We have introduced case-sensitive tagging for page creators, allowing tags to be saved and displayed exactly as created, whether in uppercase or lowercase. The feature ensures case sensitivity for tag creation, case-insensitive searching, and autocomplete, while maintaining backward compatibility for existing tags.

Users now have the ability to restrict channel access to certain Accounts via the eligibility tab on the channel admin pages. The ability to restrict certain Account Addresses to be used on certain channels has also been added. This is managed via an Eligibility tab on the address that allows the user set channel usage.

• Users can select and reorder categories for a blog’s friendly URL, so they can preview the order of the categories in the friendly URL and determine how the categories will be presented in the friendly URL along with the title.

• Users are able to set different values for the asset types separators in the friendly URLs. Also, they are able to reset to default value, so for those asset types that they have clicked on this option, the separator will be the value defined by default for those specific asset types.

During the publishing process, users can both define and manage permissions, as well as schedule publication dates for their web content. When creating content for the first time, users will have the opportunity to conveniently review and manage permissions. Furthermore, when editing previously created content, users can also adjust permissions directly from the editor view. Additionally, users can easily select the desired publication date for their content during the publishing process.

It is now possible to subscribe to documents and folders, allowing users to receive notifications when they are updated.

Highlights:

• Users can now subscribe to documents and folders through the “Subscribe” action and through the Subscribe icon in the Info Panel

• If a user subscribes to a folder, all documents and subfolders within it will be automatically subscribed to as well

Allow users to move Object Definitions and Entries between environments

Key benefit:
Addresses a feature gap when moving applications built on Liferay between environments

Allow users to move workflow settings between environments
 

Key benefit:
Addresses a feature gap when moving applications built on Liferay between environments

Liferay Cloud now provides CI/CD support for Client Extensions on Liferay PaaS. Developers can integrate Client Extensions into their Git-based CI/CD pipelines, ensuring automatic builds and deployments alongside core Liferay services. This update enables automated validation, independent deployments, and faster release cycles for Client Extensions.

Highlights:

• Dedicated CI/CD Pipeline: Separate build pipeline for Client Extensions to prevent conflicts with core Liferay services.

• Automated Builds: Every commit triggers a new Client Extensions build, packaged as a LUFFA archive.

• Independent Deployments: Client Extensions builds deploy separately, improving release flexibility.

• Seamless Integration: Works with existing Git-based workflows on Liferay PaaS.

• Zero Downtime Deployments: Deploy client extensions without affecting the main Liferay service.

The SSL Certificate Management view now provides expiration alerts for certificates nearing expiration (e.g., within 30 days) and those that have already expired. Certificates must now be defined exclusively through the LCP.json file, simplifying management and ensuring consistency across deployments. This update reduces manual errors and ensures secure and uninterrupted deployments.

Highlights:

• Expiration Alerts: Notifications for certificates nearing expiration and those already expired, with clear visual indicators.

• Exclusive LCP.json Configuration: Certificates can only be defined through the LCP.json file.

• Improved Visibility: Organized list view showing certificate names, types, associated domains, and expiration dates.

• Proactive Management: Tools and alerts to help users maintain secure SSL/TLS configurations.

The vendor has deprecated OpenSSO/OpenAM, so there's no reason for us to keep it. The alternative, which is PingAM can be integrated using our existing OpenID connector or SAML Authentication.

With this improvement, the Data Migration Center allows users to export and import Object Entries using CSV files. Not all field types are supported but many of the most used ones are:

Supported field types: dateandtime, date, decimal, integer, longint, longtext, precissiondecimal, richtext, text and picklist.

In order to help users, only supported fields are available for exporting at the UI. As new types are allowed, they will appear available in the UI.

SCIM provides a unified, RFC compliant way to keep user/group data in sync between different applications. Liferay is a service provider and enables clients to be connected. Through the defined RESTful APIs and schemas, clients can perform CRUD operations to keep resources in sync.

