roller-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave <snoopd...@gmail.com>
Subject Apache Roller 5.0.2 available & upgrade recommended for all Roller sites
Date Wed, 30 Oct 2013 21:23:54 GMT
New release: Apache Roller 5.0.2 is now available on Apache mirrors
world-wide and you can find it here:

   http://roller.apache.org/downloads/downloads.html

This release fixes two security vulnerabilities in Roller, listed below:
   CVE-2013-4171 Apache Roller RSS/Atom Feed templates contain XSS
vulnerabilities
   CVE-2013-4212 Apache Roller contains remote code execution
vulnerabilities

Because the above are serious security vulnerabilities, we recommend
that all sites running Apache Roller upgrade to this new release as
soon as possible.

Thanks,
Dave

-- 
Dave M. Johnson
Apache Roller PMC Chair
http://rollerweblogger.org/roller

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message