I've prepared a first Release Candidate (RC) for Apache Roller 5.0.1 and you can find it at the link below. At this time, these files are ONLY for testing purposes and are NOT considered release from the Apache Software Foundation.
http://people.apache.org/~snoopdave/apache-roller-5.0.1-RC1/ This release is exactly the same as the Roller 5.0 release except that it contains these three security related fixes: Option to HTML sanitize weblog content https://issues.apache.org/jira/browse/ROL-1943 Salt values in all HTML forms https://issues.apache.org/jira/browse/ROL-1944 Moving to new versions of Struts and Spring security http://svn.apache.org/viewvc?view=revision&revision=1231565 It is important to get this release out as soon as possible, so please take a look at the release if / when you have a chance. Because the changes are limited and this new release is now successfully running in production at blogs.apache.org, I don't think we need extensive testing. We do need to do some sanity checks. Here are some things you can do to help test, in order of difficulty: - Verify that the files can be unpackaged successfully - Verify that the signatures are valid - Verify that the source release builds - Attempt to install and run the Tomcat build - Attempt to install and run the Java EE build on Glassfish Thanks, - Dave -- Dave M. Johnson Apache Roller PMC Chair http://rollerweblogger.org/roller