Pages served by Liferay might make use of third party cookies. In order to inform Liferay to manage them as part of the user cookie consent, now Portal developers and Content creators have a way to indicate the portal about them.

In order to make Liferay aware of them, the content creator or portal developer will need to update the markup to the following:

First, indicate the type of cookie following this format:

Second, change the markup depending on the element affected:

For example, embedding a video from a video provider, will see the markup changed in the following way:

• Before: <iframe src="..." />
• After: <iframe data-src="..." `data-third-party-cookie="CONSENT_TYPE_FUNCTIONAL"  />

We are excited to introduce enhancements to streamline your cloud management experience! With our updated cloud console view, you will have a detailed breakdown of subscription metrics per environment, empowering you to manage resources more effectively. Additionally, our new storage consumption tracker offers real-time insights into project storage usage, ensuring you're always informed about quota limits.

Under all supported formats, users can select the origin and destination site of the data so it is possible to export and import object entries between any site.

Introducing new key improvements to the B2B Guest Checkout experience, enhancing the overall user journey and providing greater flexibility for both new and returning customers.

Guests now have the option to sign in or sign up during the checkout process, directly from the mini-cart. Once logged in, users can either select an existing account or create a new one, ensuring that they can move through the purchase flow smoothly without disruptions. Upon setting the account, guests, now logged-in users, will be redirected to the checkout, making the transition to completing the purchase seamless.

Additionally, if a guest decides to sign in without necessarily checking out, the guest cart will now be merged with their account after logging in. This ensures that any items added to the cart during the guest session are retained when they sign in or select an existing account, improving the continuity and experience for returning users.

Key benefits:

1. Enhanced User Experience: By allowing guests to sign in or create an account directly from the mini-cart, we provide a more intuitive and streamlined checkout process. Guests can complete their purchase with minimal steps, reducing friction and abandonment rates.

2. Cart Persistence: The ability to merge guest carts ensures that items are not lost when guests decide to sign in or register. This improves convenience for returning users and supports a smoother transition between sessions.

This feature allows warehouse managers to define granular eligibility rules for accounts and account groups to access specific warehouses. This enables fine-grained control over which customers can see and purchase inventory from which warehouses.

Key benefits:

1. Improved Inventory Management:

• Prevent unauthorized access to inventory data.

• Strategically control product visibility based on inventory quantities and stock levels.

• Optimize inventory allocation across customer segments.

2. Enhanced Customer Experience:

• Provide a more relevant and personalized shopping experience.

• Improve customer satisfaction by prioritizing access for key customer segments.

3. Increased Revenue:

• Generate higher revenue from valuable customer segments by prioritizing their access to inventory.

4. Reduced Lost Sales:

• Minimize lost sales due to stockouts by limiting product visibility for certain customer groups.

This enhancement introduces configurable default permissions for newly created pages. Admins can set these permissions at both the instance and site levels. Instance-level settings are managed in a new Instance Settings panel, while site-specific overrides can be configured in the Site Configuration area.

Improved keyboard navigation and column resizing for Miller columns. Users can now navigate between columns both horizontally (deeper levels) and vertically (same level) using the keyboard. Column widths are also responsive, adapting to different screen sizes.

Added logging to indicate the completion of fragment deployments via the deploy folder. This provides better visibility into the deployment process and allows for tracking deployment duration.

There are some advantages of including a message like that, for example:

• Count the duration of a deployment
• See the fragment progress deployment until it is deployed.

We’ve introduced robust Content Security Policy (CSP) capabilities to enhance the security of your digital experience platform. This feature supports eight key directives, including script-src and style-src among others, ensuring secure handling of scripts, styles, images, and more. By leveraging these directives, developers can mitigate cross-site scripting (XSS) attacks and data injection risks. The CSP implementation aligns with modern web security standards, offering both flexibility and protection. Administrators can now enforce stricter security policies without compromising functionality.

