Project Roller

Apache Roller 5.1 is expected to be released "soon" (no fixed date yet available). For the Apache Roller trunk branch (i.e., upcoming 5.1), I recently cleaned out the language resource files of unused strings that have accumulated over the years and also introduced generic.* property strings for common functions (Save, Edit, Delete, etc.) that are used in multiple places to further reduce the number of strings that need translation. As a result, each of the language files shrank 25-35%, with the results browsable online. As one can see, Roller 5.1 will be shipping with support for English, Spanish, French, German, Russian, Chinese - Simplified, Japanese, and Korean. (By language support, I'm referring to the user interface for administering your blog--creating blog entries, managing comments, etc.--and certain boilerplate text within your blog templates. For writing blog articles and customizing your blog templates, Roller supports virtually any written language desired.)

However the non-English languages have only between 30-50% of the total strings (roughly 1800 in all) translated. Any strings missing will appear in the default English. If you're looking to deploy Roller in an office or school and wish to have better support for a given language, now would be a great time to check out Roller trunk from Subversion and submit a patch to our JIRA issue tracker, translating some-to-all of the missing strings of your desired language. IntelliJ IDEA Community Edition provides an easy-to-use editor to identify and translate strings present in the English but missing in the other files, and Eclipse offers similar.

The Roller team has made a patch release of the Apache Roller 5 branch, upgrading to the latest 2.3.16.3 release of Struts2 to fix some security issues found in earlier releases of that library. It's recommended to upgrade your Roller installation to this latest version.

Meanwhile, we're getting closer to a new Roller 5.1 release (perhaps within a few weeks), which features fully updated dependencies, a refactored and shrunk code base, and a more modern and simplified user interface. Stay tuned for its release!

Roller committer Glen Mazza (me!) has written a new article providing tips on how to efficiently work with the Apache Roller source code, helpful for those wishing to contribute to Apache Roller development and/or customize it for their particular needs.

The Apache Roller project has announced the availability of a new Apache Roller 5.0.3 release. This new release is identical to Apache Roller 5.0.2 but includes an updated Apache XML-RPC library that fixes a security vulnerability in Roller's XML-RPC feature.

All Roller sites are urged to upgrade to Roller 5.0.3 as soon as possible. Download Apache Roller 5.0.3 at the Roller downloads page here.

You can find a little more information about the vulnerabilities at the links below:

• The official release announcement: Apache Roller 5.0.3 available & upgrade recommended for all Roller sites
• CVE-2014-0030 Apache Roller XML-RPC susceptible to XML Entended Entity attacks

The Apache Roller project has announced the availability of a new Apache Roller 5.0.2 release. This new release is identical to Apache Roller 5.0.1 but with the addition of two security fixes: 1) fix for XSS vulnerability in Roller's search feeds 2) fix for remote code execution vulnerability.

All Roller sites are urged to upgrade to Roller 5.0.2 as soon as possible. Download Apache Roller 5.0.2 at the Roller downloads page here.

You can find a little more information about the vulnerabilities at the links below:

• The official release announcement: Apache Roller 5.0.2 available & upgrade recommended for all Roller sites
• CVE-2013-4171 Apache Roller RSS/Atom Feed templates contain XSS vulnerabilities
• CVE-2013-4212 Apache Roller contains remote code execution vulnerabilities
• This blog entry from Coverity explains the remote execution issue in more detail: Remote Code Execution in Apache Roller via OGNL Injection

Here's a wonderfully detailed and informative (even if you don't intend to use Roller) blog post from Roller committer Glen Mazza about how to install Roller on Red Hat's Open Shift platform as a service (PAAS) offering: Apache Roller on OpenShift

The Apache Roller project has announced the availability of a new Apache Roller 5.0.1 release. This new release is identical to Apache Roller 5.0 but with the addition of two security fixes: 1) fix for Cross-Site Scripting (XSS) vulnerabilities and 2) fix for Cross-Site Resource Forgery (XRSF) vulnerabilities.

All Roller sites are urged to upgrade to Roller 5.0.1 as soon as possible. Download Apache Roller 5.0.1 at the Roller downloads page here

The two security vulnerabilities have been reported to the [Full Disclosure mailing-list at grok.org.uk|http://www.grok.org.uk/full-disclosure/] and the [Bugtraq list at SecurityFocus.com|http://www.securityfocus.com/archive/1]. You can find a little more information about the vulnerabilities at the links below:

• CVE-2012-2380: Roller Cross-Site-Resource-Forgery (XSRF) vulnerability
• CVE-2012-2381: Roller Cross-Site-Scripting (XSS) vulnerability

Here's some more happy Roller news. Apache Roller 5.0 has been released!

<img src='http://rollerweblogger.org/project/mediaresource/3cdaff7b-2745-4dac-89c9-151a3a1ccf26' align='right' style='padding:1em' />

The major new feature in Roller 5.0 is Media Blogging, a set of enhancements to Roller's file upload and management capabilities. Also included in 5.0 are simple multi-site support, ~OpenID and ~OAuth support for Roller's ~AtomPub interface. All major dependencies have been updated and Roller now uses Maven for build and dependency management. You can find a summary of Roller 5.0's new features on the Roller wiki.

The road to Roller 5.0 has been a long one and if you are interested the history, you might want to check Dave Johnson's What's New in Roller 5.0 presentation from ApacheCon US 2009. Roller 5.0 includes contributions from contributors from Google Summer of Code, San Jose State Univ. and the usual cast of Roller committers. Thanks to all who contributed to Roller 5.0 over the years.

To download Apache Roller 5.0 and documentation, visit the Apache Roller download page at the Apache Software Foundation's website.