The Custom Assets feature has been formally deprecated and removed from Analytics Cloud. The feature had been under a "deprecation" feature flag for several quarters, and the retirement process is now complete.

Reviewers can now see exactly how content will appear to end users when using a Display Page Template, ensuring layout and formatting are correct before publishing.

• Applies to multiple types of content, including Web Content Articles and Blog Entries.
• Reviewers can now see all editable fields for content items in the Data tab — including custom fields created via structures.

Key Benefits:

• Improves content quality: Ensures that reviewers can see exactly how content will appear to end users, helping maintain visual and structural accuracy before publishing.

• Reduces publishing risks and errors: Allows early detection of layout or formatting issues, minimizing rework and post-publication corrections.

• Saves time in the review process: Streamlines validation and reduces the need for multiple review cycles.

Site Settings are now exportable through Headless APIs.

Key Benefits:

• Simplified Environment Migration: Easily migrate all site-scoped configurations together with site content using the Batch Engine and Headless Site API.

• Greater Consistency: Ensures that site settings and behaviors are replicated accurately across environments.

• Enhanced Automation: Supports headless and automated deployment workflows, removing the need for manual configuration updates for site settings.

With the launch of the new CMS 2.0, two fragments have been created that allow the customers to build a more complete and flexible experience for the end-user. These Accordion and Drag and Drop Upload fragments are better aligned with the real needs of a CMS user and content editors in general, as they allow for improved organization of information and increased usability when managing information and files of any type.

Key Benefits:

• Accelerated Time-to-Value: Ready-made fragments allow customers to quickly drag-and-drop functional components, reducing development time and enabling marketing and content teams to create new experiences faster.

• Lower Cost of Ownership: Platform-maintained fragments reduce the burden of custom code, ensuring greater long-term stability, easier upgrades, and less time spent on maintenance.

With the launch of the new CMS 2.0 and the need to integrate and contribute related objects, a new form fragment has been created. This Form Relationship fragment allows users to populate/fill in nested objects within a form container. With this new fragment, we provide customers with the ability to create more complex forms where they can complete the information for these related objects, thereby offering a more complete experience for the creation of complex applications and for the CMS itself.

Key Benefits:

• Maximize Authoring Velocity: By unifying the creation of parent and embedded (repeatable) entities into a single, contextualized screen, customers eliminate clicks and custom code, allowing content teams to publish complex experiences significantly faster.

• Ensure Data Integrity: The out-of-the-box fragments enforce data structure and contextual relevance for child entities at the point of creation, guaranteeing consistent, structured content that provides a unified experience for end users.

Style Books now support 8-digit hex colour codes (e.g. #RRGGBBAA), which include an alpha channel to define opacity. Previously, these values only worked when set as defaults in the frontend-token-definition.json file; manual input in the editor would strip the opacity digits. With this update, customers can directly enter and save full 8-digit hex values in the Style Book editor, and the opacity is correctly reflected in the UI.

Key Benefits:

• User will be able to define colours with both RGB and transparency in a single, standardised format improving Liferay’s design flexibility.
• Aligns with modern CSS and browser support for 8-digit hex codes.
• No need for more workaround formats (like rgba) to manage opacity.

In this case, the feature “Enable JavaScript Client Extensions for Administration in SaaS Environments” has remained under Release Feature Flag for three consecutive quarters. During this period, it has demonstrated strong stability, with no reported bugs or user complaints.

Following this evaluation, we’ve decided to move the feature to GA, based on its proven reliability, adoption, and positive feedback.

Semantic Content Indexing

When the feature flag LPS-122920 is enabled, the platform can now create text embeddings (numerical representations of input text, also known as vector embeddings) for Object entries. These embeddings are generated using the content from the searchable fields and are meant to capture the meaning and the context of the content. You can select from various available third-party providers and models, such as OpenAI or Hugging Face, to generate these vectors.

