Totally forgot that I already announced the release, sorry folks. Roller 6.1.4 the release that is so nice you have to announce it twice!
On Thu, Oct 10, 2024 at 5:43 PM Dave Johnson <snoopd...@gmail.com> wrote: > Dear Apache Roller Community, > > We are pleased to announce that Apache Roller 6.1.4 is now available for > download. This release includes several updates and improvements to enhance > the security, stability, and functionality of your Roller installations. > > Download the latest release from: > https://www.apache.org/dyn/closer.cgi/roller/roller-6.1/v6.1.4 > > Key Changes in Apache Roller 6.1.4: > > 1. Safer Defaults: > - HTML content sanitization: Roller now sanitizes all HTML content by > default to prevent malicious content. This is controlled by the > "weblogAdminsUntrusted=true" property in your roller-custom.properties file. > - Custom themes and file uploads are disabled by default. You can enable > these features via the Server Admin page if you trust your users, as they > can pose security risks. > - Improved CSRF and XSS protection using user-specific and one-time-use > salts. > > 2. Dependency Updates: > - Over 20 mostly minor dependency updates, including updates to Spring, > Eclipse-Link JPA, Log4j, Lucene, and more. > > 3. Bug Fixes: > - Fixed several bugs that impacted category creation, updating, and > deletion. > > We encourage all users to upgrade to this latest version to benefit from > these improvements. As always, we appreciate your feedback and > contributions to the Apache Roller project. > > Thank you for your continued support. > > Best regards, > The Apache Roller Team > > >
