Bug 250207 - www/payara: Port update to 5.2020.4 and vulnerabilities update
Summary: www/payara: Port update to 5.2020.4 and vulnerabilities update
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Kurt Jaeger
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-10-08 19:05 UTC by Dmytro Bilokha
Modified: 2020-10-09 06:19 UTC (History)
1 user (show)

See Also:
dmytro: maintainer-feedback+

Attachments
www/payara port update patch (66.25 KB, patch)
2020-10-08 19:05 UTC, Dmytro Bilokha 		no flags Details | Diff
security/vuxml/vuln.xml patch to include vulnerabilities of the older Payara versions (4.42 KB, patch)
2020-10-08 19:07 UTC, Dmytro Bilokha 		dmytro: maintainer-approval+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dmytro Bilokha 2020-10-08 19:05:04 UTC 
Created attachment 218614 [details]
www/payara port update patch

This ticket contains two patches attached:
1. Update of www/payara to the latest version (5.2020.4) which contains new API support, new features/improvements and fixes for security issues. Here is the link to the release notes: https://docs.payara.fish/community/docs/5.2020.4/release-notes/release-notes-2020-4.html
2. vuxml patch to include vulnerabilities in older versions of the www/payara.
Comment 1 Dmytro Bilokha 2020-10-08 19:07:06 UTC 
Created attachment 218615 [details]
security/vuxml/vuln.xml patch to include vulnerabilities of the older Payara versions
Comment 2 commit-hook freebsd_committer freebsd_triage 2020-10-09 05:29:25 UTC 
A commit references this bug:

Author: pi
Date: Fri Oct  9 05:28:46 UTC 2020
New revision: 551744
URL: https://svnweb.freebsd.org/changeset/ports/551744

Log:
  www/payara: update 5.183 -> 5.2020.4

  PR:		250207
  Submitted by:	Dmytro Bilokha <dmytro@posteo.net> (maintainer)
  Relnotes:	https://docs.payara.fish/community/docs/5.2020.4/release-notes/release-notes-2020-4.html
  MFH:		2020Q4
  Security:	CVE-2020-6950

Changes:
  head/www/payara/Makefile
  head/www/payara/distinfo
  head/www/payara/pkg-plist
Comment 3 commit-hook freebsd_committer freebsd_triage 2020-10-09 05:32:27 UTC 
A commit references this bug:

Author: pi
Date: Fri Oct  9 05:32:22 UTC 2020
New revision: 551745
URL: https://svnweb.freebsd.org/changeset/ports/551745

Log:
  security/vuxml: add CVEs for www/payara

  - CVE-2020-6950 Eclipse Mojarra vulnerable to path trasversal flaw
    via either loc/con parameters
  - CVE-2019-12086 A Polymorphic Typing issue was discovered in
    FasterXML jackson-databind 2.x before 2.9.9
  - some more

  PR:		250207
  Submitted by:	Dmytro Bilokha <dmytro@posteo.net>

Changes:
  head/security/vuxml/vuln.xml
Comment 4 Kurt Jaeger freebsd_committer freebsd_triage 2020-10-09 05:33:24 UTC 
Committed, thanks! Pending MFH approval
Comment 5 commit-hook freebsd_committer freebsd_triage 2020-10-09 06:19:35 UTC 
A commit references this bug:

Author: pi
Date: Fri Oct  9 06:19:00 UTC 2020
New revision: 551747
URL: https://svnweb.freebsd.org/changeset/ports/551747

Log:
  MFH: r551744

  www/payara: update 5.183 -> 5.2020.4

  PR:		250207
  Submitted by:	Dmytro Bilokha <dmytro@posteo.net> (maintainer)
  Relnotes:	https://docs.payara.fish/community/docs/5.2020.4/release-notes/release-notes-2020-4.html
  Security:	CVE-2020-6950
  Approved by:	ports-secteam (fluffy)

Changes:
_U  branches/2020Q4/
  branches/2020Q4/www/payara/Makefile
  branches/2020Q4/www/payara/distinfo
  branches/2020Q4/www/payara/pkg-plist