We created an API for allowing the user to access the OIDC accessToken from the DB by enabling the serviceLocator

The FF changes from Released to GA

The FF changes from Released to GA

The FF changes from Released to GA

Configuring Content Security Policy Headers - Liferay Official Documentation

A new, streamlined experience for managing your SSL certificates in Liferay Cloud. New status messages and alerts provide more transparency and control over your certificate lifecycle, helping you to proactively manage your domains and avoid costly downtime.

With the new Enhanced Certificate Management Experience, you'll be alerted if a certificate is misconfigured, has expired, or has been successfully renewed. Giving you a better understanding if any immediate action is required. We've also added a new "Renewal Status" column to the SSL Certificates tab, giving you at-a-glance visibility into the health of your certificates. This will empower you to identify and troubleshoot issues on your own, reducing the need for support tickets and giving you more control over your environment.

Key Benefits:

• Better visibility on certificate status.

• Better understanding of actions required in a specific certificate.

• Improved troubleshooting experience for certificate renewal errors.

The Liferay Marketplace has undergone a significant architectural enhancement with the formalization and enforcement of Liferay Catalogs. This structure clearly categorizes all Liferay-developed applications, providing explicit transparency on support levels, update schedules, and intended usage.

All Liferay-published applications are now distributed under three dedicated, high-level catalogs:

1. Liferay Inc.: Contains all fully supported, production-ready applications, including crucial productivity tools, security utilities, connectors, and Experience Management features. These apps follow a strict qcial hub for all new, experimental technologies and potential future core features. Apps in this catalog are not officially supported and are intended for testing and feedback purposes only.

2. Liferay Community: Hosts officially deprecated applications that remain available for backward compatibility, as well as applications contributed and offered under open-source licenses. These apps receive support until their latest compatible DXP version and follow a quarterly maintenance schedule.

Key Benefits:

• Targeted Discovery: Efficiently filter the Marketplace to find specific types of applications, such as mission-critical integration connectors (Liferay Inc.) or bleeding-edge experimental features (Liferay Labs).

• Predictable Updates: Rely on the consistent quarterly update schedule for all fully supported (Liferay Inc.) and Community-maintained applications.

A new set of fragments has been introduced under a dedicated category called “Account Selector.”.

These fragments allow to compose and customize the account selector according to their specific business needs.

Here is a list of the newly added fragments for building the account selector:

• Account Selector: this fragment is the main orchestrator of the entire component, handles the communication with external components, the dropdown mechanism and the panels (up to 5 can be configured), and manages the main drop zone areas

• Account Selector Button: OOTB available Account Selector call-to-action

  (preserves the current logic for page/component refreshes), used to open/close the account selector (any custom button hooked up with the Javascript business logic can be used).

• Account Selector Panel: this fragment can be drag-and-dropped inside the Account Selector’s panel drop zone (each panel is a tab that can be navigated in the dropdown) and creates a drop zone to place account-related views

• Accounts Data Set: Data Set fragment to display the list of selectable accounts for the current user

• Create Account Button: configurable call-to-action that allows the creation of new accounts, maintaining the existing Account Selector flow.

• Account Orders Data Set: Data Set fragment to display the list of selectable orders for the current account

• Create Order Button: configurable call-to-action that allows the creation of new orders, maintaining the existing Account Selector flow.

A fully configured Account Selector is also available out-of-the-box (OOTB) in the Commerce Classic Site Initializer (LPD-20379).

Key Benefits:

• Flexible Customization: Easily tailor the account selector to match your site’s structure and user needs.

• Improved User Experience: Enables intuitive navigation and personalization of account-related views.

• Configurable Control: Enable or disable specific features and interactions without custom development.

The new Configurable Order Scoping feature gives administrators more control over how orders are displayed on the site. Two new configuration settings have been added within each Channel:

• Open Orders Visibility Scope

• Placed Orders Visibility Scope

Each configuration offers two visibility options:

• Account (default): Maintains the existing behavior, where users can see all open or placed orders across all accounts they have access to, regardless of who created the order.

