FreeBSD Port: databases/couchdb upgrade to 2.2

Dave Cottlehuber dch at
Tue Sep 11 06:36:44 UTC 2018

On Mon, 10 Sep 2018, at 11:33, Miroslav Lachman wrote:
> Hi,
> are there any plans to create port for CouchDB 2.2?
> According to latest vulnerability in 1.7.2 and statement on upstream 
> website there are 
> no plans to fix it in 1.7, because this version is no longer supported.

Correct; however:

1. the risk is low (rogue admin destroys the things they already have access to via DB API)
2. update your /_config to exclude this in /usr/local/etc/couchdb/default.ini *note NOTE local.ini
;_config = {couch_httpd_misc_handlers, handle_config_req}

> I am not able to create / maintain CouchDB 2.2 port by myself but I 
> really would like to have not vulnerable version on our server.

I'm focused on getting a thing ready for eurobsdcon and ports stuff has had to take a back seat for a couple of weeks, but it's so close now. The phab review patch is already 100% functional what remains is polishing up the port esp round how it handles docs. Feedback is welcome of course. You can build / install it and send some feedback in.

I'm interested to know how you're using CouchDB on FreeBSD (yay) email me sometime about it!


More information about the freebsd-erlang mailing list