If there are any reproducible and unintended issues encountered while using Liferay Digital Experience Platform, Liferay Portal EE, and Liferay Commerce ("the product") in a compatible environment and fault is found to be with the product, then Liferay Subscription Services will seek to resolve the issue through patching or configuration changes according to the product service life.
There are several areas of the product usage which have specific support coverage, including:
- Liferay defines translation issues as incorrect vocabulary, untranslated text, grammatical errors or confusing language. The categorization of a translation issue will be determined by the Liferay localization expert for each supported language.
- Liferay seeks to resolve issues with the product translations in the following languages:
- Arabic (Saudi Arabia, 7.2+), Catalan (Spain), Chinese Simplified, Dutch (Netherlands), English (America), Finnish, French (France), German, Hungarian, Japanese, Portuguese (Brazil), Spanish (Spain), and Swedish (7.2+).
- The translation of any text not included in the language.properties with the initial release or subsequent service releases of a product is the responsibility of the customer.
- Liferay defines localization issues as any display, formatting or presentation issues which are unique to a specific region or locale. The categorization of a localization issue will be determined by the Liferay localization expert for each supported language.
- Liferay may provide additional Liferay Marketplace applications to assist with the localization of specific locales as determined by the Liferay product manager. If a localization application is released on the Liferay Marketplace, then localization product defects may be resolved for that localization. The intended functionality of the localization application will be determined by the Liferay localization expert.
- If there is no Liferay Marketplace localization application released for a specific locale (including the locales listed above), then the localization of any fields within any Liferay products are the responsibility of the customer.
Web accessibility refers to the usability of websites by people of all abilities and disabilities.
WCAG 2.1 Standard
The product is tested for compliance with WCAG 2.1 standard and attempt to satisfy all AA requirements for end user facing UIs and interactions. If specific elements of the product violate the standard, then the resolution of those issues would fall under the Product Defects policy.
Product accessibility requests will be addressed if the reported issue is for guest users and concerns basic navigation (e.g., keyboard navigation, focus management or screen reader issues).
Liferay is not required to address accessibility issues concerning portal or portlet administration, authenticated user experience, application administration or control panel issues.
Text or contrast issues are the responsibility of the customer to resolve through theming or further customization.
Section 508 and ADA Compliance
The revised standards for Section 508 is WCAG 2.0 conformance. As such, issues dealing with Section 508 of the Rehabilitation Act of 1973 or Americans with Disabilities Act (ADA) standards will be approached as compliance with the WCAG 2.0 AA standard.
Liferay products are not ensured as fully compliant with Section 508 of the Rehabilitation Act of 1973 or Americans with Disabilities Act (ADA) standards. Compliance can be achieved through customization of the product. Any customization of Liferay DXP or Liferay Portal EE made in order to achieve Section 508 or ADA compliance will fall under the Customizations support coverage.
Due to the complexity of accessibility issues, the resolution of those issues will be on a case-by-case basis.
With regards to third-party integrations, Liferay DXP and Liferay Commerce have been designed to work with a wide array of HTML text editors. This article outlines product compatibility with these third-party integrations.
- Liferay ensures that the WYSIWYG editors included in the product are operational and functional.
- Liferay seeks to resolve defects found in the included text editors if the defect is within a feature intended to be packaged with the product.
- Liferay will provide configuration guidance for each text editor included with the product.
- Any customizations to the included text editors, additional text editor features or the integration of additional text editors are the responsibility of the customer.
- Any attempt to change the version of a specific text editor included in the product outside of product patching is the responsibility of the customer.
The product has several themes included. Themes included with the product should not be utilized in a production environment. Issues with the included themes will be reported to the product team and may be resolved on a case-by-case basis. The resolution of that issue will be included in a future version of the product.
Issues reported concerning the theme infrastructure, the styled theme or the unstyled theme may be resolved according to the Product Defects policy.
Liferay is committed to producing software products that are enterprise-grade with respect to security as well as quality and features. We understand that it is essential for our enterprise customers to keep their IT stack free of security vulnerabilities.
Ideally, security issues will be reported with steps to reproduce in a clean product instance. Issues which arise on a security scan can also be reported. Please share the entire report when disclosing security issues to Subscription Services. Security issues discovered through an automated scan deemed by Subscription Services to be false positives or unexploitable will be handled on a case-by-case basis.
Within 72 hours of discovering or being notified of a potential vulnerability, Liferay will attempt to reproduce the issue using the supplied information. If the vulnerability is reproducible and if a ticket does not already exist for the vulnerability, then a private (non-public) ticket will be created. The ticket will be classified into one of the pre-defined severity levels and the details of the vulnerability will be documented in the ticket.
For more information regarding our security policy and known vulnerabilities please see our Security Advisories page.