The database upgrade completed normally. App seems to work OK.
Observations: The edit category page/logic could do with some more testing as it seems to go wrong after deleting a category. ie try editing/saving an entry after deleting one. https://struts.apache.org/struts25-eol-announcement [x] +1 Release this package as Apache Roller 6.1.4 Cheers Greg On 27/09/2024 23:00, Dave wrote:
Dear Apache Roller Community, I am pleased to call for a vote on the release of Apache Roller 6.1.4 (RC1). This release includes several important updates and improvements, including enhanced security measures, dependency updates, and various code enhancements (change notes below). The release candidate files can be found at the following location: https://dist.apache.org/repos/dist/dev/roller/roller-6.1/v6.1.4/ Please review the release candidate and cast your vote: [ ] +1 Release this package as Apache Roller 6.1.4 [ ] 0 No opinion [ ] -1 Do not release this package because... The vote will be open for at least 72 hours. Please take the time to review the release candidate and provide your feedback. Thank you for your time and contributions to the Apache Roller project. Best regards, Dave Key Changes in Apache Roller 6.1.4 Dependency Updates: * Upgraded several key libraries to their latest versions, ensuring improved security and stability. Code Enhancements: * Enhanced salt handling and validation mechanisms. * Improved security settings and default configurations. * Introduced weblogAdminsUntrusted=true property. * Adjusted default settings to disable file uploads and custom themes by default. * Updated tests and documentation to ensure compatibility with new configurations. ## Detailed change List for Apache Roller 6.1.4 ### Dependency Updates #### app/pom.xml - asm.version: 9.6 -> 9.7 - commons-validator.version: 1.8.0 -> 1.9.0 - commons-codec.version: 1.16.0 -> 1.17.1 - commons-text.version: 1.11.0 -> 1.12.0 - commons-lang3.version: 3.14.0 -> 3.16.0 - eclipse-link.version: 4.0.2 -> 4.0.4 - log4j2.version: 2.22.1 -> 2.23.1 - lucene.version: 9.9.1 -> 9.11.1 - maven-surefire.version: 3.2.5 -> 3.5.0 - slf4j.version: 2.0.11 -> 2.0.16 - spring.version: 5.3.31 -> 5.3.39 - spring.security.version: 5.8.8 -> 5.8.14 - jquery-ui: 1.13.2 -> 1.13.3 - jquery-validation: 1.19.5 -> 1.20.0 - mockito-core: 5.9.0 -> 5.12.0 - instancio-junit: 4.0.0 -> 5.0.1 - selenium-java: 4.17.0 -> 4.23.1 - selenium-firefox-driver: 4.17.0 -> 4.23.1 - maven-failsafe-plugin: 3.2.5 -> 3.5.0 #### pom.xml - jetty.plugin.version: 10.0.19 -> 10.0.23 - maven-compiler-plugin: 3.12.1 -> 3.13.0 - versions-maven-plugin: 2.16.2 -> 2.17.1 - junit-jupiter-engine: 5.10.1 -> 5.11.0 ### Code Changes - **LoadSaltFilter.java**: Added RollerSession to retrieve userId and pass to SaltCache. - **ValidateSaltFilter.java**: Added RollerSession and modified salt validation to check against userId. - **SaltCache.java**: Changed get method return type to String and modified put method to accept String. - **roller.properties**: Added weblogAdminsUntrusted=true. - **runtimeConfigDefs.xml**: Changed default values of uploads.enabled and themes.customtheme.allowed to false. - **MediaFileTest.java**: Enabled media uploads for the test. - **SQLScriptRunnerTest.java**: Replaced assertTrue with assertEquals for command count check. - **roller-install-guide.adoc**: Updated security recommendations and safer defaults section. - **roller-template-guide.adoc**: Updated note about theme customization being disabled by default.roller-template-guide.adoc: Updated note about theme customization being disabled by default.
