#BSI WID-SEC-2025-0950: [NEU] [mittel] ##Liferay Liferay #DXP: Schwachstelle ermöglicht Cross-Site Scripting

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Liferay Liferay DXP und Liferay Liferay Portal ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0950

Toto je běžný HTML výstup z CMS Lifefay? ;-) Nebo to webař podělal? #tvorbawebu #liferay

Auditando una nueva web. Parece muy bien hecha, pero descubro que usan #Liferay y empiezan a salir cositas. No podemos escapar de las barreras de accesibilidad impuestas por el gestor de contenidos y debemos hacernos cargo de ellas para cumplir, que digo, hacer la vida mejor a todas las personas. #a11y

Good news for #Liferay users!

Version 3.0.0 of the official # ONLYOFFICE connector for Liferay is already available.

With the updated integration app, you can edit #PDF files and create fillable PDF forms right within your Liferay platform.

Read this article to find out more about these features and other improvements: https://www.onlyoffice.com/blog/2025/02/onlyoffice-connector-v3-0-0-for-liferay?utm_source=social&utm_medium=post&utm_campaign=fosstodon

Pentesting Liferay Applications

This guide explores techniques to identify vulnerabilities in Liferay environments, covering hidden resources, dangerous functionalities, and known exploits.

https://www.tarlogic.com/blog/pentesting-liferay-applications/

#cms #liferay

#BSI WID-SEC-2024-3252: [NEU] [hoch] #Liferay #DXP #und #Portal: Mehrere Schwachstellen

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Liferay DXP und Liferay Portal ausnutzen, um Administratorrechte zu erlangen Sicherheitsvorkehrungen zu umgehen, einen Denial of Service zu verursachen oder beliebigen Code auszuführen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3252

FLOSS Weekly Episode 796: Homebrew, I’m More of a Whopper Guy https://hackaday.com/2024/08/14/floss-weekly-episode-796-homebrew-im-more-of-a-whopper-guy/ #HackadayColumns #FLOSSWeekly #Podcasts #Liferay #Slider #java

FLOSS Weekly Episode 795: Liferay, Now We’re Thinking With Portals https://hackaday.com/2024/08/07/floss-weekly-episode-795-liferay-now-were-thinking-with-portals/ #HackadayColumns #FLOSSWeekly #Podcasts #Liferay #java

Liferay is so needlessly complicated that simple things don’t make sense anymore…

This doesn’t work:

attiSearchContainer.setResultsAndTotal(
       () -> AttoServiceUtil.search(searchContext),
AttoServiceUtil.searchCount(searchContext));

But this works fine:

List<Atto> attoList = AttoServiceUtil.search(searchContext);
attiSearchContainer.setResultsAndTotal(() -> attoList, AttoServiceUtil.searchCount(searchContext));

#liferay #java

REUSE helps to make licensing easy, comprehensive, unambiguous, and machine-readable

📺 Watch our interview with Matija Šuklje , Director, Legal & Associate General Counsel from #Liferay

https://media.fsfe.org/w/8vznSsHk6Brh9dD3s9HoK5

#freesoftware #softwarefreedom

The #Liferay Portal software < 7.4.3.88 respectively < 7.4.3.92 is affected by persistent cross-site-scripting vulnerabilities. https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal/ #itsecurity #infosec #pentesting

RT stackdpodcast: Wondering what we were talking in 2012?
#7: Kito, Ian, and @dhinojosa discuss the #PrimeFaces / #ICEfaces controversy, #JSF 2.2, #MyFaces, #Mojarra, #PrettyFaces, #DeltaSpike, #JBoss EAP, #Hibernate, #WebSphere, #Liferay, #MyBatis for #Scala, and more. buff.ly/44Xn9HS

Wir haben uns das Liechtensteiner #Gesundheitsdossier und die zugrunde liegende Portal-Software #Liferay angeschaut. Im Ergebnis haben wir Verwundbarkeiten in Liferay gefunden und Schwächen im IT-Setup: https://www.pentagrid.ch/de/blog/it-sicherheit-beim-elektronischen-gesundheitsdossier-im-fuerstentum-liechtenstein/ #itsicherheit #informationssicherheit #eHealth #eGD