• User: Limits visibility so users only see orders they personally created for the accounts they are part of.

In addition, a new permission—“View Organization Orders”—has been introduced under Orders. This permission ensures that Sales Agents can continue to view all orders associated with their accounts, regardless of the scoping configuration. The permission is automatically assigned to the Sales Agent role by default.

Key Benefits:

• Flexible visibility control: Administrators can configure order visibility according to organizational or role-based needs.

• Improved data privacy: Restrict order visibility to the creator when required.

• Backward compatibility: Default setting preserves existing system behavior to avoid workflow disruption.

• Enhanced role management: The new “View Organization Orders” permission ensures key roles, such as Sales Agents, retain appropriate visibility.

The Manage Product Availability at Scale feature empowers catalog managers to efficiently manage individual products through multiple configuration pages containing all catalog’s products. With tools for manual configuration, eligibility-based visibility, and some bulk editing, this feature ensures streamlined operations and enhanced control over product offerings.

The Account Selector Customization feature has moved from BETA to RELEASE.

See also Composable Account Selector in the New Features section.

With Liferay's New Headless Content Management System (CMS), creating, organizing, and publishing content is simpler because all content management tasks are brought together in a single interface. Your content is independent of its presentation, allowing you to reuse it across sites, pages, and APIs.

You can work with articles, documents, media, and more, while taking advantage of features like global asset views, organized spaces, and cross-site publishing. Thanks to Liferay Objects, the CMS provides flexible content structures and ensures a smooth, consistent authoring and publishing experience.

Key Benefits:

• Enhanced Efficiency and Governance: Achieve immediate content visibility and streamlined collaboration by centralizing assets into a single, unified view. Rigorous versioning and workflow controls ensure consistent content quality and compliance across the organization.

• Maximum Agility and Portability: Leverage a modern headless-first, API-driven architecture (REST/GraphQL) that makes content fully portable, ensuring instant readiness for distribution and maximum reach across all your digital channels.

• Measurable Performance and Data-Driven Strategy: Empower content owners with embedded analytics and strong preview capabilities, enabling teams to make instant, informed decisions that drive superior business outcomes.

We have implemented a new translation status feature in the web content editor, labeled "Translating," which provides information about the number of translated fields and those still requiring translation. This feature helps users to quickly identify areas needing translation. Additionally, all translatable fields, including metadata, are now conveniently displayed on the left side of the screen, reducing the likelihood of overlooking them.

Users can readily spot content that is not visible to Guest users through an icon, whether it's in list or table view or within the web content editor. Additionally, this feature is accessible in the item selector, empowering users to discern which content is not viewable by Guest users.

You can now have access to the event’s details when selecting a calendar event and be redirected to the already existing details page of that particular event. It is also possible to map a Calendar Event’s specific URL, along with some other fields, in order to use it in emails so the recipient can click on it and be redirected to the Event’s details.

Now it is possible to easily identify the content you have created and any recent content you generated. This enhancement streamlines and optimizes this workflow.

Easily configure the friendly URLs for the different asset types, updating URL separators. In addition to that, now users are able to set categories within a blog’s friendly URL and easily identify by the URL what is the main topic of the page they are visiting.

This feature aims to refine the Analytics Cloud Usage Page. Alongside UI enhancements for a better user experience, we focused on enhancing data accuracy and real-time precision. Our efforts aimed to eliminate data discrepancies and prioritize transparency for the users.

Key Changes:

1. To promote pricing transparency, we removed the outdated prices from the Workspace settings and implemented a clear message prompting users to reach out to their Customer Success Manager for information on upgrading their plan.

2. Aiming to simplify the interface and highlight pertinent subscription details, some changes were made to the UI of the Subscription and Usage menu, focusing on displaying relevant information to the customer related to their current plan.

