Project Roller

Blogs, news and views

Blog Better! Roller is the open source Java blog server that drives Apache Software Foundation blogs and others. Read more on the about page.

Site hosted by

Quick Links

Navigation

« Apache Roller 5.0... | Main | Roller on OpenShift »

Apache Roller 5.0.1 security fix release now available

06.24.2012 by Dave Johnson | 0 Comments

The Apache Roller project has announced the availability of a new Apache Roller 5.0.1 release. This new release is identical to Apache Roller 5.0 but with the addition of two security fixes: 1) fix for Cross-Site Scripting (XSS) vulnerabilities and 2) fix for Cross-Site Resource Forgery (XRSF) vulnerabilities.

All Roller sites are urged to upgrade to Roller 5.0.1 as soon as possible. Download Apache Roller 5.0.1 at the Roller downloads page here

The two security vulnerabilities have been reported to the [Full Disclosure mailing-list at grok.org.uk|http://www.grok.org.uk/full-disclosure/] and the [Bugtraq list at SecurityFocus.com|http://www.securityfocus.com/archive/1]. You can find a little more information about the vulnerabilities at the links below:

CVE-2012-2380: Roller Cross-Site-Resource-Forgery (XSRF) vulnerability
CVE-2012-2381: Roller Cross-Site-Scripting (XSS) vulnerability

« Apache Roller 5.0... | Main | Roller on OpenShift »