The FF changes from Released to GA

This release introduces the foundational layer for versioning object entries within the Liferay Objects framework. Versioning allows teams to track the full lifecycle of data changes, revert entries when needed, and ensure auditability — a key requirement for organizations dealing with regulated or collaborative content.

In this first phase, the versioning capability is available exclusively via API, giving developers immediate access to version history, preview, and restore operations. A dedicated configuration in Object Admin allows administrators to enable or disable versioning per object definition.

Key Benefits:

• Versioning brings greater control and safety to object data by keeping a full history of every change. It allows teams to recover previous states, avoid data loss, and meet audit or compliance needs. With API-first access, developers can immediately start using version history, preview, and restore in their applications

This release introduces a new configuration that allows the owner of an Object Definition to decide whether it can be used inside Form Containers in Page Builder. While objects could already be mapped to forms before, administrators now have explicit control over which objects are exposed for page-level form experiences.

This provides a governance layer that helps avoid accidental exposure of internal, sensitive, or system-bound data structures, while still allowing selected objects to participate in dynamic form experiences when desired.

Key Benefits:

• This configuration gives object definition owners full control over whether their data can be used in Page Builder forms, improving security, reducing clutter in the selector, and preventing misuse of objects that were never intended for page-level experiences. Teams can now allow only the right objects to power form-based experiences, while keeping internal or backend-only objects protected.

This feature introduces a new, configurable "On after Login" trigger for Liferay Object Actions. This will empower administrators and developers to define and execute automated processes on Object entries (e.g., creating, updating, or deleting entries, calling external APIs, sending emails) immediately after a user successfully logs into Liferay portal.

Key Benefits:

• Faster Time-to-Market: New features tied to user authentication (like automatically creating a user's dashboard data) can be deployed in minutes via the UI, without involving custom development.

• Extended Low-Code Power: The Objects framework becomes more valuable by handling a critical part of the digital experience—user sign-in—without needing traditional coding skills.

• Real-Time Data Integrity: Ensures that user-specific custom data (like status, last login date, or personalized onboarding tasks) is created or updated instantly and automatically upon login, keeping all systems synchronized.

This release introduces scheduling capabilities to object entries, allowing users to define when an entry should go live, expire, or be reviewed. This brings Objects closer to real content lifecycle management — similar to what already exists in Web Content — and enables automation for time-sensitive data.

With this feature, object entries can be activated or deactivated automatically based on predefined dates, and optional review dates help teams stay compliant with legal, operational, or business rules.

Key Benefits:

• Scheduling gives users more control over when content or data becomes visible, expires, or needs review — reducing manual work and improving timing accuracy. It helps teams automate recurring tasks (such as publishing promotions or removing expired assets), avoid compliance risks, and ensure content stays up to date. With built-in notifications, users are always informed of upcoming actions, making lifecycle management simpler and more reliable.

This release introduces a new Assignee field type for Liferay Objects, enabling entry-level ownership and task assignment. With this field, object entries can now be assigned to Users or Roles, making Objects suitable for workflow-style, task-driven, and ownership-based applications.

Once assigned, the user or role automatically gains permission to edit the entry, even if they did not previously have it explicitly. This makes it possible to build review flows, approval processes, service desks, onboarding pipelines, partner applications, and more, all using native Objects.

Key Benefits:

• The Assignee field brings native task ownership to Objects, allowing teams to build assignment-based processes with automatic permissions, "My Entries" filtering, and full API and UI support. This reduces the need for custom logic, enables clearer responsibility tracking, and unlocks use cases like approvals, case management, service requests, onboarding workflows, and more.

This feature introduces a new permission that allows object administrators to control who can download files attached to object entries. With this enhancement, each attachment field can define its own download permission, ensuring that only authorized users are able to retrieve files — without blocking visibility or access to the entry itself.

Key Benefits:

• This feature adds granular control to file downloads, allowing administrators to manage who can retrieve sensitive attachments without restricting access to the rest of the entry. It improves security, supports compliance workflows, and aligns Object attachments with the permission flexibility already available in Documents & Media.

This epic introduces multi-parent support for Object Definitions, allowing a single child object (e.g., Address) to be associated with more than one possible parent definition (e.g., User or Account). While the definition can support multiple parents, each Object Entry can still only belong to one parent entry at a time, ensuring data consistency.

Key Benefits:

• This new feature allows more flexibility when organizing your entries with regards to permissions inheritance. 

The new OIDC authentication enhancement uses the OIDC “sub” (subject) claim to identify users instead of relying on email addresses. Since the “sub” claim is a unique and permanent identifier assigned by the identity provider, it ensures consistent and reliable user recognition even if a user’s email changes or multiple providers share the same address. This improves account stability, reduces login mismatches, and enhances overall security and user experience.

Key Benefits:

• Reliable user identification: Ensures consistent recognition of users even if their email address changes.

