git: b88d607c23 - main - Status/2023Q1/freshports.adoc: Add report

From: Lorenzo Salvadore <>
Date: Tue, 11 Apr 2023 15:06:58 UTC
The branch main has been updated by salvadore:


commit b88d607c2379254ffccc2922576831e20e8dc61b
Author:     Dan Langille <>
AuthorDate: 2023-04-07 18:33:41 +0000
Commit:     Lorenzo Salvadore <>
CommitDate: 2023-04-11 15:06:15 +0000

    Status/2023Q1/freshports.adoc: Add report
    Approved by:    carlavilla (mentor)
    Pull Request:
 .../status/report-2023-01-2023-03/freshports.adoc  | 48 ++++++++++++++++++++++
 1 file changed, 48 insertions(+)

diff --git a/website/content/en/status/report-2023-01-2023-03/freshports.adoc b/website/content/en/status/report-2023-01-2023-03/freshports.adoc
new file mode 100644
index 0000000000..1ffc32e770
--- /dev/null
+++ b/website/content/en/status/report-2023-01-2023-03/freshports.adoc
@@ -0,0 +1,48 @@
+=== Freshports: SQL Injection Attack and Help Request
+Links: +
+link:[FreshPorts] URL:[] +
+link:[FreshPorts blog] URL: link:[]
+Contact: Dan Langille <>
+FreshPorts and FreshSource have reported upon FreeBSD commits for 20 years. They cover all commits, not just ports.
+FreshPorts tracks the commits and extracts data from the port Makefiles to create a database of information useful to both port maintainers and port users.
+For example, link:[] shows the history of the package:security/[] port, back to its creation in May 2017.
+Also available are dependencies, flavors, configuration options, and available packages.
+All of this is useful for both users and developers of ports.
+==== SQL Injection Attack
+In March, an SQL injection attack was noticed and the website was patched.
+Notices were sent out via our Twitter account, our status page, and a notice on the top of each page of the website.
+The immediate attack vector was shutdown and soon patched.
+Additional preventative patches were added across the website.
+Everything we know about has been fixed.
+Users were notified and advised to change their passwords.
+Details at:
+* link:[]
+* link:[]
+==== Help Needed
+It has been over 22 years since FreshPorts started.
+Others must take over eventually.
+I’d like to start that process now.
+There are several aspects to FreshPorts:
+* FreeBSD admin (updating the OS and packages)
+* front end code (website - mostly PHP)
+* back end code (commit processing - Perl, Python, shell)
+* database design (PostgreSQL).
+The database does not change very often and requires little maintenance compared to the applications and OS.
+The website pretty much runs itself.
+From time to time, a change to the FreeBSD ports infrastructure breaks something or requires a modification, but there is rarely any urgency to fix that.
+This is not a huge time commitment.
+There is a lot of learning.
+While not a complex application, FreshPorts is also not trivial.