Customizable Search

Now that semantic indexing is also supported for Object entries, you can create highly customized searches using Blueprints. Specifically, the Rescore by Text Embedding query element is available for use.This element automatically handles the process of creating vectors from the user’s keywords through the configured provider.

For instance, this capability allows you to combine traditional keyword search with AI-powered vector search techniques to implement hybrid search, now also for Object entries. This combination is quickly becoming the new standard for modern content search and discovery.

Key Benefits:

More Relevant Search Results: Create search experiences that understand the meaning and context of your Object based content or application data and user searches.

The Semantic Search capability is planned to be moved to GA status in early 2026. This timeline is intended to outline Liferay’s general product direction and it is subject to change.

The headless Search APIs (GET and POST /o/search/v1.0/search) become GA, enabled by default. No feature flag required.

From now on most CSS files in Liferay have hashed file names at build time. For example, a clay.css file may appear at run-time with a randomly generated hash value in the name, like clay.(tvERyCVfuRc).css.

This hash value represents a unique version of this file, so the browser can identify that the file's contents haven't changed. This allows the file to remain in Liferay's cache indefinitely.

For those files that can not be hashed, because they are generated in runtime by the server depending on some parameter such as the css tokens, a new onfiguration is available in DXP to configure the TTL and the possibility to add the no-cache header, that ensures the revalidation of the asset with the server before to being served.

Also, hashed files have a fallback strategy based in TTL+eTag if they are called by their canonical name, this is a fallback for error in the import maps or old portlets that doesn’t know the name of a hashed file.

Key Benefits:

The new Liferay DXP caching strategy for CSS files improves performance and stability.

1. Faster Page Loads: Significant reduction in subsequent load times.

2. Elimination of Stale Resources: Hashed URLs prevents users from seeing outdated CSS after an update.

3. Reduced Origin Server Load: Less server overhead as browsers retrieve unchanged files directly from their local cache, saving CPU and bandwidth.

4. Cache busting: Updated resources automatically force the browser to fetch the new version, but updating their file name with a new hash when content changes.

When a user visits a page that contains a Data Set, there is a certain amount of data that can be altered in some ways:

• By filtering the data

• By ordering the data

• By changing the columns to show on the Table Visualization

• By changing the visualization mode

When users navigate away from the Data Set and then return, these unsaved changes are lost, leading to a frustrating user experience.

This feature automatically saves the current view state of a Data Set in the URL. This saved state will ensure the Data Set configuration is consistently recoverable when users navigate back (via browser history or links) and, crucially, that a shared URL provides colleagues with the exact same view.

Key Benefits:

• Avoid user frustration: When the user returns to the Data Set they face the same state they had when they left.

• Sharing what you see with other users: Users can share the link of a page with a Data Set and the user acessing that very page will face the same Data Set state.

As in Ck Editor 4, and to cover the feature parity, the AI Creator plugin has been added to CK Editor 5, so content creators can rely on an AI to create content seamlessly.

Key Benefits:

• Accelerate content creation leveraging AI text generation services

Admins can now fully customize the Rich Text Editor configuration in CKEditor 5 using a new Client Extension. This new extension achieves feature parity with the old CKEditor 4 extension, allowing you to define which toolbars are available across different applications.

Bonus Feature: Unlike its predecessor, the CKEditor 5 extension supports dynamic loading of official CKEditor plugins not included by default in DXP, greatly expanding your customization options.

Key Benefits:

• Allow dev users to modify the CK Editor 5 configuration such as new block styles

• Allow the dev users to hide plugins such as the options in the editor toolbaar.

• Allow users to dynamically add more plugins from CK Editor official showcase.

• Administrators can enable the SPA feature at instance level

• This allow different customers in SaaS to have different configurations as previoulsy it was enabled just at System level (same configuration for several customers)

• SPA config at instance level overrides the SPA config defined at System level

Key Benefits:

• Mostly SaaS customers can enable/disable SPA in their instance isolately, so Liferay Cloud administrators can defer this configuration to users.

