We’ve introduced robust Content Security Policy (CSP) capabilities to enhance the security of your digital experience platform. This feature supports eight key directives, including script-src and style-src among others, ensuring secure handling of scripts, styles, images, and more. By leveraging these directives, developers can mitigate cross-site scripting (XSS) attacks and data injection risks. The CSP implementation aligns with modern web security standards, offering both flexibility and protection. Administrators can now enforce stricter security policies without compromising functionality.

Key benefits:

• Enhanced Security: Mitigates risks of XSS and data injection attacks by controlling resource loading and execution.

• Compliance-Friendly: Aligns with industry-standard security requirements, supporting stricter compliance protocols.

• Customizable Policies: Allows developers to tailor CSP directives to meet specific project or organizational needs.

• Improved Trust: Strengthens end-user trust by providing a more secure and reliable platform experience.

Official release of Liferay Data Sets, moving from Beta to Release! Data Sets are a powerful and flexible way to retrieve, manage, visualize, and interact with structured data in Liferay DXP. Built on top of Objects and leveraging Liferay’s robust ecosystem, Data Sets exemplify the “build Liferay with Liferay” philosophy. With seamless integration with compatible Headless APIs, administrators can easily configure Data Sets and empower end-users with a rich, customizable experience for consuming and interacting with data.

Key benefits:

• Retrieve Data: Fetch information from any compatible Headless API to use as a Data Set source.

• Manage Flexibility: Administrators can customize what parts of the API response are included, along with filters, sorting options, and available actions.

• Visualize Data: Multiple visualization options make it easier than ever for end-users to consume data meaningfully.

• Enable Interaction: End-users can interact dynamically with data using the filters, actions, and tools configured by administrators.

To ensure the quality, stability, and modernity of Liferay DXP, we've updated to React 18, bringing significant benefits in security, performance, and compatibility. This update is critical to maintaining DXP's status as a robust and future-proof platform.

Key benefits:

• Security Enhancements: Older library versions can expose vulnerabilities. Upgrading to React 18 mitigates these risks by incorporating the latest security patches.

• Performance Improvements: React 18 introduces features like concurrent rendering, which enhances responsiveness and load handling for better user experiences.

• Enhanced Compatibility: Upgrading ensures DXP aligns with modern tools and frameworks, minimizing integration challenges and future-proofing our development processes.

• Continued Support: Staying current with React’s ecosystem ensures ongoing access to community updates, bug fixes, and innovations.

With this development, the publication of Knowledge Base articles will be schedulable, in particular, the feature is so designed:

• The primary Publish button will have an arrow down with the “Publish” option, that will immediately publish the article, and the “Schedule” one.

• Clicking the Schedule option, will make a modal appear so the user can set a date and time for the article to be published.

• The Scheduled article will have the SCHEDULED status that will change to APPROVED on the scheduled date

• A tooltip with the scheduled date information will appear when hovering the question-circle-full icon placed next to the SCHEDULED state.

• Editing a scheduled article will provide the user the ability, by clicking the primary button that has turned into “Scheduled”, to:

  • Cancel the operation

  • Publish Now

  • Schedule: this option will save the article, date & time changes and the user will return to the previous screen before entering edit mode

• Additional feature: A Knowledge Base article deletion action will move it to the Recycle Bin so that it can be restored.

Now user are able to:

• Configuration of document size for copying in D&M

• Bulk copying of documents and folders

• Currently the copy action for documents and folders is able to be performed in Portal without fully respecting the site-asset library relationship. The expected behavior is:

  • An asset library must be connected to a site in order to copy a document over to the site

  • A document cannot be copied from a site to an asset library (only the other way around)

  We can enforce a stricter check when performing the copy action between asset libraries and sites. Instead of the end user receiving a success message when copying a document to a disconnected site, an error message should appear telling the user to set the connection first.

• Document Types contained in a document are being copied in Documents and Media so that they can be easily reused.

• Categories and Tags in Documents and Media are being automatically copied so they can be easily reused on a new site.

Now, admins can customize the configuration of the Rich Text Editors with this new client extension, allowing them to set the toolbars that are available on different applications. In the form, you will have to define the instances in which the configuration will be taken into account as well as the JS that contains the configuration:

Users are now able to properly search in the portal using the Search widget (in applications that have data restricted by account).

This feature allows you to leverage the functions of Liferay’s caching framework. Our current measurements indicate about 10%/30% performance increase in database writing operations, also 10 times faster reading performance!

To reduce the maintenance costs of providing a full document’s preview, the following changes are being introduced:

• “No preview available” state when the file size exceeds the preview size limit.

• Merge “File Entries” and “PDF Preview” settings under “File Preview Limits”

• Rename "File Size Limits" to "File Upload Limits" with a reviewed and more understandable Description copy

• The user is being informed that the generated preview may not correspond to the entire document

This development introduces the ability for the user to set the file size at asset library’s level. This settings will override the already existing one at System level when the latter is bigger. As a general rule, when both are set the lowest applies.