Key benefits:

• Enhanced Security: Mitigates risks of XSS and data injection attacks by controlling resource loading and execution.

• Compliance-Friendly: Aligns with industry-standard security requirements, supporting stricter compliance protocols.

• Customizable Policies: Allows developers to tailor CSP directives to meet specific project or organizational needs.

• Improved Trust: Strengthens end-user trust by providing a more secure and reliable platform experience.

Official release of Liferay Data Sets, moving from Beta to Release! Data Sets are a powerful and flexible way to retrieve, manage, visualize, and interact with structured data in Liferay DXP. Built on top of Objects and leveraging Liferay’s robust ecosystem, Data Sets exemplify the “build Liferay with Liferay” philosophy. With seamless integration with compatible Headless APIs, administrators can easily configure Data Sets and empower end-users with a rich, customizable experience for consuming and interacting with data.

Key benefits:

• Retrieve Data: Fetch information from any compatible Headless API to use as a Data Set source.

• Manage Flexibility: Administrators can customize what parts of the API response are included, along with filters, sorting options, and available actions.

• Visualize Data: Multiple visualization options make it easier than ever for end-users to consume data meaningfully.

• Enable Interaction: End-users can interact dynamically with data using the filters, actions, and tools configured by administrators.

To ensure the quality, stability, and modernity of Liferay DXP, we've updated to React 18, bringing significant benefits in security, performance, and compatibility. This update is critical to maintaining DXP's status as a robust and future-proof platform.

Key benefits:

• Security Enhancements: Older library versions can expose vulnerabilities. Upgrading to React 18 mitigates these risks by incorporating the latest security patches.

• Performance Improvements: React 18 introduces features like concurrent rendering, which enhances responsiveness and load handling for better user experiences.

• Enhanced Compatibility: Upgrading ensures DXP aligns with modern tools and frameworks, minimizing integration challenges and future-proofing our development processes.

• Continued Support: Staying current with React’s ecosystem ensures ongoing access to community updates, bug fixes, and innovations.

With this development, the publication of Knowledge Base articles will be schedulable, in particular, the feature is so designed:

• The primary Publish button will have an arrow down with the “Publish” option, that will immediately publish the article, and the “Schedule” one.

• Clicking the Schedule option, will make a modal appear so the user can set a date and time for the article to be published.

• The Scheduled article will have the SCHEDULED status that will change to APPROVED on the scheduled date

• A tooltip with the scheduled date information will appear when hovering the question-circle-full icon placed next to the SCHEDULED state.

• Editing a scheduled article will provide the user the ability, by clicking the primary button that has turned into “Scheduled”, to:

  • Cancel the operation

  • Publish Now

  • Schedule: this option will save the article, date & time changes and the user will return to the previous screen before entering edit mode

• Additional feature: A Knowledge Base article deletion action will move it to the Recycle Bin so that it can be restored.

Now user are able to:

• Configuration of document size for copying in D&M

• Bulk copying of documents and folders

• Currently the copy action for documents and folders is able to be performed in Portal without fully respecting the site-asset library relationship. The expected behavior is:

  • An asset library must be connected to a site in order to copy a document over to the site

  • A document cannot be copied from a site to an asset library (only the other way around)

  We can enforce a stricter check when performing the copy action between asset libraries and sites. Instead of the end user receiving a success message when copying a document to a disconnected site, an error message should appear telling the user to set the connection first.

• Document Types contained in a document are being copied in Documents and Media so that they can be easily reused.

• Categories and Tags in Documents and Media are being automatically copied so they can be easily reused on a new site.

Now, admins can customize the configuration of the Rich Text Editors with this new client extension, allowing them to set the toolbars that are available on different applications. In the form, you will have to define the instances in which the configuration will be taken into account as well as the JS that contains the configuration:

Users are now able to properly search in the portal using the Search widget (in applications that have data restricted by account).

This feature allows you to leverage the functions of Liferay’s caching framework. Our current measurements indicate about 10%/30% performance increase in database writing operations, also 10 times faster reading performance!

