If you observe any issues with the translation, please contact us. Issue...
Unable to bind to the LDAP server javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
legacy Troubleshooting
Issue Unable to connect to Open LDAP in DXP due to the following UI error Environment Liferay DXP 7.4 Resolution These errors typically occur when Liferay is unable to communicate with LDAP or when mapping mistakes...
How to add security, authentication to my REST service?
legacy How To
Issue We developed a REST service and it works. But we need endpoint security. At the moment it is available without any credentials. We do not want to give access to a REST Web service without credentials.  How can...
LDAP settings and upgrading from 5.2.x to 6.x
legacy Troubleshooting
This article pertains to portals in which LDAP is configured in Liferay Portal 5.2.x and an upgrade is performed. When a user attempts to login, an error is thrown, and the user is not...
User's group membership not updating with LDAP after upgrading to Liferay Portal 6.0 EE SP2
legacy Troubleshooting
This article is a legacy article. It applies to previous versions of the Liferay product. While the article is no longer maintained, the information may still be applicable. Beginning in Liferay 6.0 EE SP2, the...
Apache Tomcat Security Advisory: CVE-2018-1336
legacy Troubleshooting
General Information CVE-2018-1336 reports that, "an improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service." This...
poi-3.16.jar
legacy Troubleshooting
, knowledgeArticleType: troubleshooting, legacy: true, name: poi-3.16.jar, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 105139, title: ポイ-3.16.jar
'Credential cannot be null' when trying to log in with a customer database
legacy Troubleshooting
, knowledgeArticleType: troubleshooting, legacy: true, name: 'Credential cannot be null' when trying to log in with a customer database, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber:...
How to verify that a Log4j patch has resolved all Log4j vulnerabilities
legacy How To
, knowledgeArticleType: howTo, legacy: true, name: How to verify that a Log4j patch has resolved all Log4j vulnerabilities, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 68123, title:...
Fake SMTP Server for Local Bundle Email Interception
legacy Troubleshooting
, knowledgeArticleType: troubleshooting, legacy: true, name: Fake SMTP Server for Local Bundle Email Interception, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 63413, title: ローカルバンドルメール傍受用偽SMTPサーバ
SAML Plugin
legacy Troubleshooting
, knowledgeArticleType: troubleshooting, legacy: true, name: SAML Plugin , showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 61697, title: SAMLプラグイン
Do source map (.map) files for JS source code represent a vulnerability issue?
legacy
, knowledgeArticleType: reference, legacy: true, name: Do source map (.map) files for JS source code represent a vulnerability issue?, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 76754, title:...
Where is the SAML assertion information stored in Liferay?
legacy
, knowledgeArticleType: reference, legacy: true, name: Where is the SAML assertion information stored in Liferay?, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 63806, title:...
Security vulnerability in CBOR 4.2.0 (Multi-Factor Authentication)
legacy Troubleshooting
, knowledgeArticleType: troubleshooting, legacy: true, name: Security vulnerability in CBOR 4.2.0 (Multi-Factor Authentication), showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: , title: CBOR...
How to remove SSLHandshakeException?
legacy Troubleshooting
, knowledgeArticleType: troubleshooting, legacy: true, name: How to remove SSLHandshakeException?, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 40818, title: SSLHandshakeException を削除するには?
Sensitive data such the user password is printed in our logs
legacy Troubleshooting
, knowledgeArticleType: troubleshooting, legacy: true, name: Sensitive data such the user password is printed in our logs, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 39641, title:...
SQL injection Vulnerability on path /o/js_resolve_modules
legacy
, knowledgeArticleType: troubleshooting, legacy: true, name: SQL injection Vulnerability on path /o/js_resolve_modules, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 54485, title: パス...
/html/common/referer_jsp.jsp vulnerability
legacy
, knowledgeArticleType: troubleshooting, legacy: true, name: /html/common/referer_jsp.jsp vulnerability, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 45080, title: /html/common/referer_jsp.jsp...
The potential CSRF for Liferay default logout link (/c/portal/logout)
legacy
, knowledgeArticleType: reference, legacy: true, name: The potential CSRF for Liferay default logout link (<Site address>/c/portal/logout), showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: , title: Liferay...
Product Navigation Menu will not close upon Sign Out
legacy
, knowledgeArticleType: troubleshooting, legacy: true, name: Product Navigation Menu will not close upon Sign Out, showDisclaimerMessage: true, sourceTeam: Support, ticketNumber: 12688, title:...
User did not provide a valid CSRF token Error
Troubleshooting
Issue Portlet Action requests intermittently returning a 403 error code. In the logs the following error message regarding invalid CSRF token gets printed whenever the 403 error is thrown. "User [user_id] did not provide...
Email Address Validation for Forgot Password
Issue The Forgot Password option does not validate if the user enters a correct email address. You can enter anything and the field will accept it. Two types of validation are expected: Email format validation (to...
