Re: Security issues with www/minio
- In reply to: Tom Hukins : "Security issues with www/minio"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 18 Feb 2023 17:43:13 UTC
On Sat, Feb 18, 2023 at 5:02 PM Tom Hukins <tom@freebsd.org> wrote: > Hi, > > The www/minio port provides an outdated, insecure version of MinIO. > > This issue was raised on 2022-12-30 in > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268656 and five days > ago I provided a VuXML patch at > https://github.com/freebsd/freebsd-ports/pull/158 which I have updated > several times as security/vuxml/vuln/2023.xml has changed. > Thanks for the vuxml entry. It landed in https://cgit.freebsd.org/ports/commit/?id=b16091e19db403fa19c514ec5ac4c15045e402ef About the port itself, I'm quite unfamiliar with it but I see it is more than a year behind upstream in terms of releases. > I note that the www/minio maintainer, swills@, has not committed to the > ports tree since 2022-03-13 so someone else might need to update the > port. However, it would help to apply the VuXML patch soon so that the > port's users know of its security problems. > > Tom > >