Re: [VOTE] Release Apache Roller 6.1.5

Thu, 20 Feb 2025 03:38:37 -0800 

Dave,

Just a quick bash around.

##
Upgrading the database did not go as usual, there was a 500/ Security Violation message at the end, although it seems to have upgraded ok.  See logs at end. 

####

Media file upload : Security Violation:

http://localhost:8080/roller/roller-ui/authoring/mediaFileAdd!save.rol

Status Code     500
Message         Security Violation
Type    
Exception       Roller has encountered and logged an unexpected exception.

Cancel button does the same: Security Violation.

####

Comment page:

http://localhost:8080/roller/roller-ui/authoring/comments.rol?weblog=testuser
The edit comment body "save" button only works once,  ie subsequent updates the save button is disabled. 

--

http://localhost:8080/roller/roller-ui/authoring/comments!query.rol
After a "save" (update) of the comment body, the filter button gives : 500/Security Violation.  Although before the save it works ok. 

####

favicon.ico is missing.  See tiles jsp pages

GET
http://localhost:8080/roller/favicon.ico
[HTTP/1.1 404  2ms]

####

Cheers

roller.log
WARN  2025-02-20 10:56:42 [http-nio-8080-exec-6] StrutsLocalizedTextProvider - Trying to find text with null key! INFO  2025-02-20 10:56:42 [http-nio-8080-exec-9] SaltCache - {size=5000, id=cache.salt, timeout=3600, enabled=true} WARN  2025-02-20 10:56:42 [http-nio-8080-exec-1] StrutsLocalizedTextProvider - Trying to find text with null key! WARN  2025-02-20 10:56:51 [http-nio-8080-exec-3] StrutsLocalizedTextProvider - Trying to find text with null key! INFO  2025-02-20 10:56:53 [http-nio-8080-exec-5] DatabaseInstaller - Database version = 614 INFO  2025-02-20 10:56:53 [http-nio-8080-exec-5] DatabaseInstaller - Desired version = 615 INFO  2025-02-20 10:56:53 [http-nio-8080-exec-5] DatabaseInstaller - Database is old, beginning upgrade to version 615 WARN  2025-02-20 10:56:53 [http-nio-8080-exec-5] StrutsLocalizedTextProvider - Trying to find text with null key! WARN  2025-02-20 10:57:05 [http-nio-8080-exec-4] StrutsLocalizedTextProvider - Trying to find text with null key! WARN  2025-02-20 10:57:05 [http-nio-8080-exec-4] SecurityMemberAccess - Declaring class of member type [public final native java.lang.Class java.lang.Object.getClass()] is excluded! WARN  2025-02-20 10:58:03 [http-nio-8080-exec-2] StrutsLocalizedTextProvider - Trying to find text with null key! WARN  2025-02-20 10:58:03 [http-nio-8080-exec-2] SecurityMemberAccess - Declaring class of member type [public final native java.lang.Class java.lang.Object.getClass()] is excluded! WARN  2025-02-20 10:58:07 [http-nio-8080-exec-1] StrutsLocalizedTextProvider - Trying to find text with null key! WARN  2025-02-20 10:58:07 [http-nio-8080-exec-1] SecurityMemberAccess - Declaring class of member type [public final native java.lang.Class java.lang.Object.getClass()] is excluded! WARN  2025-02-20 10:58:08 [http-nio-8080-exec-6] StrutsLocalizedTextProvider - Trying to find text with null key! WARN  2025-02-20 10:58:08 [http-nio-8080-exec-6] SecurityMemberAccess - Declaring class of member type [public final native java.lang.Class java.lang.Object.getClass()] is excluded! 

