We announced a CVE and a fix for it about a month ago, but I did not notify all of the places until yesterday.
CVE announcement https://lists.apache.org/thread.html/94a36ed9c6241558b1c6181d8dd4ff263be7903abd1d20067d4330d5@%3Cdev.roller.apache.org%3E Fix: upgrade to Roller 5.2.2 or disable the XMLRPC servlet https://lists.apache.org/thread.html/86655a8a1df1a2e184ba7a973fbb2f6ac873775e411daf2d74eb6bb2@%3Cdev.roller.apache.org%3E Dave On Sun, Feb 17, 2019 at 4:01 PM Jason Pyeron <jpye...@pdinc.us> wrote: > Context? Is the patch completed? Is there a fix planned? > > v/r, > > Jason Pyeron > > > -----Original Message----- > > From: CVE Request <cve-requ...@mitre.org> > > Sent: Saturday, February 16, 2019 9:27 AM > > To: u...@roller.apache.org > > Subject: CVE Request 642986 for Publication Request > > > > Thank you for your submission. It will be reviewed by a CVE Assignment > Team member. > > > > > > Changes, additions, or updates to your request can be sent to the CVE > Team by replying directly to > > this email. > > > > Please do not change the subject line, which allows us to effectively > track your request. > > > > CVE Assignment Team > > M/S M300, 202 Burlington Road, Bedford, MA 01730 USA > > [A PGP key is available for encrypted communications at > > http://cve.mitre.org/cve/request_id.html] > > > > {CMI: MCID2788259} > >