We're introducing advanced script loading options for JavaScript Client Extensions in Liferay, providing developers more control over how JavaScript is applied to pages. This update allows the specification of async and defer attributes directly in the extension's configuration, optimizing the loading process and improving page performance.
Benefits for users:

• Improved Page Load Performance: by setting async or defer attributes, scripts can be loaded non-blocking, enhancing page responsiveness.
• Enhanced Control: developers can pre-set these attributes in the YAML configuration or through the UI, ensuring scripts behave consistently across all pages without further adjustment.
• Streamlined Configuration: once set, these attributes are locked at the extension level, eliminating discrepancies and simplifying script management.

Allow developers to specify additional attributes to the <script> tag when deploying in with the JS Client Extension.

Example usage in client-extension.yaml: liferay-portal/workspaces/liferay-sample-workspace/client-extensions/liferay-sample-global-js-2/client-extension.yaml at master · liferay/liferay-portal

    scriptElementAttributes:
        async: true
        data-attribute: "value"
        data-senna-track: "permanent"
        fetchpriority: "low"

Or, developers can configure the attributes via the create Client Extension UI too:

When configuring a JS CX on a page and async/defer Boolean attributes are present in the CX (set in the yaml / defined through the UI), the following behaviors apply in regards to the Load type options:

1. The attribute set in the CX will be used and the ability to change it when applying it on a page will be disabled.
2. When both attributes are set in the CX, async will be applied.
3. When async or defer is set to false in the CS, the related option will be removed from the Load selector. (e.g. if defer: false the load options available for the user will be default and async).

This feature introduces the capability to connect Liferay Objects with SugarCRM Objects, empowering users to synchronize and store their data efficiently between the two platforms. By bridging these systems, users can streamline their workflows, enhance data consistency, and leverage the robust features of both Liferay and SugarCRM.

Users can now, with low effort, connect their Liferay and SugarCRM environments, eliminating the need for manual data transfers and reducing the risk of errors. This enhancement not only simplifies data management but also enhances the overall user experience by providing a cohesive and integrated ecosystem for managing customer data.

We have improved the behaviour of an existing configuration to be able to properly publish a child page in a Staging process to Live site without its parent(s). This also improves the performance of publishing changes.

It is now possible to select Date Times as a product option type, configuring purchase options for products based on date, times, time zones, and durations, allowing for the sale of time slots.

Manage contacts directly related to accounts like phone numbers, emails, websites, addresses.

A new Contact Tab in Account details page with 2 internals tabs was created:

1. Addresses
2. Contact Information

Users with “Accounts > Account Entry: Manage Addresses” permission should be able to manage their contacts with all these actions:

• Add
• Edit
• Remove
• Mark as primary

Example of managing a phone number:

Users without “Accounts > Account Entry: Manage Addresses” permission should be able to only view the existing phone number entries.

The Server Administration interface provides powerful tools for controlling the server. As an added layer of security, CAPTCHA is now required for actions in Server Administration pages and the Gogo Shell page. Due to the sensitive nature of these controls, the system will still enforce CAPTCHA on these pages, even if the “Maximum Challenges” configuration is set to a negative number.

To create Sign In, Forgot Password, and Create Account utility pages, it's necessary for these three views of the Login portlet (i.e., Sign In widget) to be available as individual widgets, which can be placed on pages separately. As a result, Sign In, Forgot Password, and Create Account are now accessible as separate widgets.

It's worth noting that the Sign In widget retains its previous functionality.

We aimed to facilitate seamless navigation between various Utility pages, whether there are multiple or just one.

It allows users to map fields on the first level of related elements or any hierarchical structure through a tree view which is searchable and expandable.

In addition, it is possible to map leaf fields, the common use case, but also parent fields which include all the children data to be rendered through a Client Extension.

Until now the Data Set was always rendered as a table with one column for each mapped field. From now on, the admin user can define up to three different visualization modes for the same data: Table, List and Cards.

