Severity: important Vendor: The Apache Software Foundation
Versions Affected: Roller 4.0.0 and 4.0.1 Roller 5.0, 5.0.1 and 5.0.2 The unsupported Roller 3.1 release is also affected Description: Roller's XML-RPC protocol support was susceptible to XML Extended Entity based attacks. This vulnerability exists even if XML-RPC is disabled via the Roller Admin Console. Mitigation Roller 4.0 and 4.0.1 users should upgrade to Roller 5.0.3 Roller 5.0, 5.0.1 and 5.0.2 users should upgrade to Roller 5.0.3 Roller 3.1 users should upgrade to Roller 5.0.3 Credit: Adam Baldwin