tomcat console
INFO  2025-02-20 10:56:24 [http-nio-8080-exec-3] [/roller] - Initializing Spring root WebApplicationContext INFO  2025-02-20 10:56:28 [http-nio-8080-exec-3] HostConfig - Deployment of web application archive [/opt/apache-tomcat/apache-tomcat-roller-9.0.73/webapps/roller.war] has finished in [7,194] ms INFO  2025-02-20 10:56:28 [http-nio-8080-exec-3] 82] - HTMLManager: list: Listing contexts for virtual host 'localhost' ERROR 2025-02-20 10:56:45 [http-nio-8080-exec-8] [default] - Servlet.service() for servlet [default] in context with path [/roller] threw exception [Security Violation] with root cause 
javax.servlet.ServletException: Security Violation
    at org.apache.roller.weblogger.ui.core.filters.ValidateSaltFilter.doFilter(ValidateSaltFilter.java:71) ~[classes/:?]     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[catalina.jar:9.0.73]     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[catalina.jar:9.0.73]     at org.apache.roller.weblogger.ui.core.filters.LoadSaltFilter.doFilter(LoadSaltFilter.java:49) ~[classes/:?]     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[catalina.jar:9.0.73]     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[catalina.jar:9.0.73]     at org.apache.roller.weblogger.ui.core.filters.InitFilter.doFilter(InitFilter.java:82) ~[classes/:?]     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[catalina.jar:9.0.73]     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[catalina.jar:9.0.73]     at org.apache.roller.weblogger.ui.core.filters.PersistenceSessionFilter.doFilter(PersistenceSessionFilter.java:59) ~[classes/:?]     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[catalina.jar:9.0.73]     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[catalina.jar:9.0.73]     at org.apache.roller.weblogger.ui.core.filters.BootstrapFilter.doFilter(BootstrapFilter.java:68) ~[classes/:?]     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[catalina.jar:9.0.73]     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[catalina.jar:9.0.73]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:352) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:117) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:131) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:85) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:145) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:101) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:164) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.39.jar:5.3.39]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.39.jar:5.3.39]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:117) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.39.jar:5.3.39]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354) ~[spring-web-5.3.39.jar:5.3.39]     at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267) ~[spring-web-5.3.39.jar:5.3.39]     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[catalina.jar:9.0.73]     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[catalina.jar:9.0.73]     at org.apache.roller.weblogger.ui.core.filters.SpringFirewallExceptionFilter.doFilter(SpringFirewallExceptionFilter.java:51) ~[classes/:?]     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[catalina.jar:9.0.73]     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[catalina.jar:9.0.73]     at org.apache.roller.weblogger.ui.core.filters.CharEncodingFilter.doFilter(CharEncodingFilter.java:86) ~[classes/:?]     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[catalina.jar:9.0.73]     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[catalina.jar:9.0.73]     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) [catalina.jar:9.0.73]     at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) [catalina.jar:9.0.73]     at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:492) [catalina.jar:9.0.73]     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130) [catalina.jar:9.0.73]     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) [catalina.jar:9.0.73]     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [catalina.jar:9.0.73]     at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [catalina.jar:9.0.73]     at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:389) [tomcat-coyote.jar:9.0.73]     at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) [tomcat-coyote.jar:9.0.73]     at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:926) [tomcat-coyote.jar:9.0.73]     at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1791) [tomcat-coyote.jar:9.0.73]     at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-coyote.jar:9.0.73]     at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) [tomcat-util.jar:9.0.73]     at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) [tomcat-util.jar:9.0.73]     at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:9.0.73] 
    at java.base/java.lang.Thread.run(Thread.java:840) [?:?]
ERROR 2025-02-20 10:57:13 [http-nio-8080-exec-9] [default] - Servlet.service() for servlet [default] in context with path [/roller] threw exception [Security Violation] with root cause 
javax.servlet.ServletException: Security Violation
