What is the fastest (and safest for production) way to get the fixed version of a package that has vulnerabilities?
For example, I'm running 14.3-p5 and a somewhat recent package audit yielded the following:
apache24-2.4.65_1 is vulnerable:
Apache httpd -- Multiple vulnerabilities
CVE: CVE-2025-55753
CVE: CVE-2025-58098
CVE: CVE-2025-59775
CVE: CVE-2025-65082
CVE: CVE-2025-66200
WWW: https://vuxml.freebsd.org/freebsd/6ebe4a30-d138-11f0-af8c-8447094a420f.html
Heading to the above listed page, I can see that an updated version has been released:
Installed packages to be UPGRADED:
apache24: 2.4.65_1 -> 2.4.66 [FreeBSD
Is tracking the latest branch instead of the quarterly branch the only to get this security fix quickly and/or safely? Or, am I missing some other more appropriate method to achieve the same goal for a production server? I have always admired and relied on FreeBSD's stability and don't want to sacrifice that if it can be avoided. However, the idea that I may have to go as long as 3 months before getting a security fix on my server that was fixed long before that doesn't seem acceptable either.
Thanks in advance!
For example, I'm running 14.3-p5 and a somewhat recent package audit yielded the following:
apache24-2.4.65_1 is vulnerable:
Apache httpd -- Multiple vulnerabilities
CVE: CVE-2025-55753
CVE: CVE-2025-58098
CVE: CVE-2025-59775
CVE: CVE-2025-65082
CVE: CVE-2025-66200
WWW: https://vuxml.freebsd.org/freebsd/6ebe4a30-d138-11f0-af8c-8447094a420f.html
Heading to the above listed page, I can see that an updated version has been released:
Fixed in Apache HTTP Server 2.4.66
Checking the version of apache24 on the latest branch, I see that there is an updated package:Installed packages to be UPGRADED:
apache24: 2.4.65_1 -> 2.4.66 [FreeBSD
Is tracking the latest branch instead of the quarterly branch the only to get this security fix quickly and/or safely? Or, am I missing some other more appropriate method to achieve the same goal for a production server? I have always admired and relied on FreeBSD's stability and don't want to sacrifice that if it can be avoided. However, the idea that I may have to go as long as 3 months before getting a security fix on my server that was fixed long before that doesn't seem acceptable either.
Thanks in advance!
