Bug 250207

Summary: www/payara: Port update to 5.2020.4 and vulnerabilities update
Product: Ports & Packages Reporter: Dmytro Bilokha <dmytro>
Component: Individual Port(s)Assignee: Kurt Jaeger <pi>
Status: Closed FIXED    
Severity: Affects Only Me CC: pi
Priority: --- Flags: dmytro: maintainer-feedback+
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
www/payara port update patch
none
security/vuxml/vuln.xml patch to include vulnerabilities of the older Payara versions dmytro: maintainer-approval+

Description Dmytro Bilokha 2020-10-08 19:05:04 UTC 
Created attachment 218614 [details]
www/payara port update patch

This ticket contains two patches attached:
1. Update of www/payara to the latest version (5.2020.4) which contains new API support, new features/improvements and fixes for security issues. Here is the link to the release notes: https://docs.payara.fish/community/docs/5.2020.4/release-notes/release-notes-2020-4.html
2. vuxml patch to include vulnerabilities in older versions of the www/payara.
Comment 1 Dmytro Bilokha 2020-10-08 19:07:06 UTC 
Created attachment 218615 [details]
security/vuxml/vuln.xml patch to include vulnerabilities of the older Payara versions
Comment 2 commit-hook freebsd_committer freebsd_triage 2020-10-09 05:29:25 UTC 
A commit references this bug:

Author: pi
Date: Fri Oct  9 05:28:46 UTC 2020
New revision: 551744
URL: https://svnweb.freebsd.org/changeset/ports/551744

Log:
  www/payara: update 5.183 -> 5.2020.4

  PR:		250207
  Submitted by:	Dmytro Bilokha <dmytro@posteo.net> (maintainer)
  Relnotes:	https://docs.payara.fish/community/docs/5.2020.4/release-notes/release-notes-2020-4.html
  MFH:		2020Q4
  Security:	CVE-2020-6950

Changes:
  head/www/payara/Makefile
  head/www/payara/distinfo
  head/www/payara/pkg-plist
Comment 3 commit-hook freebsd_committer freebsd_triage 2020-10-09 05:32:27 UTC 
A commit references this bug:

Author: pi
Date: Fri Oct  9 05:32:22 UTC 2020
New revision: 551745
URL: https://svnweb.freebsd.org/changeset/ports/551745

Log:
  security/vuxml: add CVEs for www/payara

  - CVE-2020-6950 Eclipse Mojarra vulnerable to path trasversal flaw
    via either loc/con parameters
  - CVE-2019-12086 A Polymorphic Typing issue was discovered in
    FasterXML jackson-databind 2.x before 2.9.9
  - some more

  PR:		250207
  Submitted by:	Dmytro Bilokha <dmytro@posteo.net>

Changes:
  head/security/vuxml/vuln.xml
Comment 4 Kurt Jaeger freebsd_committer freebsd_triage 2020-10-09 05:33:24 UTC 
Committed, thanks! Pending MFH approval
Comment 5 commit-hook freebsd_committer freebsd_triage 2020-10-09 06:19:35 UTC 
A commit references this bug:

Author: pi
Date: Fri Oct  9 06:19:00 UTC 2020
New revision: 551747
URL: https://svnweb.freebsd.org/changeset/ports/551747

Log:
  MFH: r551744

  www/payara: update 5.183 -> 5.2020.4

  PR:		250207
  Submitted by:	Dmytro Bilokha <dmytro@posteo.net> (maintainer)
  Relnotes:	https://docs.payara.fish/community/docs/5.2020.4/release-notes/release-notes-2020-4.html
  Security:	CVE-2020-6950
  Approved by:	ports-secteam (fluffy)

Changes:
_U  branches/2020Q4/
  branches/2020Q4/www/payara/Makefile
  branches/2020Q4/www/payara/distinfo
  branches/2020Q4/www/payara/pkg-plist