When administrators turn on CKEditor 5 feature flag (LPD-11235), the Email Configuration will use CKE5 as the default text editor.

Key Benefits:

• Consistency across DXP, enabling the CK Editor 5 is offered in one more experience that now is covered.

The Liferay database upgrade process has been enhanced with automated database repair routines to improve the speed and reliability of DXP upgrades.

During the upgrade process, these routines automatically identify and correct common database inconsistencies or missing references.

These repair routines are targeted at known issues with data structures only, keeping your critical data content safe. Details of these repair processes are provided for review in the Liferay Upgrade Report after a database upgrade completes.

Key Benefits:

• Faster upgrades

• Minimize risks for current and future upgrades

• Automates data maintenance

The following database versions have reached end of life from their vendors and are now under deprecation for DXP:

1. DB2 11.1

2. MariaDB 10.2

3. MariaDB 10.4

4. MySQL 5.7

5. PostgreSQL 12.x

6. PostgreSQL 13.x

7. SQL Server 2017

Please refer to the 2025.Q4 compatibility matrix for the full list of supported Databases.

The following Operating System versions have reached end of life from their vendors and are now under deprecation for DXP:

1. CentoOS 7

2. CentoOS 8

3. Debian 10

4. Debian 11

5. Oracle Linux 7

6. Red Hat Enterprise Linux 7

7. SUSE Enterprise Linux 12

8. Ubuntu 18.04

9. Ubuntu 20.04

Please refer to the 2025.Q4 compatibility matrix for the full list of supported Operating Systems.

This epic introduces multi-parent support for Object Definitions, allowing a single child object (e.g., Address) to be associated with more than one possible parent definition (e.g., User or Account). While the definition can support multiple parents, each Object Entry can still only belong to one parent entry at a time, ensuring data consistency.

Key Benefits:

• This new feature allows more flexibility when organizing your entries with regards to permissions inheritance. 

This feature introduces a new, configurable "On after Login" trigger for Liferay Object Actions. This will empower administrators and developers to define and execute automated processes on Object entries (e.g., creating, updating, or deleting entries, calling external APIs, sending emails) immediately after a user successfully logs into Liferay portal.

Key Benefits:

• Faster Time-to-Market: New features tied to user authentication (like automatically creating a user's dashboard data) can be deployed in minutes via the UI, without involving custom development.

• Extended Low-Code Power: The Objects framework becomes more valuable by handling a critical part of the digital experience—user sign-in—without needing traditional coding skills.

• Real-Time Data Integrity: Ensures that user-specific custom data (like status, last login date, or personalized onboarding tasks) is created or updated instantly and automatically upon login, keeping all systems synchronized.

This feature allows users to subscribe to entries to receive notifications when entries are updated. This addresses the need for real-time awareness and governance over content and data

Key Benefits:

• Enhanced Data Integrity and Compliance: Users who rely on specific documents, legal disclaimers, or data records can be confident they are instantly alerted when that asset changes.

• Audit Trail and Accountability: Notifications tied to events like Asset Updated or Asset Expired create an automated audit trail. The system ensures that stakeholders know when and what was changed, improving accountability across teams.

• Reduced Notification Fatigue: By automatically inheriting the subscription status, the UI can prevent users from double-subscribing, which cleans up the interface and reduces unnecessary email clutter.

Users are able to configure email and user notification templates to be sent to User groups, delivering significant benefits centered on efficiency, audience segmentation, and reduced administrative burden.

Key Benefits:

• Massively Improved Communication Efficiency: Eliminates the tedious, error-prone task of manually managing recipient lists.