The user experience of the Management Toolbar present in multiple applications (Web Content, Blogs, Documents & Media) has been improved:

• Separate sections for filter and order.
• Changed “+” with “New” for clarity.
• Moved info icon to the right.

Validate relationships to prevent duplicate names in child objects.

The Centralized Products Eligibility and Configuration Management feature empowers catalog managers to efficiently manage individual products through multiple configuration pages containing all catalog’s products. With tools for manual configuration, eligibility-based visibility, and some bulk editing, this feature ensures streamlined operations and enhanced control over product offerings. Additionally, it enables faster and smarter management of product eligibility for channels, order types and accounts.

Key benefits:

1. Improved Catalog Management Efficiency:

• Simplified product configuration editing via a centralized, flat table view.

• Streamlined workflows for managing product attributes like visibility, minimum/maximum quantities, eligibility and much more.

• Avoid duplicating products to manage specific configurations by modifying targeted configurations instead.

• Perform batch updates on visibility, eligibility, and other product attributes for multiple products, whilst inheriting base setting from the Master catalog configuration

• Leverage pre-filled default master configurations to ensure consistency and simplify product setup when adding new products in a catalog.

2. Enhanced Control over Product Eligibility and Visibility:

• Define and manage eligibility rules tailored to specific customer groups, channels, and accounts

• Quickly adjust product availability and settings for various markets and segments (e.g. B2B vs B2C).

• Streamline the management of seasonal items or time-sensitive offerings using configuration scheduling.

We added External Reference Codes for references in widget configurations in Content Management applications. This helps promote data integrity when pages and their widgets are migrated across environments.

Highlights:

References within the following page widgets now use ERC’s instead of internal ID’s:

• Announcements
• Web Content Display
• Category Filters
• Questions

We added External Reference Codes for Categories and Tags and their associated API’s, improving their portability for data migration scenarios.

Highlights: 

• Users can now perform CRUD operations using a Tag’s ERC through its headless API (Keyword)

• Users can now perform CRUD operations using a Category’s ERC through its headless API (TaxonomyCategory)

We added several API endpoints for Documents & Media to improve programmatic management of these entities.

Highlights:

• Users can now add, delete, and retrieve document types via headless API (DocumentDataDefinitionType)

• Users can now add, delete, and retrieve document metadata sets via headless API (DocumentMetadataSet)

Elasticsearch 8.17 has been tested and added to the compatibility matrix.

Liferay Self-Hosted deployments can update the Elastic stack to this version. For Liferay PaaS projects, as usual, a new Elasticsearch image will be provided under Liferay Cloud’s Docker Hub account.

As it was first highlighted in the Release Notes of 2024.Q3, per Elastic’s product lifecycle, Elasticsearch 7.17.x versions are supported and maintained until Elasticsearch version 9 is released.

While Elastic does not provide specific release dates for future releases, for Elasticsearch 9.0.0, the new release is anticipated in early calendar year 2025.

Compatibility with Elasticsearch 8 is available on Liferay DXP 7.4 U81+: Operating Liferay 7.4 GA/Update 81+ with Elasticsearch 8 - Liferay.

Note: The Elasticsearch 8.x compatibility is provided through the bundled Elasticsearch 7 connector and the REST API Compatibility of Elasticsearch 8.

The Marketplace release of the Liferay Connector to OpenSearch 2 provides an alternative to Elasticsearch for Self-Hosted Liferay deployments.

This connector integrates Liferay DXP with OpenSearch 2.12+, the open source and enterprise grade search engine. OpenSearch offers lexical search for text data, robust scalability and extensibility, and vector search for applications using embeddings, such as Liferay's Semantic Search.

The installation of this app requires specific configurations covered in the official documentation. For detailed compatibility information, see the Search Engine Compatibility Matrix.

The OpenSearch integration is currently a Beta feature with the intention to make it GA in the future.

Implemented proactive access token management with automated email notifications. Users will now receive alerts 1 month, 10 days, and 1 day prior to token expiration, allowing for timely renewal and preventing service disruptions. Notifications are automatically cancelled if a new token is generated.

Key benefits:

• Users are notified before token expiration, allowing for timely renewal and uninterrupted access.

• Reducing administrative overhead, as automated notifications eliminate the need for manual monitoring and intervention.

• By prompting timely renewals, the risk of using expired and potentially compromised tokens is minimized.

Data imports, using batch engine, now allows users to preserve content creator information (if required). Previously, imported content with batch was always assigned the user performing the import, resulting in loss of original authorship data when moving content. This update ensures accurate attribution of content ownership (if required).

Key benefits:

• Able to keep critical user information during data promotion between environments

• Can be configured separately per import process