Login URL Parameters Reported as Security Threat
legacy Troubleshooting
Issue Vulnerability Assessment and Penetration Testing (VAPT) reports the parameters passed in the login request as a security threat. How can these parameters be removed or mitigated? Environment Liferay DXP 7.4+...
User profile is visible when accessing the /web/test
legacy Troubleshooting
Issue When accessing localhost:8080/web/test, the user profile is visible to guest users. The concern is that the user data being accessible to guest users poses a security threat. Environment Liferay DXP 7.4...
Password syntax checking error does not appear when configuring with Minimum Lowercase 1 when creating a new account
Troubleshooting
Issue I have an issue with checking the password syntax. When they configure the password syntax with Minimum Lowercase 1, Minimum Symbols 1, and Minimum Uppercase 1, try to create an account for a guest user, type a...
Can Liferay pass User Roles to the Service Provider?
legacy
Issue In a SAML configuration where Liferay acts as the Identity Provider, is Liferay able to pass its User Roles to the Service Provider?   Environment Liferay 7.4   Resolution Yes, it is possible. Liferay will send...
XSS Vulnerability present when using Web Content Article's source code
legacy Troubleshooting
Issue We've observed a XSS Vulnerability present when using Web Content Article's source code.  This vulnerability appears to be present when involving the deployment of a payload via the source code.  Steps to...
SAML - Can you end the Identity Provider's session when the Service Provider's session times out?
legacy Troubleshooting
Issue We have Liferay configured as a SAML Service Provider (SP), and we use third-party software as the Identity Provider (IdP) Our IdP is used for multiple applications, so its session timeout is set for a...
Is integration of mTLS possible in Liferay?
legacy How To
Issue We are required to use mTLS (Mutual Transport Layer Security) for certain requests Is it possible to integrate mTLS with Liferay? Environment DXP 7.4 Quarterly Releases Resolution Yes, it is possible to...
Tomcat's vulnerability CVE-2023-44487
legacy
Issue Is DXP 7.4 affected by Tomcat's Rapid Reset CVE-2023-44487? Environment Liferay DXP 7.4 Resolution If user is not using Tomcat with DXP, then it is not affected by “Tomcat's Rapid Reset CVE-2023-44487”. If...
Is Liferay vulnerable to CVE-2024-38819: SpringFramework (spring-core-5.3.39)?
legacy
Issue CVE-2024-38819: Path traversal vulnerability in functional web frameworks (2nd report) is related to the usage of WebMvc.jar. Is Liferay vulnerable to this vulnerability? Environment Liferay DXP 7.3...
Vulnerabilities reported in classes generated by Liferay Service Builder
legacy Troubleshooting
Issue While performing security scans, there are vulnerabilities found in custom classes that are generated by Liferay Service Builder. Environment Liferay DXP 7.4 Resolution Sometimes, these warnings are...
Is there a release date for implementing the Content Security Policy (CSP) at Liferay?
legacy
Issue If CSP is in beta mode, how is Liferay protecting its system from vulnerability? Is there a timescale for when the CSP will be fully deployed in the portal? Once the CSP has been successfully implemented,...
How to change the generated OTP from alphanumeric to numeric in multi-factor authentication?
legacy How To
NOTE: The following resolution requires customization and should only be implemented at the discretion of your team. Liferay Support will not be able to assist with designing or implementing customizations. Issue...
Vulnerability CVE-2024-52046 in Liferay DXP
legacy How To
Issue Is Liferay vulnerable to the vulnerability described in CVE-2024-52046? Environment Liferay DXP 7.3 and above Resolution Liferay uses the affected Apache Mina library (`mina-core`) only in LDAP-related code. If...
"http://localhost:8080/o/oauth2/authorize" URL redirect to the Login Page
legacy Troubleshooting
Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM). Issue When accessing the OAuth2 authorization URL...
Getting BadPaddingException errors in the logs after an upgrade
legacy Troubleshooting
Issue After upgrading Liferay DXP, javax.crypto.BadPaddingException errors appear in the logs when using 'Auto Login' feature ('Remember me'). Example error message: ERROR [AutoLoginFilter:247] Current URL /home...
SAML Logout Issues: Multiple Login Entries and Optimistic Locking Exceptions
legacy Troubleshooting
Issue When a user logs out after authenticating via SAML, multiple login entries might be recorded in the audit logs. This can lead to HibernateOptimisticLockingException errors, particularly during...
In SAML setup user is not getting login in the SP and receiving warning on the UI
legacy Troubleshooting
Issue After setting up the SAML process, the user tries to log in receiving the warning below and not being logged in. Environment Liferay 2023.Q4.0 Resolution If users are setting up an identity provider as...
