Hello Security Researchers,

We are pleased to announce the release of Liferay DXP 2025.Q4. We encourage you to update your testing efforts to this latest version.

Please be aware of the following important updates regarding submissions effecting Liferay DXP 2025.Q3.

New Submissions:

• Liferay DXP 2025.Q3 is out of scope.
• Effective immediately, we will no longer accept new submissions that exclusively affect the Liferay DXP 2025.Q3 version.

Handling of existing, open submissions:

• If you have an existing, open submission that targets the Liferay DXP 2025.Q3 version, please do not worry about refusal due to the new quarterly release.
• These submissions will be evaluated based on the version they were originally submitted against. If the finding is valid (meets all other program policy requirements), it will be accepted and processed as usual.

Thank you for your continued valuable work in helping us secure our product!

The Liferay Security Team

Hello Security Researchers,

Thank you to the entire community for the incredible response to our Public Liferay DXP Bug Bounty program launch. We are delighted with the volume of high-quality reports received.

To ensure we can effectively handle the current backlog and maintain our commitment to timely triage, we are temporarily pausing the acceptance of new submissions.

We will continue to process all existing reports according to our policy. We appreciate your patience and look forward to reopening the program soon.

Keep an eye on this page for an update on when submissions will resume.

Thank you for making this launch a huge success!

The Liferay Security Team