To reduce the maintenance costs of providing a full document’s preview, the following changes are being introduced:

• “No preview available” state when the file size exceeds the preview size limit.

• Merge “File Entries” and “PDF Preview” settings under “File Preview Limits”

• Rename "File Size Limits" to "File Upload Limits" with a reviewed and more understandable Description copy

• The user is being informed that the generated preview may not correspond to the entire document

This development introduces the ability for the user to set the file size at asset library’s level. This settings will override the already existing one at System level when the latter is bigger. As a general rule, when both are set the lowest applies.

The user experience of the Management Toolbar present in multiple applications (Web Content, Blogs, Documents & Media) has been improved:

• Separate sections for filter and order.
• Changed “+” with “New” for clarity.
• Moved info icon to the right.

Validate relationships to prevent duplicate names in child objects.

The Centralized Products Eligibility and Configuration Management feature empowers catalog managers to efficiently manage individual products through multiple configuration pages containing all catalog’s products. With tools for manual configuration, eligibility-based visibility, and some bulk editing, this feature ensures streamlined operations and enhanced control over product offerings. Additionally, it enables faster and smarter management of product eligibility for channels, order types and accounts.

Key benefits:

1. Improved Catalog Management Efficiency:

• Simplified product configuration editing via a centralized, flat table view.

• Streamlined workflows for managing product attributes like visibility, minimum/maximum quantities, eligibility and much more.

• Avoid duplicating products to manage specific configurations by modifying targeted configurations instead.

• Perform batch updates on visibility, eligibility, and other product attributes for multiple products, whilst inheriting base setting from the Master catalog configuration

• Leverage pre-filled default master configurations to ensure consistency and simplify product setup when adding new products in a catalog.

2. Enhanced Control over Product Eligibility and Visibility:

• Define and manage eligibility rules tailored to specific customer groups, channels, and accounts

• Quickly adjust product availability and settings for various markets and segments (e.g. B2B vs B2C).

• Streamline the management of seasonal items or time-sensitive offerings using configuration scheduling.

We added External Reference Codes for references in widget configurations in Content Management applications. This helps promote data integrity when pages and their widgets are migrated across environments.

Highlights:

References within the following page widgets now use ERC’s instead of internal ID’s:

• Announcements
• Web Content Display
• Category Filters
• Questions

We added External Reference Codes for Categories and Tags and their associated API’s, improving their portability for data migration scenarios.

Highlights: 

• Users can now perform CRUD operations using a Tag’s ERC through its headless API (Keyword)

• Users can now perform CRUD operations using a Category’s ERC through its headless API (TaxonomyCategory)

We added several API endpoints for Documents & Media to improve programmatic management of these entities.

Highlights:

• Users can now add, delete, and retrieve document types via headless API (DocumentDataDefinitionType)

• Users can now add, delete, and retrieve document metadata sets via headless API (DocumentMetadataSet)

Elasticsearch 8.17 has been tested and added to the compatibility matrix.

Liferay Self-Hosted deployments can update the Elastic stack to this version. For Liferay PaaS projects, as usual, a new Elasticsearch image will be provided under Liferay Cloud’s Docker Hub account.

As it was first highlighted in the Release Notes of 2024.Q3, per Elastic’s product lifecycle, Elasticsearch 7.17.x versions are supported and maintained until Elasticsearch version 9 is released.

While Elastic does not provide specific release dates for future releases, for Elasticsearch 9.0.0, the new release is anticipated in early calendar year 2025.

Compatibility with Elasticsearch 8 is available on Liferay DXP 7.4 U81+: Operating Liferay 7.4 GA/Update 81+ with Elasticsearch 8 - Liferay.

Note: The Elasticsearch 8.x compatibility is provided through the bundled Elasticsearch 7 connector and the REST API Compatibility of Elasticsearch 8.