SAML Authentication Error: "This message decoder only supports the HTTP POST method
legacy Troubleshooting
Issue The following SAML errors appear in the Liferay logs: ERROR [http-nio-8080-exec-5][BaseSamlStrutsAction:53] org.opensaml.messaging.decoder.MessageDecodingException: This message decoder only supports the...
Unexpected SAML calls: com.liferay.saml.internal.servlet.filter.SpSessionTerminationSamlPortalFilter.doProcessFilter
legacy Troubleshooting
Issue When navigating through the portal with SAML disabled, there are a few SAML-related filters that are still being processed, leading to database calls and causing slower performance. at...
CORS request is failing
legacy Troubleshooting
Issue If the user allows any origin (Access-Control-Allow-Origin: *) to access the resource, the CORS request fails. Steps to reproduce: 1. Start Liferay DXP 7.4 U90 2. Navigate to Control Panel > Instance...
LIFERAY.HEADLESS.DELIVERY scope missing or delayed in OAuth 2 applications
legacy Troubleshooting
Issue The LIFERAY.HEADLESS.DELIVERY scope is missing or delayed in appearing when creating or managing OAuth 2 applications. The issue can occur intermittently, with the scope sometimes appearing after a delay of...
Is it possible to offer both SAML and OIDC as SSO options?
legacy How To
Issue Both SAML and OpenID Connect(OIDC) can be configured on the same Liferay instance. However, the option to authenticate using OIDC is missing whenever SAML is enabled. Is it possible for a user to select either SSO...
Audit Events filtered by date/time are not being exported accurately
legacy Troubleshooting
Issue When using using the Audit Export Feature, filters for date and time are not applied accurately in the resulting CSV file. The exported file may not include entries explicitly requested by the filter. For...
I want to skip OpenID Connect provider selector at sign in if there is only one provider
legacy Troubleshooting
Issue We want to bypass the client selection screen because there is only one OpenID Client to choose.   Environment Quarterly Releases   Resolution There is a Feature Request opened for this which is currently under...
Vulnerabilities for spring-web and spring-core
legacy
Issue Vulnerabilities remain unresolved in spring-web and spring-core, even after a fix was applied to spring-context. For spring-web: Vulnerable component: org.springframework:spring-web:5.3.39 For spring-core:...
Is Session Prediction Possible in Liferay
legacy
Issue Is it possible an attacker could predict the JSESSIONID and gain unauthorized access, referencing an example from a 'Session Prediction' article? Explanation of Issue Using the "Catalog" Page in Postman: If a...
Enabling both Liferay's default login and SAML login so that users can use either option
legacy How To
Issue I would like to configure and enable SAML login while also having Liferay's default login available to users so that they can have two options for logging in. Environment DXP 7.4+ Quarterly Release Resolution...
Resolving 401 Errors When Using Authorization Bearer Tokens in RestBuilder APIs
legacy Troubleshooting
Issue When making calls to a REST API service created with RestBuilder that includes the Authorization Bearer token header, the responses often return a 401 Unauthorized status. However, when the same service is...
Is Liferay Vulnerable to CVE-2023-45960?
legacy
Issue I would like to know if Liferay is vulnerable to CVE-2023-45960?  Is Liferay affected by CVE-2023-45960? Environment Quarterly Release 2024.Q1.7 Resolution The NIST listing for CVE-2023-45960 has been withdrawn and...
Enabling real-time antivirus scanning without asynchronous background scans
legacy How To
Issue We would like to enable real-time antivirus scanning for uploaded files but disable asynchronous background scanning of the document library. The issue arises because: Enabling...
High CPU and memory use with stacktraces associated to password encryption
legacy Troubleshooting
Issue The environment starts using a large amount of CPU and also memory. Reviewing thread dumps taking during that time, there are many threads associated to PBKDF2PasswordEncryptor.encrypt, such as:...
Embedding videos using basic web content
legacy Troubleshooting
Issue When we try to embed a video using <iframe> tags, during the creation the video displays, however after publishing the content and editing it again, the video is not displayed anymore and the source is updated...
Unable to get OpenID Connect's link to work after upgrading to a Quarterly Release
legacy Troubleshooting
Issue After upgrading to Quarterly Release 2023.Q3.4 from DXP 7.3, we've found that OpenID Connect is no longer working. The button is no longer populating within the UI even after enabling it using this article:...
Liferay Throws java.lang.ClassCastException: class org.apache.xerces.parsers on Login
legacy Troubleshooting
Issue Liferay throws a ClassCastException after upgrading, the upgrade logs show no errors.  Liferay throws an error after non-graceful shutdown ERROR [http-nio-8080-exec-8][AutoLoginFilter:247] Current URL...
SCIM API is not working as expected to link existing users to SCIM Client
legacy
Issue I'm unable to use the PUT API to update users as linked to the SCIM Client. I'm not able to add new users and then update them using the PUT API linking them to the SCIM client. Environment 2024.Q1+ Resolution...