+1 (binding) from me!
> On Oct 7, 2024, at 3:22 AM, Greg Huber <gregh3...@gmail.com> wrote: > > Looks good. > > [x] +1 Release this package as Apache Roller 6.1.4 > > Observations > Blogroll page. Switch to blogroll dropdown dialog and Add blogroll dialog > get a 500 when saving, but it still creates the entries OK. > > Cheers Greg > > On 06/10/2024 22:09, Dave Johnson wrote: >> Dear Apache Roller Community, >> >> I am pleased to call for a vote on the release of Apache Roller 6.1.4 (RC2). >> This release includes several important updates and improvements, including >> enhanced security measures, dependency updates, and various code >> enhancements (change notes below). The release candidate files can be found >> at the following location: >> >> https://dist.apache.org/repos/dist/dev/roller/roller-6.1/v6.1.4/ >> >> Please review the release candidate and cast your vote: >> >> [ ] +1 Release this package as Apache Roller 6.1.4 >> [ ] 0 No opinion >> [ ] -1 Do not release this package because... >> >> The vote will be open for at least 72 hours. Please take the time to review >> the release candidate and provide your feedback. >> >> Thank you for your time and contributions to the Apache Roller project. >> >> Best regards, >> Dave >> >> >> Changes since RC1: >> * One-time salt values >> * Comprehensive tests for salt filters >> * Web analytics disabled when weblogAdminsUntrusted=true >> >> >> Key Changes in Apache Roller 6.1.4 >> >> Dependency Updates: >> * Upgraded several key libraries to their latest versions, ensuring improved >> security and stability. >> >> Code Enhancements: >> * Enhanced salt handling (user specific one-time-salts) and validation >> mechanisms. >> * Improved security settings and default configurations. >> * By default weblogAdminsUntrusted is not set to true. >> * Default settings now disable file uploads and custom themes. >> * Updated tests and documentation to ensure compatibility with new >> configurations. >> >> Detailed Change List for Apache Roller 6.1.4 >> >> Dependency Updates >> >> app/pom.xml: >> - asm.version: 9.6 -> 9.7 >> - commons-validator.version: 1.8.0 -> 1.9.0 >> - commons-codec.version: 1.16.0 -> 1.17.1 >> - commons-text.version: 1.11.0 -> 1.12.0 >> - commons-lang3.version: 3.14.0 -> 3.16.0 >> - eclipse-link.version: 4.0.2 -> 4.0.4 >> - log4j2.version: 2.22.1 -> 2.23.1 >> - lucene.version: 9.9.1 -> 9.11.1 >> - maven-surefire.version: 3.2.5 -> 3.5.0 >> - slf4j.version: 2.0.11 -> 2.0.16 >> - spring.version: 5.3.31 -> 5.3.39 >> - spring.security.version: 5.8.8 -> 5.8.14 >> - jquery-ui: 1.13.2 -> 1.13.3 >> - jquery-validation: 1.19.5 -> 1.20.0 >> - mockito-core: 5.9.0 -> 5.12.0 >> - instancio-junit: 4.0.0 -> 5.0.1 >> - selenium-java: 4.17.0 -> 4.23.1 >> - selenium-firefox-driver: 4.17.0 -> 4.23.1 >> - maven-failsafe-plugin: 3.2.5 -> 3.5.0 >> >> pom.xml: >> - jetty.plugin.version: 10.0.19 -> 10.0.23 >> - maven-compiler-plugin: 3.12.1 -> 3.13.0 >> - versions-maven-plugin: 2.16.2 -> 2.17.1 >> - junit-jupiter-engine: 5.10.1 -> 5.11.0 >> >> Code Changes >> >> - ValidateSaltFilter.java: Added RollerSession and modified salt validation >> to check against userId. >> - SaltCache.java: Changed get method return type to String and modified put >> method to accept String. >> - roller.properties: Added weblogAdminsUntrusted=true. >> - runtimeConfigDefs.xml: Changed default values of uploads.enabled and >> themes.customtheme.allowed to false. >> - MediaFileTest.java: Enabled media uploads for the test. >> - SQLScriptRunnerTest.java: Replaced assertTrue with assertEquals for >> command count check. >> - roller-install-guide.adoc: Updated security recommendations and safer >> defaults section. >> - roller-template-guide.adoc: Updated note about theme customization being >> disabled by default.theme customization being disabled by default.