The Marketplace release of the Liferay Connector to OpenSearch 2 provides an alternative to Elasticsearch for Self-Hosted Liferay deployments.

This connector integrates Liferay DXP with OpenSearch 2.12+, the open source and enterprise grade search engine. OpenSearch offers lexical search for text data, robust scalability and extensibility, and vector search for applications using embeddings, such as Liferay's Semantic Search.

The installation of this app requires specific configurations covered in the official documentation. For detailed compatibility information, see the Search Engine Compatibility Matrix.

The OpenSearch integration is currently a Beta feature with the intention to make it GA in the future.

Implemented proactive access token management with automated email notifications. Users will now receive alerts 1 month, 10 days, and 1 day prior to token expiration, allowing for timely renewal and preventing service disruptions. Notifications are automatically cancelled if a new token is generated.

Key benefits:

• Users are notified before token expiration, allowing for timely renewal and uninterrupted access.

• Reducing administrative overhead, as automated notifications eliminate the need for manual monitoring and intervention.

• By prompting timely renewals, the risk of using expired and potentially compromised tokens is minimized.

Data imports, using batch engine, now allows users to preserve content creator information (if required). Previously, imported content with batch was always assigned the user performing the import, resulting in loss of original authorship data when moving content. This update ensures accurate attribution of content ownership (if required).

Key benefits:

• Able to keep critical user information during data promotion between environments

• Can be configured separately per import process

With our latest enhancements,  Content Admins will enjoy effortless content organization, regardless of folder structures, along with enhanced filtering capabilities for precision content management discovery. 

Features added in this Release:

Better experience to manage web content

In response to user feedback, several enhancements have been introduced for content creators. The first functionality addresses the challenge of easily finding and managing Web Content created within specific structures, allowing creators to review and edit content more efficiently. The other functionalities enable refined filtering and searching options, including the ability to search in the title, filter by categories and tag, filter search results and multi-select filters.

We refactored the way Liferay scripts were managed, so admins can define stricter policies like:

script-src '[$NONCE$]'; script-src-attr 'unsafe-inline';

Limitations: If a policy like the one above is configured, the parts of the product that uses a rich-text editor will not work correctly. Analyze your scenario to identify how strict your policy can be in order to make the solution work.

Now users can configure the values for the following properties from settings (system, instance or site settings):

• session.timeout.auto.extend
• session.timeout.auto.extend.offset

When the Upgrade Report is enabled, the output directory of the report can be configured with the new portal property upgrade.report.dir

If this property is not set, the upgrade report can be found in the default directory:

• portal-tools-db-upgrade-client/reports for the upgrade tool.
• {liferay-home}/reports if upgrade was executed on startup.

With this feature we extending the SCIM implementation with User Group un/provisioning as well with the User Group membership un/provisioning.

Previously customers would add captchas using a TagLib. But this is no longer useful since customers are not deploying JSPs. The Captcha API enables this functionality to be used in arbitrary contexts.

Allow clients to request a quote for individual products instead of setting a price. Includes the option to use a Price List or a Promotion to price the Product as "Price on Application". There is also the ability to activate the "Request a quote" option on a fully priced cart for a particular channel.

Sell and manage SKUs by adding different Units of Measure to the SKU. Configure the Unit of Measure to optionally allow for sales in decimal quantities. Units of Measure have their own pricing and inventory. Once configured, they add to the shopping experience of the buyer who can now purchase SKUs in different Units of measure.

Used in Conjunction with Supplier Accounts, this object's rule, once configured, splits Commerce Orders automatically by the Catalog that each Product belongs to. The Channel on the Order is updated to be the channel linked to the same supplier that the catalog is linked to. The order splitting rule effectively allows the supplier to manage orders for their own specific products.

New Account Type of Supplier. A Supplier can be linked to a catalog and to a channel to allow the supplier manage their own products, price lists, promotions, catalogs, discounts, inventory and channel in order to be able to fulfill orders for their own products.