Date: Sat, 20 Aug 2016 19:07:16 +0200 From: Mathieu Arnold <mat@FreeBSD.org> To: Walter Schwarzenfeld <w.schwarzenfeld@utanet.at>, freebsd-ports@freebsd.org Subject: Re: Perl upgrade - 5.20.x vulnerable Message-ID: <ACE417D1B13FC687A6C70553@atuin.in.mat.cc> In-Reply-To: <0f189ec8-d430-018f-1496-39303d917644@utanet.at> References: <2915322d-0b1a-d36e-0725-c10bd0d32b7c@cloudzeeland.nl> <0f189ec8-d430-018f-1496-39303d917644@utanet.at>
next in thread | previous in thread | raw e-mail | index | archive | help
--==========C76DECA889BCF65FA123========== Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline +--On 20 ao=C3=BBt 2016 16:25:24 +0200 Walter Schwarzenfeld <w.schwarzenfeld@utanet.at> wrote: | Someone posted it in the FreeBSD Forum (in the moment I don't find it). | but: | http://www.cpan.org/src/ | 5.20 5.20.3 End of life 2015-09-12 |=20 | Nearly, just a year ago. It is not really true. perlpolicy says: o We "officially" support the two most recent stable release series. 5.14.x and earlier are now out of support. As of the release of 5.20.0, we will "officially" end support for Perl 5.16.x, other than providing security updates as described below. o To the best of our ability, we will attempt to fix critical issues in the two most recent stable 5.x release series. Fixes for the current release series take precedence over fixes for the previous release series. o To the best of our ability, we will provide "critical" security patches / releases for any major version of Perl whose 5.x.0 release was within the past three years. We can only commit to providing these for the most recent .y release in any 5.x.y series. So, it is more or less still supported. | and we have it as default version. |=20 | (It seems all overlooked it, and I wonder about). It is not overlooked. As soon as mod_perl supports anything after 5.20, I'll change the default to 5.24. The current rate of Perl releases is a new major release each May, my goal is to switch to it on the next September. Right now, the only thing holding back is mod_perl. --=20 Mathieu Arnold --==========C76DECA889BCF65FA123========== Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJXuI5JXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzQUI2OTc4OUQyRUQxMjEwNjQ0MEJBNUIz QTQ1MTZGMzUxODNDRTQ4AAoJEDpFFvNRg85IRWMP/2ctczNgn11SzHdhjFOr57v1 1jiKsh8ttLJXDJhcKLTjIJ1E18qH6pKmjJAAq+6BLc/sb05piT0u4of6/4ciK5dq vty5hfKibV7645iZwMP0yX6SEJZjQk0r83MySiOFKekMyR4k/tHPu7ivE0XxlX75 XU0sGjbjmSRsCTXQR6L4O9hioK0c7oPO9rK/A9nACJzoE5UspYfGqmxt1v5Kv0ed nMrF9sYrzZ8tCV4nhwHYIpeHVOsfvnQxlbwMVmSbnMtQCpj+18vL+ApZC1ewRPaV CD09uYawwnCXg4L4UQU39L4FsaRoELSmj4gGYWtcUvknIl08LCAEskH1F0GVXHQH U769blJjiuFgxylum7ozOknN2FbAdKSkwpZ55onUzIoXDad9I3ATkcUydw+ITWjZ RF/indUlwOibAuBgzhRS9VcNNHHvaqNyFRmOWdfmUvbR+e047mKWP35NlHBRn2/G UlfIEiNrIepgRBewvz22eCZgqbcH59zWu10rhJQ+UPeekN9m553er85D4I7Wwx3c PAqtJWp3i/HhwzVrhDg70ArxToLRfnptvuMZ6qLevJ3r+dD1uBS06eJCilw5RhrC PFMnv9jwWqiYO6prs9C57n174byKNdHyZgBOPsoCc+Nz969U8oJkcUrLtvl+ZovB 9TsHVv5xePBl7V/ckSDp =4LcO -----END PGP SIGNATURE----- --==========C76DECA889BCF65FA123==========--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ACE417D1B13FC687A6C70553>