Date: Tue, 11 Sep 2018 08:36:41 +0200 From: Dave Cottlehuber <dch@skunkwerks.at> To: Miroslav Lachman <000.fbsd@quip.cz> Cc: erlang@FreeBSD.org, FreeBSD Ports <ports@freebsd.org> Subject: Re: FreeBSD Port: databases/couchdb upgrade to 2.2 Message-ID: <1536647801.1620034.1503828744.64BEDF8C@webmail.messagingengine.com> In-Reply-To: <59924f6d-765a-9f0e-67fb-2518d11c1c78@quip.cz> References: <59924f6d-765a-9f0e-67fb-2518d11c1c78@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 10 Sep 2018, at 11:33, Miroslav Lachman wrote: > Hi, > > are there any plans to create port for CouchDB 2.2? > According to latest vulnerability in 1.7.2 and statement on upstream > website http://docs.couchdb.org/en/stable/cve/2018-11769.html there are > no plans to fix it in 1.7, because this version is no longer supported. Correct; however: 1. the risk is low (rogue admin destroys the things they already have access to via DB API) 2. update your /_config to exclude this in /usr/local/etc/couchdb/default.ini *note NOTE local.ini [httpd_global_handlers] ;_config = {couch_httpd_misc_handlers, handle_config_req} > I am not able to create / maintain CouchDB 2.2 port by myself but I > really would like to have not vulnerable version on our server. I'm focused on getting a thing ready for eurobsdcon and ports stuff has had to take a back seat for a couple of weeks, but it's so close now. The phab review patch is already 100% functional https://reviews.freebsd.org/D16819 what remains is polishing up the port esp round how it handles docs. Feedback is welcome of course. You can build / install it and send some feedback in. I'm interested to know how you're using CouchDB on FreeBSD (yay) email me sometime about it! A+ Dave
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1536647801.1620034.1503828744.64BEDF8C>