roller-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave <>
Subject Apache Roller 5.0.1 available & upgrade recommended for all Roller sites
Date Sun, 24 Jun 2012 17:03:19 GMT
New release: Apache Roller 5.0.1 is now available on Apache mirrors
world-wide and you can find it here:

This release fixes two security vulnerabilities in Roller, listed below:
   CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability
   CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability

Because the above are serious security vulnerabilities, we recommend
that all sites running Apache Roller upgrade to this new release as
soon as possible.


Dave M. Johnson
Apache Roller PMC Chair

View raw message