To help users enrich their content, Liferay provides a new LXC service to serve videos to a wide audience out of the box. Content creators will be able to upload videos directly to Liferay and the new service will take care of generating different versions with several resolutions to adapt to user’s connection capabilities, together with automatic subtitles and AI powered auto-tagging based on the video content. Content creators will also be able to add manual subtitles to the videos in case the automatic ones don't fit the need.

Blueprints are referenced by their ERCs under-the-hood in the Blueprints Options widget and the Low-Level Search Options widget also supports a new attribute called search.experiences.blueprint.external.reference.code as the recommended way to configure a blueprint (preferred over the old attribute search.experiences.blueprint.id). In addition to that, when moving blueprints or elements between different environments using for example the Batch Client Extensions, entries will preserve their ERCs making portability easier. This way, when for example a search page is imported from a LAR, the Blueprints Options and Low-Level Search Options widget configurations can continue working thanks to the association being achieved via the ERC of the blueprint and not via its ID or other identifier that may be different on the new environment.

Lastly, users can now access and edit the ERC of blueprints and elements directly from the editors.

Because WebDAV appears to be the only viable solution for remote documents access/editing for the moment and there is customer demand. WebDAV supports HTTP Basic and Digest auth. The latter requires us to store insecure hashes, because of protocol specifics.

Because we cannot change that nor remove WebDAV support, we will reduce the impact of a successful attack instead.

This is achieved by creating a separate strong password for Digest auth.

We achieve the “strong” characteristic through only allowing generation of passwords, based on UUIDs. This means when the hash is produced, it will also be stronger also, though not perfect.

This feature adds read-only support for all object fields types, making sure users are not able to update those fields from both the UI or APIs, only the system can through default values or actions for example.

Users can configure their fields between 3 options, read-only true, false, or conditional.

• Read-only false: normal fields that support input from users through the UI or API.
• Read-only true: fields that do not support inputs from users through the UI or API, only can be updated through the system, as actions and default value for example.

  • Read-only fields must be supported in views and layouts, in the layouts those read-only fields must be not editable.

• Read-only conditional: fields that by definition are read-only false, but that will throw exceptions in case the condition is true and the user can’t update that field. In this case, in the UI, the logic should run before the field is loaded, in the headless API, this validation is only made when the user sends the request.
  • The condition is built using expression builder.