Hello Roller users,
you probably heard of "spring shell"* by now.
if you don't want to wait for a roller update release, building roller
yourself is really easy.
follow first two steps described here:
https://github.com/apache/roller#quick-start-running-via-maven
The master branch already contains the spring dependency updates which
include the fixes for the (known) vulnerabilities.
We updated a lot of code over the last ~two years, this allows making
those dependency updates quickly without having to change anything code
wise - the apache release process still takes time though - building
roller yourself takes 5-10 minutes.
best regards,
michael
* https://security.snyk.io/vuln/SNYK-JAVA-ORGSPRINGFRAMEWORK-2436751
** https://github.com/apache/roller/pull/115