• Precise Audience Segmentation: Ensures the right information reaches the right functional segment of the organization

• Clean Data and Reduced Notification Fatigue: by resolving users who are members of multiple selected groups. This keeps inboxes clean and reduces notification fatigue, making the alerts that are sent more likely to be read and acted upon

This release introduces the foundational layer for versioning object entries within the Liferay Objects framework. Versioning allows teams to track the full lifecycle of data changes, revert entries when needed, and ensure auditability — a key requirement for organizations dealing with regulated or collaborative content.

In this first phase, the versioning capability is available exclusively via API, giving developers immediate access to version history, preview, and restore operations. A dedicated configuration in Object Admin allows administrators to enable or disable versioning per object definition.

Key Benefits:

• Versioning brings greater control and safety to object data by keeping a full history of every change. It allows teams to recover previous states, avoid data loss, and meet audit or compliance needs. With API-first access, developers can immediately start using version history, preview, and restore in their applications

This release introduces scheduling capabilities to object entries, allowing users to define when an entry should go live, expire, or be reviewed. This brings Objects closer to real content lifecycle management — similar to what already exists in Web Content — and enables automation for time-sensitive data.

With this feature, object entries can be activated or deactivated automatically based on predefined dates, and optional review dates help teams stay compliant with legal, operational, or business rules.

Key Benefits:

• Scheduling gives users more control over when content or data becomes visible, expires, or needs review — reducing manual work and improving timing accuracy. It helps teams automate recurring tasks (such as publishing promotions or removing expired assets), avoid compliance risks, and ensure content stays up to date. With built-in notifications, users are always informed of upcoming actions, making lifecycle management simpler and more reliable.

This release introduces a new configuration that allows the owner of an Object Definition to decide whether it can be used inside Form Containers in Page Builder. While objects could already be mapped to forms before, administrators now have explicit control over which objects are exposed for page-level form experiences.

This provides a governance layer that helps avoid accidental exposure of internal, sensitive, or system-bound data structures, while still allowing selected objects to participate in dynamic form experiences when desired.

Key Benefits:

• This configuration gives object definition owners full control over whether their data can be used in Page Builder forms, improving security, reducing clutter in the selector, and preventing misuse of objects that were never intended for page-level experiences. Teams can now allow only the right objects to power form-based experiences, while keeping internal or backend-only objects protected.

This release introduces a new Assignee field type for Liferay Objects, enabling entry-level ownership and task assignment. With this field, object entries can now be assigned to Users or Roles, making Objects suitable for workflow-style, task-driven, and ownership-based applications.

Once assigned, the user or role automatically gains permission to edit the entry, even if they did not previously have it explicitly. This makes it possible to build review flows, approval processes, service desks, onboarding pipelines, partner applications, and more, all using native Objects.

Key Benefits:

• The Assignee field brings native task ownership to Objects, allowing teams to build assignment-based processes with automatic permissions, "My Entries" filtering, and full API and UI support. This reduces the need for custom logic, enables clearer responsibility tracking, and unlocks use cases like approvals, case management, service requests, onboarding workflows, and more.

This feature introduces a new permission that allows object administrators to control who can download files attached to object entries. With this enhancement, each attachment field can define its own download permission, ensuring that only authorized users are able to retrieve files — without blocking visibility or access to the entry itself.

Key Benefits:

• This feature adds granular control to file downloads, allowing administrators to manage who can retrieve sensitive attachments without restricting access to the rest of the entry. It improves security, supports compliance workflows, and aligns Object attachments with the permission flexibility already available in Documents & Media.

The FF changes from Released to GA

An MCP (Model Context Protocol) Server acts as a bridge between your solution and AI models. For us, the new Liferay DXP MCP Server exposes our Headless APIs through a standardized interface that LLMs can understand and interact with allowing them both to retrieve information, but also interact with Liferay DXP to create or update different types of entities.

This standard enables easy, cost-effective integrations of Liferay DXP with various AI models (like ChatGPT or Gemini). Leveraging the headless APIs ensures LLMs can reliably access data using structured protocols while strictly enforcing the user's Liferay permission system for security.

