New release: Apache Roller 5.0.1 is now available on Apache mirrors world-wide and you can find it here:
http://roller.apache.org/downloads.html This release fixes two security vulnerabilities in Roller, listed below: CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability Because the above are serious security vulnerabilities, we recommend that all sites running Apache Roller upgrade to this new release as soon as possible. Thanks, Dave -- Dave M. Johnson Apache Roller PMC Chair http://rollerweblogger.org/roller
