Project Roller
Blogs, news and views
Blog Better! Roller is the open source Java blog server that drives Apache Software Foundation blogs and others. Read more on the about page.
Quick Links
Navigation
Apache Roller 5.2.3 released
07.11.2019 by Dave Johnson | 0 Comments
The Apache Roller community is pleased to announce the release of Roller v5.2.3, a bug fix release with some minor improvements. You can find the list of fixes and improvements at the end of this email.
Release may be downloaded from the Roller project download page:
http://roller.apache.org/downloads/downloads.html
Roller 5.2.3 also fixes a Cross-site Scripting (XSS) vulnerability (CVE-2019-0234) in Roller's comment authenticator, so users are strongly encouraged to upgrade as soon as possible.Thanks,
The Apache Roller community
Changes in Roller 5.2.3
Bug fixes:
[ROL-2100] - HTTPS Scheme Enforcement feature removed
[ROL-2127] - Automatic database upgrade fails
[ROL-2129] - duplicate index on roller_oauthconsumer as Primary Key
[ROL-2132] - Remember-me fails when LDAP used for auth
[ROL-2135] - Comment Authenticator fix
[ROL-2138] - NOTICE file does not have standard content
[ROL-2143] - Fix mvn jetty:run
Improvements:
[ROL-2137] - Require rememberme.key to be set
Tests:
[ROL-2142] - Skip RSS/Atom feed fetcher tests on Java 1.7
Apache Roller 5.2 released!
11.06.2017 by Dave Johnson | 0 Comments
The Apache Roller community is pleased to announce the release of Roller 5.2.0. This release includes some small improvements to Roller and a couple dozen bug fixes. It also upgrades many dependencies including Apache Struts 2.5 and eliminates use of Dynamic Method Invocation (DMI).
The list of resolved JIRA issues is here: JIRA Change List
Release may be downloaded from the Roller project Downloads Page
Enjoy!
About Roller
05.08.2017 by Dave Johnson | 0 Comments
Apache Roller is the open source Java blog server that once powered the ground-breaking employee blogging site blogs.sun.com, FreeRoller, JavaLobby's JRoller community and still powers the Apache Software Foundation blogs. If you want to set up a Java-powered blog server for yourself or for several thousand of your closest friends, try Roller!
Roller supports fundamental weblogging features such as group blogging, RSS and Atom newsfeeds, rich-text editing, customizable page templates, comments, pings, trackbacks, blogroll management and provides Atom Publishing Protocol and XML-RPC interfaces for blogging clients.
Roller was featured in an O'Reilly OnJava.com article on April 17, 2002. That article is no longer online, but you can read it here: Building an Open Source J2EE Weblogger (PDF).
For more information...
For more information about Roller, see the Apache Roller website and the Roller WIKI
Apache Roller 5.1.2 Released!
03.30.2015 by Glen | 0 Comments
Apache Roller 5.1.2 has been released and is available for download here Roller download page.
This release takes care of a potential security problem involving bloggers with admin permissions on a blog being able by default to execute arbitrary code on the server hosting Roller. As a reminder, even without this issue, as bloggers can blog and instantly post anything and everything including copyrighted, privacy-infringing, and other objectionable content, do not grant blog-writing accounts above the "Limited" role (can edit but not post blog entries) to people whom you do not thoroughly know and trust.
Below is the list of fixes and enhancements over Roller 5.1.1:
- ROL-2057 - Missing NPE check in Roller PageServlet class
- ROL-2058 - No salt renewal on POST request
- ROL-2059 - Comment preview is invisible in Gaurav theme
- ROL-2060 - Missing custom.css import in tags_index.vm in Gaurav theme
- ROL-2061 - Wrong next month link of Calendar
- ROL-2062 - Missing NPE check in IndexOperation#getDocument()
- ROL-2064 - Add viewport meta tag to Gaurav theme
- ROL-2065 - Gaurav sometimes displaying empty summary as unresolved "$entry.summary"
- ROL-2066 - Comment URLs using https:// not saving properly in Gaurav theme
- ROL-2067 - Velocity configuration improvement
Apache Roller 5.1.1 Released!
