Dear Apache Roller Community, We are pleased to announce that Apache Roller 6.1.4 is now available for download. This release includes several updates and improvements to enhance the security, stability, and functionality of your Roller installations.
Download the latest release from: https://www.apache.org/dyn/closer.cgi/roller/roller-6.1/v6.1.4 Key Changes in Apache Roller 6.1.4: 1. Safer Defaults: - HTML content sanitization: Roller now sanitizes all HTML content by default to prevent malicious content. This is controlled by the "weblogAdminsUntrusted=true" property in your roller-custom.properties file. - Custom themes and file uploads are disabled by default. You can enable these features via the Server Admin page if you trust your users, as they can pose security risks. - Improved CSRF and XSS protection using user-specific and one-time-use salts. 2. Dependency Updates: - Over 20 mostly minor dependency updates, including updates to Spring, Eclipse-Link JPA, Log4j, Lucene, and more. 3. Bug Fixes: - Fixed several bugs that impacted category creation, updating, and deletion. We encourage all users to upgrade to this latest version to benefit from these improvements. As always, we appreciate your feedback and contributions to the Apache Roller project. Thank you for your continued support. Best regards, The Apache Roller Team
