This release includes several updates and improvements to enhance the security, stability, and functionality of your Roller installations.
Release files are now available on Apache mirrors: https://www.apache.org/dyn/closer.cgi/roller/roller-6.1/v6.1.4 ## Key Changes in Apache Roller 6.1.4 ### Safer defaults As of Roller 6.1.4, several default settings have been updated to enhance security for multi-user weblog sites: HTML content sanitization: Roller now sanitizes all HTML content by default to prevent malicious content. This is controlled by the weblogAdminsUntrusted=true property in your roller-custom.properties file. Custom themes and file-uploads disabled by default. You can enable this feature via the Server Admin page if you trust your users, as these features can pose security risks. Better CSRF and XSS protection by user-specific and one-time-use salts. ### Dependency updates Over 20 mostly minor dependency updates including Spring, Eclipse-Link JPA, Log4j, Lucene, and more. ### Bug fixes Fixed some bugs that impacted category create, update and delete
