Hi! > PHP 8.1 is what the largest number of our customers still runs and with > another > 5 months of upstream support I fail to see how we can force them to upgrade > *now*. Or tell them "sorry, no updates, anymore". > > So what would you suggest to get all packages to the latest quarterly version? > > Use a separate ports tree for PHP 8.1. and checkout an older libxml release > in that one?
Yes. > I am still not quite sure I understand the issue. I'll search for some info > from > the PHP project in the meantime. Why the ports tree made the update: fixes for CVE-2024-56171, CVE-2025-24928, and CVE-2025-32414 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287391 Because not upgrading blocked some GNOME stuff (and lots of other stuff that depends on libxml2): https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279705 It really is dependency hell, with no clear way out. -- [email protected] +49 171 3101372 Now what ?
