Jakarta Tomcat version 5 has a security issue that is fixed in newer version. Updating the version of the port should fix it. Fix: Update Jakarta to latest release version. How-To-Repeat: # cd www/jakarta-tomcat5/ # make ===> jakarta-tomcat-5.0.30_3 has known vulnerabilities: => tomcat -- Tomcat Manager cross-site scripting. Reference: <http://www.FreeBSD.org/ports/portaudit/26a08c77-32da-4dd7-a884-a76fc49aa824.html> => Please update your ports tree and try again. *** Error code 1 Stop in /usr/ports/www/jakarta-tomcat5.
On Fri, Apr 28, 2006 at 03:29:03PM +0000, Yann Golanski wrote: > > >Synopsis: Jakarta Tomcat 5 is not up to date. [...] > Jakarta Tomcat version 5 has a security issue that is fixed in newer version. Updating the version of the port should fix it. Did you tried that? If it works for you, can you please send a patch? Btw it's always a good idea to CC: the maintainer and include category/port in the synopsis. -- Vasil Dimov gro.DSBeerF@dv Testing can show the presence of bugs, but not their absence. -- Edsger W. Dijkstra
State Changed From-To: open->feedback Awaiting maintainers feedback
State Changed From-To: feedback->open Maintainer timeout.
Responsible Changed From-To: freebsd-ports-bugs->lawrance I need to fix some other problems with tomcat, might as well grab this one too.
State Changed From-To: open->feedback lawrence, what's the state of this? The port itself is still at the vulnerable version, but it is not so marked.
State Changed From-To: feedback->closed Fixed, thanks.