Hi I'm still running a site running Roller 2.3.1 My customer seems to have found an issue whereby the search form on the blog page seems vulnerable to XSS attack :-(
Just a few questions - 1 - Is this a known issue ? 2 - Can I do anything about it ? I wrote a Tomcat Valve to strip out characters for another webapp but would this mess up Roller functionality ? 3 - Would migration to v3 or v4 fix the exploitation ? thanks Tim
