Kaleo Forms was already in maintenance mode. It is now being moved to deprecated, so it can be removed at the same time as DDL in about a year. This solution is being replaced by Objects, Workflow, and Form Container Fragments.

In order to allow developers to exclude directories from the build, a new property has been added: liferay.workspace.dir.excludes.globs= 

These modules are obsolete ones and are no longer being used. They have been moved to deprecate and later it will be removed.

We introduced a new feature to streamline workflows with 1:1 relationships between objects! Now, users can create and update nested objects directly from the primary object's CRUD views, and enjoy seamless delete and view operations translated from the Data Set Manager (DSM). This update makes managing data smoother and more efficient.

Add changeTrackingEnabled to the standard rest-config.yaml so that services must specify Publications support. This will simplify the process of enabling change tracking for future Headless APIs.

Some upgrade processes may not consider the ctColectionId column which may generate inconsistencies for customers using Publications, especially for older versions.

Aiming to provide a better way to manage Object entries, now Display Pages allow the creation of Object Edit experiences, using Forms Container and Fragments.

When using a Form Container in a Display Page, submitting it will now update the object entry being displayed.

This, combined with the possibility to use multiple display pages at the same time, and the new “Save as Draft” option for objects, enable a whole new set of possibilities for customers, such as creating multi-step processes out of the box.

Now we prevent content creators from generating page conflicts and errors by automatically locking pages when they are opened in Edit Mode, not allowing other users edit it at the same time. Beside that, a recurrent process reviews all locked pages to unblock them automatically if no activity is registered. Administrators can also unlock them manually if it’s needed.

The old import modal for Fragments and Page Templates is substituted by a new special import page, a new page with the import outcomes is added with the results of the process and last, but not least, the user is provided more import options for a better management of the already existing files: Overwrite Existing Entries, Overwrite Existing Items, Keep Both. A WARNINGS label is added as well to the fragments that were imported with warnings and that could cause malfunctions.

Apart from exposing information in tables, with the Data Set Manager now admins will be able to define actions linked to each of the elements of the data set. For each action:

• Admins can provide a localized label
• Choose the icon to be used
• Provide the URL to redirect the user to. In case you need to parametrize it so each row has a different URL, you can do it by adding it between brackets as part of the URL, for example myURL/{id}/editPage will look for “id” in the Headless response and substitute for the corresponding value in the URL.
• With “Headless Action Key” admins can associate an action to a headless endpoint, which takes permissions into account, so the action will only be shown to the user if the corresponding headless action is present in the response. For example, you can link an “edit” action to the “update” Headless Key.
• Provide an optional Confirmation Message if needed.

• In order to use this feature enable “Data Set Manager” in the BETA section of the Feature Flags menu.

Admins can define filters to make them available for end users visiting pages with the dataset fragment. There are 3 types of filters available:

• Date filters: compatible with fields of type date. Admins can provide a name to the filter as well as provide a “From” and “To” dates to be pre-applied if needed.
• Selection filters: This filter allows admins to configure a picklist as the source of the options for the filter.
• Client extension: This new client extension enables admins and developers to fully customize the filter experience and add new types of filters depending on their needs.

• In order to use this feature enable “Data Set Manager” in the BETA section of the Feature Flags menu.

With the Data Migration Center, users can export and import, in a very easy way, Objects entries and Objects definitions from one instance to another using JSON files. The actions executed can be consulted later in a list when you can download the files generated every time is needed.

In the portal, Site Administrators are able to create different User Experiences for Pages. Publications can publish these Experiences. However it can be confusing for Publication Reviewers that they can not review changes introduced in all the Experiences, which are going to be published. Here we added the ability to Publication Reviewers to view changes added in all the Experiences which are going to be published.

Blueprints are referenced by their ERCs under-the-hood in the Blueprints Options widget and the Low-Level Search Options widget also supports a new attribute called search.experiences.blueprint.external.reference.code as the recommended way to configure a blueprint (preferred over the old attribute search.experiences.blueprint.id). In addition to that, when moving blueprints or elements between different environments using for example the Batch Client Extensions, entries will preserve their ERCs making portability easier. This way, when for example a search page is imported from a LAR, the Blueprints Options and Low-Level Search Options widget configurations can continue working thanks to the association being achieved via the ERC of the blueprint and not via its ID or other identifier that may be different on the new environment.

Lastly, users can now access and edit the ERC of blueprints and elements directly from the editors.

When users access a site in a language different from their user profile language, the following Information message is shown:

Now administrators can configure if this message will show up or not from System or Instance. Go to Instance Settings > Pages > Friendly URL Redirection and check/uncheck the “Show Alternative Layout Friendly URL Message” option for the appropriate value.

Liferay Portal 7.4 CE GA101+ and Liferay DXP 7.4 Update 101+ and Liferay DXP 2024.Q1 are bundled with Elasticsearch 7.17.14 as the Sidecar server.

In addition, the Elasticsearch client libraries have also been upgraded to 7.17.14. Refer to the Breaking Changes notes below for more details how this may impact deployments.

This feature adds read-only support for all object fields types, making sure users are not able to update those fields from both the UI or APIs, only the system can through default values or actions for example.

Users can configure their fields between 3 options, read-only true, false, or conditional.

• Read-only false: normal fields that support input from users through the UI or API.
• Read-only true: fields that do not support inputs from users through the UI or API, only can be updated through the system, as actions and default value for example.

  • Read-only fields must be supported in views and layouts, in the layouts those read-only fields must be not editable.

• Read-only conditional: fields that by definition are read-only false, but that will throw exceptions in case the condition is true and the user can’t update that field. In this case, in the UI, the logic should run before the field is loaded, in the headless API, this validation is only made when the user sends the request.
  • The condition is built using expression builder.

Liferay AB Testing capabilities now helps customers save time by reassigning the traffic split based on the running test results. The dynamic traffic allocation ensures that the estimated winner variation gets more traffic, optimizing conversion in highly time-sensitive situations. 

Because WebDAV appears to be the only viable solution for remote documents access/editing for the moment and there is customer demand. WebDAV supports HTTP Basic and Digest auth. The latter requires us to store insecure hashes, because of protocol specifics.

Because we cannot change that nor remove WebDAV support, we will reduce the impact of a successful attack instead.

This is achieved by creating a separate strong password for Digest auth.

We achieve the “strong” characteristic through only allowing generation of passwords, based on UUIDs. This means when the hash is produced, it will also be stronger also, though not perfect.