Project Roller

Apache Roller 5.1.2 has been released and is available for download here Roller download page.

This release takes care of a potential security problem involving bloggers with admin permissions on a blog being able by default to execute arbitrary code on the server hosting Roller. As a reminder, even without this issue, as bloggers can blog and instantly post anything and everything including copyrighted, privacy-infringing, and other objectionable content, do not grant blog-writing accounts above the "Limited" role (can edit but not post blog entries) to people whom you do not thoroughly know and trust.

Below is the list of fixes and enhancements over Roller 5.1.1:

• ROL-2057 - Missing NPE check in Roller PageServlet class
• ROL-2058 - No salt renewal on POST request
• ROL-2059 - Comment preview is invisible in Gaurav theme
• ROL-2060 - Missing custom.css import in tags_index.vm in Gaurav theme
• ROL-2061 - Wrong next month link of Calendar
• ROL-2062 - Missing NPE check in IndexOperation#getDocument()
• ROL-2064 - Add viewport meta tag to Gaurav theme
• ROL-2065 - Gaurav sometimes displaying empty summary as unresolved "$entry.summary"
• ROL-2066 - Comment URLs using https:// not saving properly in Gaurav theme
• ROL-2067 - Velocity configuration improvement