When it comes to its own IP and FOSS licensing compliance, Liferay follows the OpenChain ISO/IEC 5230 standard and first self-certified in 2019 following the 2.0 version of the standard. This assures that we have the appropriate people, policies and processes in place for effective IP compliance.

To assist our customers with their IP/license and security compliance we offer our paying customers and partners Software Bills of Material (SBOM) for Liferay DXP in the ISO/IEC 5962 SPDX format (as well as CycloneDX, if required). Both formats fulfil the requirements as set up in the (US) Executive Order on Improving the Nation’s Cybersecurity (EO 14028) and the definition of the EU Cyber Resilience Act (CRA).

We mark our own source code following the REUSE.software community best practices. This makes working with our code base very predictable, as you can very simply tell which code is ours and under which license.

While we do take both our and others’ IP seriously, we do realise that sometimes accidents happen. Which is why for all our LGPL- and GPL-licensed code we pledge (since 2018) to apply the more lenient cure and reinstatement provisions from GPL-3.0, following the GPLv3 Common Cure Rights Commitment.

When it comes to patent protection, Liferay Inc. is member of the Open Invention Network – the largest patent non-aggression community.

If you believe that your, or another party's, intellectual property has been copied in such a way that constitutes infringement, please follow the instructions on the Claims of Copyright Infringement web page.

If you have any further inquiries relating to our Open Source use or compliance, please address them to [email protected].