The Premium Security add-on for PaaS, was introduced in early 2025 to provide PaaS customers with advanced capabilities that have already been available for our SaaS customers. It consists of two pillars:

1. Advanced DDoS protection
2. Vulnerability Management

To improve DDoS protection, the Liferay Security Team will conduct a Premium Security onboarding. During this live meeting, the Liferay Security Team analyzes the specifics of the customer's project, based upon which we will create individualized firewall rulesets for DDoS attack mitigation. Additionally, this package includes autoscaling coverage that allows for up to 5 extra Liferay instances to be automatically launched for a total of up to 24 hours every three months, at no additional cost. The 24-hour limit is tracked on a per-minute basis. The autoscaling coverage makes it easier to maintain application uptime during DDoS attacks.

 

Vulnerability Management consists of both a proactive and a reactive component. On the proactive side, Liferay performs monthly scans of the production environment and proactively notifies Premium Security for PaaS customers if any vulnerabilities are detected.

On the reactive side, customers can submit support tickets with up to four self-generated reports per year, regardless of the report type. Our Security team will review the reports and provide fixes for all confirmed critical and selected major issues.