These visualization modes share the configurations about: filters, actions, sorting and pagination. However, each visualization mode can have different mapped fields decided by the admin users.

Also, a new Settings tab to select the default mode has been added.

Final users will be able to view the visualization modes created by Admin Users and they will be able to change between them to discover the data in the way they want.

The Data Set for actions has been improved to provide new capabilities to the users:

• For the Item Actions: now there are 4 new available types available on top of the link Action: Async, Headless, Modal or Side Panel . It allows Admin Users to connect items to new functionalities and use cases.
• Creation Actions: this option has been created in order to allow Admin Users to create new data or direct their users to a place where they can create it.

The autocomplete attribute grants the user agent permission to provide automated assistance in filling out form fields. This feature can significantly speed up the form-filling process, especially for repetitive or standard information like names, addresses, and email addresses. This also allows screen readers which use standard attributes such as autocomplete to assist users navigating websites.

Incorporating the HTML autocomplete attribute into your forms is a simple yet powerful way to enhance user experience. By leveraging autocomplete suggestions, you can streamline the form-filling process, reduce errors, and ultimately create a more user-friendly environment. Experiment with different values, test across browsers, and watch as your users appreciate the improved efficiency of your forms.

When publications go out of date, they are completely useless and all changes made to them can not be leveraged in any capacity. The changes in this feature allow publications users to move changes from an out of date publication to another publication. This allows users to salvage changes after an upgrade.

This feature prevents portal from being unusable when a change-tracked entity being modified in a publication is removed from production. If an entity is being modified in a publication, it cannot be removed from production. If a deleted entity in a publication is being modified in another publication, the publication with the deletion cannot be published.

We are constantly working on improving performance of Publications. We have implemented improvement for Timeline and Conflict checking icons.

Boost the performance of reverting changes , when the DB has huge amount of records. This way the usability of Publications further increases.

If a conflict appears between the scheduled publication and Production before or during publishing stage, we have added a functionality to provide more information inside Liferay notifications when this situation occurs.

This features creates a reviewer role that has read-only (and no update) permissions. It grants permission to review the draft of a content page, or the pages that are submitted through a workflow and are still pending approval and publication.

Page Creator now can efficiently manage permissions for their website, distinguishing between public and restricted pages. Key functionalities, such as unique designs and restricted access, are incorporated seamlessly.

Requirements include easy identification of page visibility, bulk permission management, and configuration options for both individual pages and entire branches.

Provide the option at Instance and Site settings to the XML sitemap to allow customers to customize the inclusion or exclusion of content according to the SEO technical requirements.

When the User reaches Control Panel → Instance Settings, a new menu item (SEO), under Platform, will be shown. By accessing this menu, the user will be able to include/exclude different content.

When the user has Download permission on a file, then the Documents and Media File result features a download link in the Search Results widget in all out-of-the-box widget display styles.

The Search Results widget Template Context has received a new field to obtain the download URL in custom display templates: ${entry.getAssetRendererURLDownload()}

Part of the recurring compatibility testing, Elasticsearch 8.13.x has been added to the compatibility matrix to the corresponding Liferay versions.

Note: Compatibility with newer Elasticsearch minor versions is always tested in two ways:

1. Latest-Latest: Testing the latest Liferay version with the latest available minor version of Elasticsearch → e.g. Master/2024.Q2 + Elasticsearch 8.13

2. Minimum-Latest: Testing the minimum Liferay version where Elasticsearch 8 compatibility was first made available with the latest minor version of Elasticsearch → DXP 7.4 U81/DXP 7.3 U31 + Elasticsearch 8.13

This way we can not only provide compatibility for the latest Liferay versions, but also backwards compatibility, allowing a broader customer base and deployments to operate their stack with an up-to-date search engine version.

As Elasticsearch is usually released a new Minor version roughly every two months, this is a recurring process and a planned activity for our team.

Liferay ships with an updated Elasticsearch connector using 7.17.18 as the client version. It is also for the development and testing purpose for Sidecar server.