• Eliminates account mismatches: Prevents conflicts caused by identical email addresses across different identity providers.

• Improved security: Uses the permanent and unique OIDC “sub” claim, reducing the risk of identity errors.

• Better user experience: Provides seamless authentication and minimizes login or access issues.

The FF changes from Released to GA

The FF changes from Released to GA

Configuring Content Security Policy Headers - Liferay Official Documentation

The FF changes from Released to GA

We created an API for allowing the user to access the OIDC accessToken from the DB by enabling the serviceLocator

This feature enables Liferay to function as both a SAML Identity Provider (IdP) and a Service Provider (SP) at the same time. With this capability, organizations can simplify complex authentication flows—such as acting as an IdP for connected systems while also consuming authentication from an external IdP. This flexibility supports diverse deployment scenarios, multi-tenant setups, and hybrid identity architectures. user provisioning, and strengthens alignment with enterprise identity management standards.

Key Benefits:

• Increased Flexibility: Support advanced identity configurations by allowing Liferay to serve dual roles in SAML-based authentication.

• Simplified Integration: Reduce complexity in hybrid or multi-system environments by centralizing identity management within Liferay.

• Enhanced Interoperability: Enable seamless authentication across multiple systems without compromising security or compliance.

A new, streamlined experience for managing your SSL certificates in Liferay Cloud. New status messages and alerts provide more transparency and control over your certificate lifecycle, helping you to proactively manage your domains and avoid costly downtime.

With the new Enhanced Certificate Management Experience, you'll be alerted if a certificate is misconfigured, has expired, or has been successfully renewed. Giving you a better understanding if any immediate action is required. We've also added a new "Renewal Status" column to the SSL Certificates tab, giving you at-a-glance visibility into the health of your certificates. This will empower you to identify and troubleshoot issues on your own, reducing the need for support tickets and giving you more control over your environment.

Key Benefits:

• Better visibility on certificate status.

• Better understanding of actions required in a specific certificate.

• Improved troubleshooting experience for certificate renewal errors.

Liferay seeks to better understand how administrators engage with the Control Panel and Product Menu in self-hosted environments. Since these deployments are customer-managed, Liferay currently lacks visibility into real-world admin behavior.

This feature introduces a privacy-first analytics solution that enables organizations to opt in to share anonymized usage data. By doing so, Liferay can gain valuable insights to enhance usability, guide product improvements, and deliver a more data-informed experience, while maintaining full transparency and compliance.

Key Benefits:

• Data-Driven Product Improvements: Gain visibility into real-world admin behavior to prioritize enhancements that deliver the most value.

• Enhanced Customer Experience: Use insights to refine usability and optimize administrator workflows.

• Trust and Compliance: Ensure analytics collection respects customer autonomy, privacy, and regulatory requirements through an opt-in model.

This feature enables administrators to map OpenID Connect (OIDC) user attributes to Liferay custom fields during user authentication or synchronization. By allowing flexible attribute mapping, organizations can seamlessly integrate identity data from external providers, ensure user profiles remain accurate and complete, and reduce manual configuration. This enhances interoperability, simplifies user management, and supports a more personalized user experience across systems.

Key Benefits:

• Seamless Integration: Simplifies connecting external identity providers by automatically mapping OIDC attributes to Liferay user data.

• Improved Data Consistency: Ensures user profiles are accurate and synchronized across systems without manual intervention.

• Enhanced Flexibility: Allows organizations to tailor user data mapping to their specific business and compliance needs.

This feature introduces the ability to map SCIM (System for Cross-domain Identity Management) attributes to Liferay custom fields. It allows organizations to synchronize additional user information from external identity systems beyond standard fields. By enabling flexible attribute mapping, Liferay supports richer identity data integration, simplifies user provisioning, and strengthens alignment with enterprise identity management standards.

Key Benefits:

• Streamlined Identity Synchronization: Automatically align user attributes between Liferay and external identity providers.

• Greater Flexibility: Support custom business requirements through configurable mappings of SCIM attributes.

• Enhanced Data Accuracy: Maintain consistent and up-to-date user information across all connected systems.

An MCP (Model Context Protocol) Server acts as a bridge between your solution and AI models. For us, the new Liferay DXP MCP Server exposes our Headless APIs through a standardized interface that LLMs can understand and interact with allowing them both to retrieve information, but also interact with Liferay DXP to create or update different types of entities.

This standard enables easy, cost-effective integrations of Liferay DXP with various AI models (like ChatGPT or Gemini). Leveraging the headless APIs ensures LLMs can reliably access data using structured protocols while strictly enforcing the user's Liferay permission system for security.

Key Benefits:

• Reduces costs of implementation and maintenance for integrating Liferay with compatible LLM models.
• Security: Enforces the user's permission system via Headless APIs, ensuring data security.