10.01.2014 by Glen | 0 Comments
Apache Roller 5.1.1 has been released, offering the following fixes/enhancements over Roller 5.1:
- ROL-1387 - In creating tag aggregate counts (for tag clouds, etc.), count tags only from published blog entries
- ROL-1620 - Plus signs in Category names result in 404s for Atom and RSS feeds
- ROL-2050 - Have Design Tab default to Templates page when custom themes are being used (speeds up template customization)
- ROL-2051 - Themes not falling back to standard templates when mobile ones undefined (affecting ability for Roller to be read from tablets and smartphones.)
- ROL-2052 - Custom stylesheets not being updated correctly when user switches between shared and custom themes.
- ROL-2054 - Newly saved categories not appearing on blog
- ROL-2055 - Comment search should be case-insensitive
Update needed for Roller 5.1 blogs to display on smartphones/tablets
09.02.2014 by Glen | 0 Comments
Note (1 October 2014): Below problem has been fixed with the latest Roller 5.1.1 release.
Apache Roller 5.1 has a bug in which the standard blog theme templates are not being activated when no mobile theme templates are defined, resulting in blogs not being readable in most cases from tablets or smartphones. (Roller 5.1 now allows the option of separate templates, called template renditions, for mobile and standard displays, however the standard rendition is supposed to be activated when a mobile rendition is not defined.) I've just committed a fix to this problem in Roller trunk, i.e., the future Apache Roller 5.1.1. Until we have a new release, here are some solutions to this problem:
Upgrade to a snapshot version of Roller containing the fix - Providing you've already upgraded to Roller 5.1, switching to a patched version should be just a simple switch of the WAR file. First checkout and build Roller tag http://svn.apache.org/repos/asf/roller/tags/roller_5.1.0-ROL2051patch and redeploy the WAR. You can alternatively just deploy Roller 5.1.1-SNAPSHOT (i.e., trunk), which at the point of publication of this blog entry is the same as the above tag, however with additional commits to the trunk over time bugs and incompatibilities may pop up as we develop the code. As with any upgrade, good to manually back up any custom (modified) templates and stylesheets so you can bring them in again if a problem occurs in the upgrade, however this particular patch should not have any effect on customized templates.
Switch to the basic-mobile theme. This theme already has separate mobile and standard renditions explicitly defined in its theme.xml descriptor.
For shared themes in the WEB-INF/themes folder of the WAR, in the theme.xml (for example here for basic), duplicate each rendition, marking one for standard and one for mobile, just as done right now with the basic-mobile theme. Such a change will result in Roller 5.1 picking up the same template regardless of device type. If you've customized a shared theme however, back up your templates as you will probably need to copy them over once you re-import the new shared theme.
Upgrading Roller 5.1-SNAPSHOT database instances
07.07.2014 by Glen | 0 Comments
Apache Roller trunk (i.e., 5.1-SNAPSHOT) will automatically upgrade any Roller database that was part of an official release from Roller 3.1 onwards during its install process. Follow the Apache Roller installation guide for more information on this process, including making sure that you do a safety back up of your database prior to running the install.
However, for those who have earlier deployed unreleased 5.1-SNAPSHOT versions, neither later 5.1-SNAPSHOTs nor the future release 5.1 will be able to automatically upgrade your SNAPSHOT database, which will create a incompatibility issue if database changes occurred in development since the snapshot version you deployed. This will necessitate some manual database upgrade changes prior to moving to the later version of Roller.
To determine if any manual database changes are needed, check the revision number located on the footer of the Roller login page, i.e., the (rXXXXXX) value at the end of the "Powered by Apache Roller Weblogger Version 5.1.0-SNAPSHOT" string. Then, using the source control repository of the createdb.vm file, do a comparison (using the "select for diffs" links) between versions of the file immediately preceding that version number and either the latest version of the file (for a future 5.1-SNAPSHOT) or the version just before but no later than the release date of Roller 5.1.
For example, here is a comparison between March 2014 and May 2014 database instances. Note the createdb.vm does not provide the actual SQL statements needed for your particular database instance (as that will vary depending on the database you're using) but just the pseudocode SQL informing you which tables and columns need deletion, creation, modification, etc. Check your database's manuals for information on the necessary SQL statement syntax for table alterations, and of course back up your database first.