We had a look at Liechtenstein's electronic health files and the underlying #Liferay portal software and found some weaknesses in the portal software as well as risks in the IT setup. Full article (in German only): https://www.pentagrid.ch/de/blog/it-sicherheit-beim-elektronischen-gesundheitsdossier-im-fuerstentum-liechtenstein/ #itsecurity #infosec #eHealth #eGD

#Job #Arbeit #Marketing

Meine #Agentur #JungvonMatt Creators in München sucht dringend Verstärkung im Bereich #ContentManagement / #Redaktion und #UserSupport / #Administration / #Testing für einen großen bayerischen Autohersteller. Die genutzte Plattform ist #Liferay, Deutsch und Englisch fließend in Wort und Schrift sind Voraussetzung. Die Mitarbeit in unserem wirklich netten Team ist nach der Einarbeitungszeit auch deutschlandweit aus dem #Homeoffice möglich!

https://www.jvm.com/de/jobs/jung-von-matt-creators-gmbh-m%C3%BCnchen-project-manager-475/

Lundegaard, konzultačně-technologická společnost specializující se na vývoj softwarových nástrojů a poskytování služeb digitální transformace, ve spolupráci se softwarovou platformou #Liferay pomáhá digitalizovat firmy ve výrobním sektoru.

Jako certifikovaný Liferay Gold Partner Lundegaard provázel na cestě inovativní transformace už několik desítek firem a hodlá se v sektoru průmyslové výroby angažovat i nadále.

https://feedit.cz/2022/12/13/digitalizace-pronika-i-do-vyrobnich-firem-spolecnost-lundegaard-ve-spolupraci-s-platformou-liferay-pomaha-podnikum-s-transformaci/

RT @codepitbull@twitter.com

Aaaaaaargh. Meine Fresse. Und wenn ich schon seh wie da #LifeRay wieder ins Spiel gebracht wird. Aber auch alles um Methodik und angestrebte Architektur stinkt. https://twitter.com/tante/status/1542826575661506560

🐦🔗: https://twitter.com/codepitbull/status/1543166942395174912

The following #ONLYOFFICE connectors have been updated to make it possible to work with fillable forms:

✔️ #Alfresco: https://github.com/ONLYOFFICE/onlyoffice-alfresco/releases/tag/v5.1.0

✔️ #Confluence: https://github.com/ONLYOFFICE/onlyoffice-confluence/releases/tag/v3.1.0

✔️ #Jira: https://github.com/ONLYOFFICE/onlyoffice-jira/releases/tag/v1.1.0

✔️ #Liferay: https://github.com/ONLYOFFICE/onlyoffice-liferay/releases/tag/v2.1.0

✔️ #Redmine: https://www.redmine.org/plugins/onlyoffice_redmine

✔️ #Plone: https://github.com/ONLYOFFICE/onlyoffice-plone/releases/tag/v2.1.0

✔️ #HumHub: https://github.com/ONLYOFFICE/onlyoffice-humhub/releases/tag/v2.3.0

✔️ #Nuxeo: https://github.com/ONLYOFFICE/onlyoffice-nuxeo/releases/tag/v1.1.0

✔️ #Chamilo: https://github.com/ONLYOFFICE/onlyoffice-chamilo/releases/tag/v1.2.0

All #ONLYOFFICE integrations:

https://www.onlyoffice.com/all-connectors.aspx

#ONLYOFFICE Desktop Editors v7.0:

✅ fillable forms;
✅ new launch mode - separate windows for text documents, spreadsheets and presentations;
✅ integration with #kDrive and #Liferay;
✅ new interface languages and more.

Read this post to find out more:

https://www.onlyoffice.com/blog/2022/01/onlyoffice-desktop-editors-v7-0/

Download the updated app:

https://www.onlyoffice.com/download-desktop.aspx

Great news, everyone!

Now you can create new documents in #Liferay with the latest version of the #ONLYOFFICE integration app:

https://www.onlyoffice.com/blog/2021/08/create-documents-in-liferay-with-onlyoffice/