Current default version of Perl 5, 5.20, has reached end of life last year. A recent vulnerability was fixed in the ports tree, but one cannot expect bug fixes from upstream anymore.
Assign to portmgr as default-versions.mk is unmaintained and an exp-run is likely. Request feedback from Perl maintainer (perl) and ports-secteam as stakeholders (security)
The plan was to make 5.22 the default last september and 5.24 this september. We're still waiting for mod_perl to do an official release supporting anything after 5.20. As soon as mod_perl is fixed, I think I will switch to 5.24 as the default.
N.B. Perl 5.20 is not actually end of life for critical security fixes. perl.org's policy is actually 3 years from release of 5.x.0. 5.20.0 was released on 2014-May-27, so its real end of support life for critical security fixes (despite other statements on perl.org which directly contradict this) is actually 2017-May-27. See http://perldoc.perl.org/perlhist.html and http://perldoc.perl.org/perlpolicy.html
(In reply to Mathieu Arnold from comment #2) Steve Hay told me that as soon as the official Perl 5.22 release is out, he'll release mod_perl 2.0.10 with the fix (already in Git).
(In reply to Terry Kennedy from comment #4) > (In reply to Mathieu Arnold from comment #2) > > Steve Hay told me that as soon as the official Perl 5.22 release is out, > he'll release mod_perl 2.0.10 with the fix (already in Git). Yes, I know, I'm just waiting for it :-)