This enhancement introduces configurable default permissions for newly created pages. Admins can set these permissions at both the instance and site levels. Instance-level settings are managed in a new Instance Settings panel, while site-specific overrides can be configured in the Site Configuration area.

We’ve introduced robust Content Security Policy (CSP) capabilities to enhance the security of your digital experience platform. This feature supports eight key directives, including script-src and style-src among others, ensuring secure handling of scripts, styles, images, and more. By leveraging these directives, developers can mitigate cross-site scripting (XSS) attacks and data injection risks. The CSP implementation aligns with modern web security standards, offering both flexibility and protection. Administrators can now enforce stricter security policies without compromising functionality.

Key benefits:

• Enhanced Security: Mitigates risks of XSS and data injection attacks by controlling resource loading and execution.

• Compliance-Friendly: Aligns with industry-standard security requirements, supporting stricter compliance protocols.

• Customizable Policies: Allows developers to tailor CSP directives to meet specific project or organizational needs.

• Improved Trust: Strengthens end-user trust by providing a more secure and reliable platform experience.

Official release of Liferay Data Sets, moving from Beta to Release! Data Sets are a powerful and flexible way to retrieve, manage, visualize, and interact with structured data in Liferay DXP. Built on top of Objects and leveraging Liferay’s robust ecosystem, Data Sets exemplify the “build Liferay with Liferay” philosophy. With seamless integration with compatible Headless APIs, administrators can easily configure Data Sets and empower end-users with a rich, customizable experience for consuming and interacting with data.

Key benefits:

• Retrieve Data: Fetch information from any compatible Headless API to use as a Data Set source.

• Manage Flexibility: Administrators can customize what parts of the API response are included, along with filters, sorting options, and available actions.

• Visualize Data: Multiple visualization options make it easier than ever for end-users to consume data meaningfully.

• Enable Interaction: End-users can interact dynamically with data using the filters, actions, and tools configured by administrators.

To ensure the quality, stability, and modernity of Liferay DXP, we've updated to React 18, bringing significant benefits in security, performance, and compatibility. This update is critical to maintaining DXP's status as a robust and future-proof platform.

Key benefits:

• Security Enhancements: Older library versions can expose vulnerabilities. Upgrading to React 18 mitigates these risks by incorporating the latest security patches.

• Performance Improvements: React 18 introduces features like concurrent rendering, which enhances responsiveness and load handling for better user experiences.

• Enhanced Compatibility: Upgrading ensures DXP aligns with modern tools and frameworks, minimizing integration challenges and future-proofing our development processes.

• Continued Support: Staying current with React’s ecosystem ensures ongoing access to community updates, bug fixes, and innovations.

The Marketplace release of the Liferay Connector to OpenSearch 2 provides an alternative to Elasticsearch for Self-Hosted Liferay deployments.

This connector integrates Liferay DXP with OpenSearch 2.12+, the open source and enterprise grade search engine. OpenSearch offers lexical search for text data, robust scalability and extensibility, and vector search for applications using embeddings, such as Liferay's Semantic Search.

The installation of this app requires specific configurations covered in the official documentation. For detailed compatibility information, see the Search Engine Compatibility Matrix.

The OpenSearch integration is currently a Beta feature with the intention to make it GA in the future.

Official release of Liferay Data Sets, moving from Beta to Release! Data Sets are a powerful and flexible way to retrieve, manage, visualize, and interact with structured data in Liferay DXP. Built on top of Objects and leveraging Liferay’s robust ecosystem, Data Sets exemplify the “build Liferay with Liferay” philosophy. With seamless integration with compatible Headless APIs, administrators can easily configure Data Sets and empower end-users with a rich, customizable experience for consuming and interacting with data.

Key benefits:

• Retrieve Data: Fetch information from any compatible Headless API to use as a Data Set source.

• Manage Flexibility: Administrators can customize what parts of the API response are included, along with filters, sorting options, and available actions.

• Visualize Data: Multiple visualization options make it easier than ever for end-users to consume data meaningfully.

• Enable Interaction: End-users can interact dynamically with data using the filters, actions, and tools configured by administrator

Implemented proactive access token management with automated email notifications. Users will now receive alerts 1 month, 10 days, and 1 day prior to token expiration, allowing for timely renewal and preventing service disruptions. Notifications are automatically cancelled if a new token is generated.

Key benefits:

• Users are notified before token expiration, allowing for timely renewal and uninterrupted access.

• Reducing administrative overhead, as automated notifications eliminate the need for manual monitoring and intervention.

• By prompting timely renewals, the risk of using expired and potentially compromised tokens is minimized.

The SSL Certificate Management view now provides expiration alerts for certificates nearing expiration (e.g., within 30 days) and those that have already expired. Certificates must now be defined exclusively through the LCP.json file, simplifying management and ensuring consistency across deployments. This update reduces manual errors and ensures secure and uninterrupted deployments.

Highlights:

• Expiration Alerts: Notifications for certificates nearing expiration and those already expired, with clear visual indicators.

• Exclusive LCP.json Configuration: Certificates can only be defined through the LCP.json file.

• Improved Visibility: Organized list view showing certificate names, types, associated domains, and expiration dates.

• Proactive Management: Tools and alerts to help users maintain secure SSL/TLS configurations.