269426 – devel/artifactory: please update to latest stable version

Bug 269426 - devel/artifactory: please update to latest stable version

Summary: devel/artifactory: please update to latest stable version

Status:	Open

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	freebsd-ports-bugs (Nobody)

URL:
Keywords:	needs-patch

Depends on:
Blocks:

Reported:	2023-02-09 02:21 UTC by Marcelo Ruiz
Modified:	2024-02-08 03:30 UTC (History)
CC List:	7 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (dharrigan)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcelo Ruiz 2023-02-09 02:21:10 UTC

Comment 1 Marcelo Ruiz 2023-02-09 02:23:49 UTC

The port seems to have a very outdated version of artifactory, and it would be great if it could be updated to reflect the latest 7.x branch

Comment 2 Robert Clausecker freebsd_committer

2023-05-04 16:15:32 UTC

Could you provide a patch for the update?

Comment 3 Lapo Luchini 2023-08-16 13:28:24 UTC

Also embedded Tomcat 8.5.23.0 has some serious CVEs, it would be better to upgrade to latest 8.5.89.0.
https://tomcat.apache.org/security-8.html

Comment 4 Fernando Apesteguía freebsd_committer

2023-08-18 06:15:24 UTC

(In reply to Lapo Luchini from comment #3)
I will mark the port as FORBIDDEN today.

Comment 5 commit-hook freebsd_committer

2023-08-19 17:52:22 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=a13e8d285c9195e769514732ea4493c90432e39f

commit a13e8d285c9195e769514732ea4493c90432e39f
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2023-08-18 06:13:43 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2023-08-19 17:51:31 +0000

    devel/artifactory: Mark as FORBIDDEN

    Port hasn't been updated since 2018 an ships a very old version of Tomcat with
    multiple vulnerabilities.

    PR:             269426
    Reported by:    lapo@lapo.it

 devel/artifactory/Makefile | 3 +++
 1 file changed, 3 insertions(+)

Comment 6 commit-hook freebsd_committer

2023-08-19 17:53:24 UTC

A commit in branch 2023Q3 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=be89efd78347e3c661cb83ee6fbb45c129fb0307

commit be89efd78347e3c661cb83ee6fbb45c129fb0307
Author:     Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2023-08-18 06:13:43 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2023-08-19 17:53:07 +0000

    devel/artifactory: Mark as FORBIDDEN

    Port hasn't been updated since 2018 an ships a very old version of Tomcat with
    multiple vulnerabilities.

    PR:             269426
    Reported by:    lapo@lapo.it

    (cherry picked from commit a13e8d285c9195e769514732ea4493c90432e39f)

 devel/artifactory/Makefile | 3 +++
 1 file changed, 3 insertions(+)

Comment 7 Daniel Engberg freebsd_committer

2023-08-19 18:03:54 UTC

This seems to be the latest version available? https://releases.jfrog.io/artifactory/bintray-artifactory/org/artifactory/oss/jfrog-artifactory-oss/7.63.12/

Comment 8 Mark Linimon freebsd_committer

2024-02-08 03:30:41 UTC

^Triage: this is a request, but no patch to update the port has been submitted.