[Bug 208462] Security issue in java/struts

Sat Apr 2 02:48:53 UTC 2016

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208462

            Bug ID: 208462
           Summary: Security issue in java/struts
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs at FreeBSD.org
          Reporter: pfg at FreeBSD.org

There has been a recent advisory:

http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000042.html
https://jvn.jp/en/jp/JVN86448949/index.html

However ...

1) We have been using a binary release to avoid the managing dependencies and
other issues related to building with maven.
2) The Apache Software EOL'd struts 1, so they won't be releasing official
updates. There is version 1.3.10 but it is not clear if it addresses any
security issue.

Given there is no port maintainer it may be advisable mark it restricted and
deprecate the package.

-- 
You are receiving this mail because:
You are the assignee for the bug.