While FreeBSD is, on the whole, a lovely server operating system and the ports collection was, at one time, a lovely software distribution mechanism created in an era when such things weren't at all common, the ports collection has been showing its age for quite a while now.
One of the most infuriating things about the ports collection is the ports freeze. These occur for periods of several weeks (sometimes even a month or more) during the runup to every FreeBSD release. Since ports is entirely dependent on CVS, and since, for reasons I don't understand but nevertheless find utterly baffling, the ports management team aren't willing to create a stable branch of the ports tree from which to do the release and would rather freeze the trunk, this means that there is a long, dead period when software managed via the ports collection cannot be updated through ports.
Invariably, ports freezes seem to be the time when all manner of security vulnerabilities are patched, particularly in PHP. Of course, since the ports tree is frozen, these patches can't be committed, so FreeBSD server administrators are left with the choice of waiting out the freeze and hoping nobody bothers exploiting the vulnerabilities or patching the affected software manually, which can (in the case of something as huge and with as many dependencies as PHP) be an enormous pain in the ass.
I'm not sure what malevolent entity is responsible for ensuring that ports freeze announcements are always followed by a plethora of vulnerability announcements, but I sure wish they'd stop it. It's annoying.