roller-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave <snoopd...@gmail.com>
Subject Apache Roller 5.0.1 available & upgrade recommended for all Roller sites
Date Sun, 24 Jun 2012 17:03:19 GMT
New release: Apache Roller 5.0.1 is now available on Apache mirrors
world-wide and you can find it here:

   http://roller.apache.org/downloads.html

This release fixes two security vulnerabilities in Roller, listed below:
   CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability
   CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability

Because the above are serious security vulnerabilities, we recommend
that all sites running Apache Roller upgrade to this new release as
soon as possible.

Thanks,
Dave


-- 
Dave M. Johnson
Apache Roller PMC Chair
http://rollerweblogger.org/roller

Mime
View raw message