This enhancement introduces configurable default permissions for newly created pages. Admins can set these permissions at both the instance and site levels. Instance-level settings are managed in a new Instance Settings panel, while site-specific overrides can be configured in the Site Configuration area.

Improved keyboard navigation and column resizing for Miller columns. Users can now navigate between columns both horizontally (deeper levels) and vertically (same level) using the keyboard. Column widths are also responsive, adapting to different screen sizes.

Added logging to indicate the completion of fragment deployments via the deploy folder. This provides better visibility into the deployment process and allows for tracking deployment duration.

There are some advantages of including a message like that, for example:

• Count the duration of a deployment
• See the fragment progress deployment until it is deployed.

We’ve introduced robust Content Security Policy (CSP) capabilities to enhance the security of your digital experience platform. This feature supports eight key directives, including script-src and style-src among others, ensuring secure handling of scripts, styles, images, and more. By leveraging these directives, developers can mitigate cross-site scripting (XSS) attacks and data injection risks. The CSP implementation aligns with modern web security standards, offering both flexibility and protection. Administrators can now enforce stricter security policies without compromising functionality.

Key benefits:

• Enhanced Security: Mitigates risks of XSS and data injection attacks by controlling resource loading and execution.

• Compliance-Friendly: Aligns with industry-standard security requirements, supporting stricter compliance protocols.

• Customizable Policies: Allows developers to tailor CSP directives to meet specific project or organizational needs.

• Improved Trust: Strengthens end-user trust by providing a more secure and reliable platform experience.

Official release of Liferay Data Sets, moving from Beta to Release! Data Sets are a powerful and flexible way to retrieve, manage, visualize, and interact with structured data in Liferay DXP. Built on top of Objects and leveraging Liferay’s robust ecosystem, Data Sets exemplify the “build Liferay with Liferay” philosophy. With seamless integration with compatible Headless APIs, administrators can easily configure Data Sets and empower end-users with a rich, customizable experience for consuming and interacting with data.

Key benefits:

• Retrieve Data: Fetch information from any compatible Headless API to use as a Data Set source.

• Manage Flexibility: Administrators can customize what parts of the API response are included, along with filters, sorting options, and available actions.

• Visualize Data: Multiple visualization options make it easier than ever for end-users to consume data meaningfully.

• Enable Interaction: End-users can interact dynamically with data using the filters, actions, and tools configured by administrators.

To ensure the quality, stability, and modernity of Liferay DXP, we've updated to React 18, bringing significant benefits in security, performance, and compatibility. This update is critical to maintaining DXP's status as a robust and future-proof platform.

Key benefits:

• Security Enhancements: Older library versions can expose vulnerabilities. Upgrading to React 18 mitigates these risks by incorporating the latest security patches.

• Performance Improvements: React 18 introduces features like concurrent rendering, which enhances responsiveness and load handling for better user experiences.

• Enhanced Compatibility: Upgrading ensures DXP aligns with modern tools and frameworks, minimizing integration challenges and future-proofing our development processes.

• Continued Support: Staying current with React’s ecosystem ensures ongoing access to community updates, bug fixes, and innovations.

The Centralized Products Eligibility and Configuration Management feature empowers catalog managers to efficiently manage individual products through multiple configuration pages containing all catalog’s products. With tools for manual configuration, eligibility-based visibility, and some bulk editing, this feature ensures streamlined operations and enhanced control over product offerings. Additionally, it enables faster and smarter management of product eligibility for channels, order types and accounts.

Key benefits:

1. Improved Catalog Management Efficiency:

• Simplified product configuration editing via a centralized, flat table view.

• Streamlined workflows for managing product attributes like visibility, minimum/maximum quantities, eligibility and much more.

• Avoid duplicating products to manage specific configurations by modifying targeted configurations instead.

• Perform batch updates on visibility, eligibility, and other product attributes for multiple products, whilst inheriting base setting from the Master catalog configuration

• Leverage pre-filled default master configurations to ensure consistency and simplify product setup when adding new products in a catalog.

2. Enhanced Control over Product Eligibility and Visibility:

• Define and manage eligibility rules tailored to specific customer groups, channels, and accounts

• Quickly adjust product availability and settings for various markets and segments (e.g. B2B vs B2C).

• Streamline the management of seasonal items or time-sensitive offerings using configuration scheduling.

We added External Reference Codes for references in widget configurations in Content Management applications. This helps promote data integrity when pages and their widgets are migrated across environments.

Highlights:

References within the following page widgets now use ERC’s instead of internal ID’s:

• Announcements
• Web Content Display
• Category Filters
• Questions

We added External Reference Codes for Categories and Tags and their associated API’s, improving their portability for data migration scenarios.

Highlights: 

• Users can now perform CRUD operations using a Tag’s ERC through its headless API (Keyword)

• Users can now perform CRUD operations using a Category’s ERC through its headless API (TaxonomyCategory)

We added several API endpoints for Documents & Media to improve programmatic management of these entities.

Highlights:

• Users can now add, delete, and retrieve document types via headless API (DocumentDataDefinitionType)

• Users can now add, delete, and retrieve document metadata sets via headless API (DocumentMetadataSet)

Elasticsearch 8.17 has been tested and added to the compatibility matrix.

Liferay Self-Hosted deployments can update the Elastic stack to this version. For Liferay PaaS projects, as usual, a new Elasticsearch image will be provided under Liferay Cloud’s Docker Hub account.

As it was first highlighted in the Release Notes of 2024.Q3, per Elastic’s product lifecycle, Elasticsearch 7.17.x versions are supported and maintained until Elasticsearch version 9 is released.

While Elastic does not provide specific release dates for future releases, for Elasticsearch 9.0.0, the new release is anticipated in early calendar year 2025.

Compatibility with Elasticsearch 8 is available on Liferay DXP 7.4 U81+: Operating Liferay 7.4 GA/Update 81+ with Elasticsearch 8 - Liferay.

Note: The Elasticsearch 8.x compatibility is provided through the bundled Elasticsearch 7 connector and the REST API Compatibility of Elasticsearch 8.

The Marketplace release of the Liferay Connector to OpenSearch 2 provides an alternative to Elasticsearch for Self-Hosted Liferay deployments.

This connector integrates Liferay DXP with OpenSearch 2.12+, the open source and enterprise grade search engine. OpenSearch offers lexical search for text data, robust scalability and extensibility, and vector search for applications using embeddings, such as Liferay's Semantic Search.

The installation of this app requires specific configurations covered in the official documentation. For detailed compatibility information, see the Search Engine Compatibility Matrix.

The OpenSearch integration is currently a Beta feature with the intention to make it GA in the future.

Implemented proactive access token management with automated email notifications. Users will now receive alerts 1 month, 10 days, and 1 day prior to token expiration, allowing for timely renewal and preventing service disruptions. Notifications are automatically cancelled if a new token is generated.

Key benefits:

• Users are notified before token expiration, allowing for timely renewal and uninterrupted access.

• Reducing administrative overhead, as automated notifications eliminate the need for manual monitoring and intervention.

• By prompting timely renewals, the risk of using expired and potentially compromised tokens is minimized.

Data imports, using batch engine, now allows users to preserve content creator information (if required). Previously, imported content with batch was always assigned the user performing the import, resulting in loss of original authorship data when moving content. This update ensures accurate attribution of content ownership (if required).

Key benefits:

• Able to keep critical user information during data promotion between environments

• Can be configured separately per import process