Blog Better! Roller is the open source Java blog server that drives Apache Software Foundation blogs and others. Read more on the about page.

Site hosted by Digital Ocean



« Apache Roller 5.2... | Main

Apache Roller 5.2.3 released

07.11.2019 by Dave Johnson | 0 Comments

The Apache Roller community is pleased to announce the release of Roller v5.2.3, a bug fix release with some minor improvements. You can find the list of fixes and improvements at the end of this email.

Release may be downloaded from the Roller project download page:

    http://roller.apache.org/downloads/downloads.html

Roller 5.2.3 also fixes a Cross-site Scripting (XSS) vulnerability (CVE-2019-0234) in Roller's comment authenticator, so users are strongly encouraged to upgrade as soon as possible.

Thanks,

The Apache Roller community


Changes in Roller 5.2.3

Bug fixes:

[ROL-2100] - HTTPS Scheme Enforcement feature removed

[ROL-2127] - Automatic database upgrade fails

[ROL-2129] - duplicate index on roller_oauthconsumer as Primary Key

[ROL-2132] - Remember-me fails when LDAP used for auth

[ROL-2135] - Comment Authenticator fix

[ROL-2138] - NOTICE file does not have standard content

[ROL-2143] - Fix mvn jetty:run

Improvements:

[ROL-2137] - Require rememberme.key to be set

Tests:

[ROL-2142] - Skip RSS/Atom feed fetcher tests on Java 1.7

« Apache Roller 5.2... | Main