Return-Path: 
 <user-return-6746-apmail-roller-user-archive=roller.apache.org@roller.apache.org>
X-Original-To: apmail-roller-user-archive@www.apache.org
Delivered-To: apmail-roller-user-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 5D86E9A3E
	for <apmail-roller-user-archive@www.apache.org>;
 Sun, 24 Jun 2012 17:03:46 +0000 (UTC)
Received: (qmail 95059 invoked by uid 500); 24 Jun 2012 17:03:46 -0000
Delivered-To: apmail-roller-user-archive@roller.apache.org
Received: (qmail 94831 invoked by uid 500); 24 Jun 2012 17:03:45 -0000
Mailing-List: contact user-help@roller.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@roller.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@roller.apache.org>
List-Post: <mailto:user@roller.apache.org>
List-Id: <user.roller.apache.org>
Reply-To: user@roller.apache.org
Delivered-To: mailing list user@roller.apache.org
Received: (qmail 94815 invoked by uid 99); 24 Jun 2012 17:03:45 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 24 Jun 2012 17:03:45 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of snoopdave@gmail.com
 designates 209.85.216.180 as permitted sender)
Received: from [209.85.216.180] (HELO mail-qc0-f180.google.com)
 (209.85.216.180)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 24 Jun 2012 17:03:40 +0000
Received: by qcmv28 with SMTP id v28so1945053qcm.11
        for <multiple recipients>; Sun, 24 Jun 2012 10:03:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=ZcsPKRQ63UAUly/AdENmkyeh28RbwFZZRqh1LyqSLVA=;
        b=Ub2By4dXucDE6TvZQU7npTToT9M2arf6v2JnQoCEKvYfSM8wS412y1NmAAfotouefR
         Ia2a+mIDjN4ZQcP0sPQ3P6Do3FBxDIz7SJ8v/BVV5puZWh9BMogQACVupbpN6LgXOTXf
         JylJ2omAXEDDQCfFTYLmLLM4esK1weU+bFh8IHUzQsx9gZNQwDO4fWb1JD7G1rCITMBL
         QgFuv1IqZkaK03Qmnkcm/lU7tyO+iGfGd4MZ3TwB2h6x4TiDjgItQOJPqB7xfRY71BoO
         ZiHEilaa4gwy+jZq3G9QfbDotkVXjFpwMQmLoOGU/14Tn+UJHd89LFe0e3G6tPRTXLTE
         kn8w==
MIME-Version: 1.0
Received: by 10.224.205.194 with SMTP id fr2mr16966185qab.66.1340557399380;
 Sun, 24 Jun 2012 10:03:19 -0700 (PDT)
Received: by 10.229.87.73 with HTTP; Sun, 24 Jun 2012 10:03:19 -0700 (PDT)
Date: Sun, 24 Jun 2012 13:03:19 -0400
Message-ID: 
 <CAF1aazDr5UqZakTrPLTUhQRj0ZGg_kv8NyLaQgs37wKzk8wTbQ@mail.gmail.com>
Subject: Apache Roller 5.0.1 available & upgrade recommended for all Roller
 sites
From: Dave <snoopdave@gmail.com>
To: user <user@roller.apache.org>, dev@roller.apache.org, security@apache.org
Content-Type: text/plain; charset=ISO-8859-1
X-Virus-Checked: Checked by ClamAV on apache.org

New release: Apache Roller 5.0.1 is now available on Apache mirrors
world-wide and you can find it here:

   http://roller.apache.org/downloads.html

This release fixes two security vulnerabilities in Roller, listed below:
   CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability
   CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability

Because the above are serious security vulnerabilities, we recommend
that all sites running Apache Roller upgrade to this new release as
soon as possible.

Thanks,
Dave


-- 
Dave M. Johnson
Apache Roller PMC Chair
http://rollerweblogger.org/roller