Project Roller

Blogs, news and views

Blog Better! Roller is the open source Java blog server that drives Apache Software Foundation blogs and others. Read more on the about page.

Site hosted by

Quick Links

Navigation

« Apache Roller 5.0.2... | Main | New article on codin... »

Apache Roller 5.0.3 security fix release now available

01.11.2014 by Dave Johnson | 0 Comments

The Apache Roller project has announced the availability of a new Apache Roller 5.0.3 release. This new release is identical to Apache Roller 5.0.2 but includes an updated Apache XML-RPC library that fixes a security vulnerability in Roller's XML-RPC feature.

All Roller sites are urged to upgrade to Roller 5.0.3 as soon as possible. Download Apache Roller 5.0.3 at the Roller downloads page here.

You can find a little more information about the vulnerabilities at the links below:

The official release announcement: Apache Roller 5.0.3 available & upgrade recommended for all Roller sites
CVE-2014-0030 Apache Roller XML-RPC susceptible to XML Entended Entity attacks

« Apache Roller 5.0.2... | Main | New article on codin... »