1. ホーム
  2. Portal
  3. Is the latest released Portal Docker image vulnerable to CVE-2025-24813?

Is the latest released Portal Docker image vulnerable to CVE-2025-24813?

1年前 に Jamie Sammons によって更新されました。
Is the latest released Portal Docker image vulnerable to CVE-2025-24813?
New Member 投稿: 2 参加年月日: 25/03/25 最新の投稿

Hey everyone,

I am currently running the Liferay Portal image locally for a PoC but since patching would be an issue in a production environment I am curious about the support structure here.

Does anyone know if the latest released Docker image (https://hub.docker.com/r/liferay/portal/tags) is vulnerable to CVE-2025-24813?

And if so, is there any pattern to how new Docker images with patches are published? Like how many weeks does it usually take etc.?

Or is there any sort of workaround where one could override the tomcat version in some way?

Thanks!

docker images portal tomcat
thumbnail
1年前 に Daniel Carrillo Broeder によって更新されました。
RE: Is the latest released Portal Docker image vulnerable to CVE-2025-24813?
New Member 投稿: 2 参加年月日: 24/02/14 最新の投稿

Liferay is not vulnerable with its bundle/docker image default configuration( Liferay and CVE-2025-24813 ). Also, the Tomcat version will be updated the future.

You can create a temporary container if you want to verify the specific Tomcat version of a tag:

docker run -it -entrypoint /bin/bash --name test liferay/portal:7.4.3.132-ga132

$ java -cp /opt/liferay/tomcat/lib/catalina.jar org.apache.catalina.util.ServerInfo
Server version: Apache Tomcat/9.0.98
...