CVE-2016-6325CVE-2016-6325https://liferay.dev/en/c/message_boards/find_thread?p_l_id=119785333&threadId=814602062024-03-28T21:53:12Z2024-03-28T21:53:12ZRE: CVE-2016-6325David H Nebingerhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=814776962016-10-20T12:15:38Z2016-10-20T12:15:38ZThere are changes Liferay makes to a bundle that make it different than an OOTB release.<br /><br />That said, if you have concerns I'd suggest using a tool like BeyondCompare to compare the directories and review all changes and selectively pull in the updated changes.David H Nebinger2016-10-20T12:15:38ZRE: CVE-2016-6325Ahmet Erkochttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=814590532016-10-20T06:46:00Z2016-10-20T06:46:00Z<div class="quote-title">Samuel Kong:</div><blockquote>Hi Ahmet<br /><br />As you noted, CVE-2016-6325 is a vulnerability in Tomcat. It is not a vulnerability in Liferay Portal. So you can check on Tomcat's website for a patch / instructions on how to handle this vulnerability.</blockquote><br /><br />I thought that If I change something in tomcat or update this may broke application. Because my setup is bundle with tomcat. I will take a look. Thanks for quick reply.Ahmet Erkoc2016-10-20T06:46:00ZRE: CVE-2016-6325Samuel Konghttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=814613242016-10-20T06:23:42Z2016-10-20T06:23:42ZHi Ahmet<br /><br />As you noted, CVE-2016-6325 is a vulnerability in Tomcat. It is not a vulnerability in Liferay Portal. So you can check on Tomcat's website for a patch / instructions on how to handle this vulnerability.Samuel Kong2016-10-20T06:23:42ZCVE-2016-6325Ahmet Erkochttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=814588552016-10-20T05:52:48Z2016-10-20T05:52:48ZHi;<br /><br />I didnt find a post abo