New release: Apache Roller 5.0.2 is now available on Apache mirrors world-wide and you can find it here:
http://roller.apache.org/downloads/downloads.html This release fixes two security vulnerabilities in Roller, listed below: CVE-2013-4171 Apache Roller RSS/Atom Feed templates contain XSS vulnerabilities CVE-2013-4212 Apache Roller contains remote code execution vulnerabilities Because the above are serious security vulnerabilities, we recommend that all sites running Apache Roller upgrade to this new release as soon as possible. Thanks, Dave -- Dave M. Johnson Apache Roller PMC Chair http://rollerweblogger.org/roller
