It seems that version 2.4.7 includes an extra patch addressing CVE-2025-23016: https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.7
Created attachment 265736 [details] Update fcgi to 2.4.7
1. Maintainer is John von Essen <john@essenz.com> - last activity 2019. 2. Fix CVE.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=1a30da80670973368b399f2b01fe9c04b91a1273 commit 1a30da80670973368b399f2b01fe9c04b91a1273 Author: Christos Chatzaras <chris@cretaforce.gr> AuthorDate: 2025-12-01 02:11:24 +0000 Commit: Vladimir Druzenko <vvd@FreeBSD.org> CommitDate: 2025-12-01 02:11:24 +0000 www/fcgi: Update 2.4.6 => 2.4.7 (fixes CVE-2025-23016) Commit log: https://github.com/FastCGI-Archives/fcgi2/compare/2.4.6...2.4.7 Changelog: https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.7 PR: 291307 Approved by: John von Essen <john@essenz.com> (maintainer, implicit - last activity 2019) Security: CVE-2025-23016 MFH: 2025Q4 www/fcgi/Makefile | 7 +++---- www/fcgi/distinfo | 6 +++--- 2 files changed, 6 insertions(+), 7 deletions(-)
While here optimize strip and remove unnecessary MKDIR - COPYTREE_SHARE create dir self.
A commit in branch 2025Q4 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=02853b7f8adb7a27f4adf6e9187ce180b88e4ff5 commit 02853b7f8adb7a27f4adf6e9187ce180b88e4ff5 Author: Christos Chatzaras <chris@cretaforce.gr> AuthorDate: 2025-12-01 02:11:24 +0000 Commit: Vladimir Druzenko <vvd@FreeBSD.org> CommitDate: 2025-12-01 02:16:19 +0000 www/fcgi: Update 2.4.6 => 2.4.7 (fixes CVE-2025-23016) Commit log: https://github.com/FastCGI-Archives/fcgi2/compare/2.4.6...2.4.7 Changelog: https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.7 PR: 291307 Approved by: John von Essen <john@essenz.com> (maintainer, implicit - last activity 2019) Security: CVE-2025-23016 MFH: 2025Q4 (cherry picked from commit 1a30da80670973368b399f2b01fe9c04b91a1273) www/fcgi/Makefile | 7 +++---- www/fcgi/distinfo | 6 +++--- 2 files changed, 6 insertions(+), 7 deletions(-)
Thanks.