Key Benefits:

• Reduces costs of implementation and maintenance for integrating Liferay with compatible LLM models.
• Security: Enforces the user's permission system via Headless APIs, ensuring data security.

Liferay seeks to better understand how administrators engage with the Control Panel and Product Menu in self-hosted environments. Since these deployments are customer-managed, Liferay currently lacks visibility into real-world admin behavior.

This feature introduces a privacy-first analytics solution that enables organizations to opt in to share anonymized usage data. By doing so, Liferay can gain valuable insights to enhance usability, guide product improvements, and deliver a more data-informed experience, while maintaining full transparency and compliance.

Key Benefits:

• Data-Driven Product Improvements: Gain visibility into real-world admin behavior to prioritize enhancements that deliver the most value.

• Enhanced Customer Experience: Use insights to refine usability and optimize administrator workflows.

• Trust and Compliance: Ensure analytics collection respects customer autonomy, privacy, and regulatory requirements through an opt-in model.

This feature enables administrators to map OpenID Connect (OIDC) user attributes to Liferay custom fields during user authentication or synchronization. By allowing flexible attribute mapping, organizations can seamlessly integrate identity data from external providers, ensure user profiles remain accurate and complete, and reduce manual configuration. This enhances interoperability, simplifies user management, and supports a more personalized user experience across systems.

Key Benefits:

• Seamless Integration: Simplifies connecting external identity providers by automatically mapping OIDC attributes to Liferay user data.

• Improved Data Consistency: Ensures user profiles are accurate and synchronized across systems without manual intervention.

• Enhanced Flexibility: Allows organizations to tailor user data mapping to their specific business and compliance needs.

This feature introduces the ability to map SCIM (System for Cross-domain Identity Management) attributes to Liferay custom fields. It allows organizations to synchronize additional user information from external identity systems beyond standard fields. By enabling flexible attribute mapping, Liferay supports richer identity data integration, simplifies user provisioning, and strengthens alignment with enterprise identity management standards.

Key Benefits:

• Streamlined Identity Synchronization: Automatically align user attributes between Liferay and external identity providers.

• Greater Flexibility: Support custom business requirements through configurable mappings of SCIM attributes.

• Enhanced Data Accuracy: Maintain consistent and up-to-date user information across all connected systems.

This feature enables Liferay to function as both a SAML Identity Provider (IdP) and a Service Provider (SP) at the same time. With this capability, organizations can simplify complex authentication flows—such as acting as an IdP for connected systems while also consuming authentication from an external IdP. This flexibility supports diverse deployment scenarios, multi-tenant setups, and hybrid identity architectures. user provisioning, and strengthens alignment with enterprise identity management standards.

Key Benefits:

• Increased Flexibility: Support advanced identity configurations by allowing Liferay to serve dual roles in SAML-based authentication.

• Simplified Integration: Reduce complexity in hybrid or multi-system environments by centralizing identity management within Liferay.

• Enhanced Interoperability: Enable seamless authentication across multiple systems without compromising security or compliance.

The new OIDC authentication enhancement uses the OIDC “sub” (subject) claim to identify users instead of relying on email addresses. Since the “sub” claim is a unique and permanent identifier assigned by the identity provider, it ensures consistent and reliable user recognition even if a user’s email changes or multiple providers share the same address. This improves account stability, reduces login mismatches, and enhances overall security and user experience.

Key Benefits:

• Reliable user identification: Ensures consistent recognition of users even if their email address changes.

• Eliminates account mismatches: Prevents conflicts caused by identical email addresses across different identity providers.

• Improved security: Uses the permanent and unique OIDC “sub” claim, reducing the risk of identity errors.

• Better user experience: Provides seamless authentication and minimizes login or access issues.

