To be clear: I'm not going to lament on that move. I love consequence, and I love it even more when it comes to IT-security. So there is no but ...20180810:
AFFECTS: databases/postgresql??-server
AUTHOR: girgen@FreeBSD.org
The PostgreSQL server packages are no longer built with support for the XML
datatype per default. To retain support for the XML datatype you should build
the port and check the XML option in the option dialog. The reason for this
is the bad security reputation of libxml2.
The port textproc/libxml2 is heavily depend on.
pkg query %ro libxml2
gives a nice output here, and probably you might get also a nice list. And yeah
pkg delete libxml2
won't be the fix. The question is, why should I have such a port with a bad reputation on nearly all of my systems. Shouldn't that be substituted by something better? What to do?
Gently inviting for a security oriented discussion.