Hello Everyone,
Just a heads up in case you are building and running apache roller from
master, please rebuild your instance with the latest changes.
It contains an important dependency update
(https://github.com/apache/roller/pull/106) for log4j 2 which suffered
from a RCE security vulnerability, which was fixed in the latest version.
Apache Roller 6.0.2 (latest release) should not be affected by this
particular vulnerability since it still uses the old log4j 1 library.
best regards,
michael
- heads up when running roller from master branch Michael Bien
-