Perl upgrade - 5.20.x vulnerable

Mathieu Arnold mat at
Sat Aug 20 17:07:25 UTC 2016

+--On 20 août 2016 16:25:24 +0200 Walter Schwarzenfeld
<w.schwarzenfeld at> wrote:
| Someone posted it in the FreeBSD Forum (in the moment I don't find it).
| but:
| 5.20     5.20.3     End of life     2015-09-12
| Nearly, just a year ago.

It is not really true.  perlpolicy says:

       o   We "officially" support the two most recent stable release
series.  5.14.x and earlier are now out of support.  As of the release of
5.20.0, we will "officially" end support for Perl 5.16.x, other than
providing security updates as described below.

       o   To the best of our ability, we will attempt to fix critical
issues in the two most recent stable 5.x release series.  Fixes for the
current release series take precedence over fixes for the previous release

       o   To the best of our ability, we will provide "critical" security
patches / releases for any major version of Perl whose 5.x.0 release was
within the past three years.  We can only commit to providing these for the
most recent .y release in any 5.x.y series.

So, it is more or less still supported.

| and we have it as default version.
| (It seems all overlooked it, and I wonder about).

It is not overlooked.  As soon as mod_perl supports anything after 5.20,
I'll change the default to 5.24.

The current rate of Perl releases is a new major release each May, my goal
is to switch to it on the next September.  Right now, the only thing
holding back is mod_perl.

Mathieu Arnold
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 949 bytes
Desc: not available
URL: <>

More information about the freebsd-ports mailing list