Project Roller

The Apache Roller project is pleased to announce the release of Roller 6.1.4! This release includes several updates and improvements to enhance the security, stability, and functionality of your Roller installations.

Dowload the latest release from: 

    https://www.apache.org/dyn/closer.cgi/roller/roller-6.1/v6.1.4

Key Changes in Apache Roller 6.1.4

Safer defaults

As of Roller 6.1.4, several default settings have been updated to enhance security for multi-user weblog sites:

• HTML content sanitization: Roller now sanitizes all HTML content by default to prevent malicious content. This is controlled by the weblogAdminsUntrusted=true property in your roller-custom.properties file.
• Custom themes and file-uploads disabled by default. You can enable this feature via the Server Admin page if you trust your users, as these features can pose security risks.
• Better CSRF and XSS protection by user-specific and one-time-use salts.

Dependency updates

Over 20 mostly minor dependency updates including Spring, Eclipse-Link JPA, Log4j, Lucene, and more.

Bug fixes

Fixed some bugs that impacted category create, update and delete.

The Apache Roller project is pleased to announce the availability of Roller 6.1.3, a release that includes some minor bug fixes, dependency updates and input sanitization changes. If you run a multi-user Roller site and you do not trust your users, you should upgrade as this release fixed a couple of XSS vulnerabiltiies.

https://roller.apache.org/downloads/downloads.html

You can find some more details about the release in the vote thread here:

https://lists.apache.org/thread/xnnf63bdzmq7z08ptdptyg5c30rfvzq5

Thanks to all who helped out with this release!

The Apache Roller project is pleased to announce the availability of Roller 6.1.1, a release that upgrades many dependencies including  Spring, Struts, Lucene, Log4J, Guice and Bouncy Castle. The release and convenience binaries can be found on the Roller project download page here:

The Roller PMC has approved the release of Apache Roller 6.0.2, a minor bug fix release.

The Apache Roller community is pleased to announce the release of Apache Roller 6.0.0, the latest and greatest release of Roller. For more details of the changes introduced with this new version please refer to the release notes in JIRA. In summary, Roller 6 is a new version of Roller with these features:

• Web interface has been rewritten to use Twitter bootstrap via the Struts 2 Bootstrap tags.
• Most dependencies have been upgraded to the latest version.
• Compiled with Java 11 and requires Java 11.
• The installation guide has been converted from OpenOffice to AsciiDocs.

It should be relatively easy to upgrade from Roller 5.2.4 to Roller 6 because there are no changes to the database schema (that means you can easily roll back if you find problems). The user interface is different and we hope you'll find it better, easier to use, more intuitive and with a more modern feel.

Thanks to the many contributors to Roller for this new release. We hope you'll enjoy and find it useful.

Apache Roller is available on the download page: 

    https://roller.apache.org/downloads/downloads.html 

For more information on Apache Roller, visit the project website:

    https://roller.apache.org 

The Apache Roller community is pleased to announce the release of Roller v5.2.4, a bug fix release that fixes a problem introduced in Roller 5.2.3. The Xinha-based rich-text editor was broken in 5.2.3 and this release fixes that.

The release may be downloaded from the Roller project download page:

    http://roller.apache.org/downloads/downloads.html

Thanks,

The Apache Roller community