Project Roller

The Apache Roller project is pleased to announce the release of Roller 6.1.4! This release includes several updates and improvements to enhance the security, stability, and functionality of your Roller installations.

Dowload the latest release from: 

    https://www.apache.org/dyn/closer.cgi/roller/roller-6.1/v6.1.4

Key Changes in Apache Roller 6.1.4

Safer defaults

As of Roller 6.1.4, several default settings have been updated to enhance security for multi-user weblog sites:

• HTML content sanitization: Roller now sanitizes all HTML content by default to prevent malicious content. This is controlled by the weblogAdminsUntrusted=true property in your roller-custom.properties file.
• Custom themes and file-uploads disabled by default. You can enable this feature via the Server Admin page if you trust your users, as these features can pose security risks.
• Better CSRF and XSS protection by user-specific and one-time-use salts.

Dependency updates

Over 20 mostly minor dependency updates including Spring, Eclipse-Link JPA, Log4j, Lucene, and more.

Bug fixes

Fixed some bugs that impacted category create, update and delete.