I downloaded the 5.0.1-RC1 zip and upgraded my site to use it locally on Tomcat 6. I only did some brief testing, but it looks good.
+1 Cheers, Matt On May 21, 2012, at 9:17 PM, Dave wrote: > I've prepared a first Release Candidate (RC) for Apache Roller 5.0.1 > and you can find it at the link below. At this time, these files are > ONLY for testing purposes and are NOT considered release from the > Apache Software Foundation. > > http://people.apache.org/~snoopdave/apache-roller-5.0.1-RC1/ > > This release is exactly the same as the Roller 5.0 release except that > it contains these three security related fixes: > > Option to HTML sanitize weblog content > https://issues.apache.org/jira/browse/ROL-1943 > > Salt values in all HTML forms > https://issues.apache.org/jira/browse/ROL-1944 > > Moving to new versions of Struts and Spring security > http://svn.apache.org/viewvc?view=revision&revision=1231565 > > It is important to get this release out as soon as possible, so please > take a look at the release if / when you have a chance. Because the > changes are limited and this new release is now successfully running > in production at blogs.apache.org, I don't think we need extensive > testing. We do need to do some sanity checks. > > Here are some things you can do to help test, in order of difficulty: > - Verify that the files can be unpackaged successfully > - Verify that the signatures are valid > - Verify that the source release builds > - Attempt to install and run the Tomcat build > - Attempt to install and run the Java EE build on Glassfish > > Thanks, > - Dave > > > -- > Dave M. Johnson > Apache Roller PMC Chair > http://rollerweblogger.org/roller