We created an API for allowing the user to access the OIDC accessToken from the DB by enabling the serviceLocator

The FF changes from Released to GA

The FF changes from Released to GA

The FF changes from Released to GA

Configuring Content Security Policy Headers - Liferay Official Documentation

A new, streamlined experience for managing your SSL certificates in Liferay Cloud. New status messages and alerts provide more transparency and control over your certificate lifecycle, helping you to proactively manage your domains and avoid costly downtime.

With the new Enhanced Certificate Management Experience, you'll be alerted if a certificate is misconfigured, has expired, or has been successfully renewed. Giving you a better understanding if any immediate action is required. We've also added a new "Renewal Status" column to the SSL Certificates tab, giving you at-a-glance visibility into the health of your certificates. This will empower you to identify and troubleshoot issues on your own, reducing the need for support tickets and giving you more control over your environment.

Key Benefits:

• Better visibility on certificate status.

• Better understanding of actions required in a specific certificate.

• Improved troubleshooting experience for certificate renewal errors.

Asset performance tracking in Analytics Cloud has been expanded to include interactions within Page Fragments. Previously, only assets displayed via Native Widgets (Portlets) were instrumented for performance metrics.

The previous OIDC authentication flow identified users based on their email address, which could led to mismatches if users changed their email or if different identity providers shared the same address. To ensure reliable user identification, the system now matches users using the OIDC sub (subject) claim, which is a permanent and unique identifier for each user.

Key Benefits:

• Improved identity reliability: Using the OIDC sub claim ensures each user is consistently and uniquely identified, even if their email address changes over time.

• Reduced authentication conflicts: Eliminates mismatches caused by shared or reused email addresses across different identity providers, improving security and user experience.

This mechanism is server-to-server, making it more reliable than front-channel methods that depend on the user's browser. The IdP will directly notify each RP (Relying Party aka Service Provider) that a user's session has ended by sending a signed logout_token. The RP must validate this token and terminate the corresponding local session.

Key Benefits:

• Higher reliability and security: Server-to-server logout does not rely on the user’s browser, reducing failures caused by network issues, blocked scripts, or closed sessions.

• Consistent session termination: Signed logout_token notifications ensure each RP can securely validate and promptly terminate the correct local user session.

RFC 7591 enables OAuth 2.0 clients to register dynamically with the portal’s Authorization Server, removing the need for manual client setup. It defines how Liferay can securely accept client metadata, endpoints, and credentials on-the-fly. This allows Liferay apps, modules, or external services to integrate seamlessly and scale efficiently. By automating client onboarding, it strengthens Liferay’s identity and access management capabilities.

Key Benefits:

• Eliminates manual configuration by allowing apps and external services to self-register securely with the Authorization Server.

• Speeds up integrations and scaling by automating client onboarding while improving IAM consistency and security.

RFC 8414 provides the manual and error-prone process of configuring clients to talk to authorization servers by standardizing the way for the Authorization Server to publish its configuration automatically. The specific URLs (endpoints) and capabilities can be managed through the UI.

Key Benefits:

• Eliminates the need to hardcode specific URLs, preventing configuration errors and allowing the server endpoints changes to be adapted instantly.

• Provides a standard location for clients to find the server's public keys, enabling the server to rotate security keys automatically without breaking your application or requiring a software update.

The feature is now fully released.

This features is now fully released.

This feature is now fully released. 

This features is now fully released.

Object definition creators can now set default values for specific field types during the object design phase. When a user (or an external system via API) creates a new object entry, these fields will be pre-populated with the specified values if no other data is provided.

Key Benefits:

• Reduced Manual Labor: Users no longer have to manually fill in "standard" information for every new entry.

• Data Integrity: Ensures that critical fields (like "Status" or "Initial Score") are never left empty or inconsistent during the initial creation phase.

As the CMS feature flag is removed, this functionality will be promoted from beta to release status.

As the CMS feature flag is removed, this functionality will be promoted from beta to release status.

As the CMS feature flag is removed, this functionality will be promoted from beta to release status.

As the CMS feature flag is removed, this functionality will be promoted from beta to release status.