    at org.apache.roller.weblogger.ui.core.filters.ValidateSaltFilter.doFilter(ValidateSaltFilter.java:71) ~[classes/:?]     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[catalina.jar:9.0.73]     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[catalina.jar:9.0.73]     at org.apache.roller.weblogger.ui.core.filters.LoadSaltFilter.doFilter(LoadSaltFilter.java:49) ~[classes/:?]     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[catalina.jar:9.0.73]     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[catalina.jar:9.0.73]     at org.apache.roller.weblogger.ui.core.filters.InitFilter.doFilter(InitFilter.java:82) ~[classes/:?]     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[catalina.jar:9.0.73]     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[catalina.jar:9.0.73]     at org.apache.roller.weblogger.ui.core.filters.PersistenceSessionFilter.doFilter(PersistenceSessionFilter.java:59) ~[classes/:?]     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[catalina.jar:9.0.73]     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[catalina.jar:9.0.73]     at org.apache.roller.weblogger.ui.core.filters.BootstrapFilter.doFilter(BootstrapFilter.java:68) ~[classes/:?]     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[catalina.jar:9.0.73]     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[catalina.jar:9.0.73]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:352) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:117) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:126) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:120) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:131) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:85) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:100) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:145) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:101) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:164) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.39.jar:5.3.39]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.39.jar:5.3.39]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:117) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117) ~[spring-web-5.3.39.jar:5.3.39]     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:361) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:225) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:190) ~[spring-security-web-5.8.14.jar:5.8.14]     at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354) ~[spring-web-5.3.39.jar:5.3.39]     at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267) ~[spring-web-5.3.39.jar:5.3.39]     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[catalina.jar:9.0.73]     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[catalina.jar:9.0.73]     at org.apache.roller.weblogger.ui.core.filters.SpringFirewallExceptionFilter.doFilter(SpringFirewallExceptionFilter.java:51) ~[classes/:?]     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[catalina.jar:9.0.73]     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[catalina.jar:9.0.73]     at org.apache.roller.weblogger.ui.core.filters.CharEncodingFilter.doFilter(CharEncodingFilter.java:86) ~[classes/:?]     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178) ~[catalina.jar:9.0.73]     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153) ~[catalina.jar:9.0.73]     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167) [catalina.jar:9.0.73]     at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) [catalina.jar:9.0.73]     at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:492) [catalina.jar:9.0.73]     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130) [catalina.jar:9.0.73]     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) [catalina.jar:9.0.73]     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) [catalina.jar:9.0.73]     at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [catalina.jar:9.0.73]     at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:389) [tomcat-coyote.jar:9.0.73]     at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) [tomcat-coyote.jar:9.0.73]     at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:926) [tomcat-coyote.jar:9.0.73]     at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1791) [tomcat-coyote.jar:9.0.73]     at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-coyote.jar:9.0.73]     at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) [tomcat-util.jar:9.0.73]     at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) [tomcat-util.jar:9.0.73]     at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:9.0.73] 
    at java.base/java.lang.Thread.run(Thread.java:840) [?:?]

On 19/02/2025 23:44, Dave wrote:

Dear Apache Roller Community,

I am pleased to call for a vote on the release of Apache Roller 6.1.5-RC1.
This release includes significant improvements to session management,
security enhancements, and important dependency updates. The release
candidate files can be found at:

https://dist.apache.org/repos/dist/dev/roller/roller-6.1/v6.1.5/

Please review the release candidate and cast your vote:

[ ] +1 Release this package as Apache Roller 6.1.5
[ ] 0 No opinion
[ ] -1 Do not release this package because...

The vote will be open for at least 72 hours.

## Key Changes in Apache Roller 6.1.5

### Security & Session Management
* New RollerLoginSessionManager implementation for improved session tracking
* Enhanced session invalidation for disabled users and password changes
* Improved cache handling for user sessions

### Dependency Updates
* Added Java 23 support to test matrix
* Log4j2 updated to 2.24.3
* Lucene updated to 9.12.1
* Spring Security updated to 5.8.14
* Ant updated to 1.10.15
* Commons libraries refreshed to latest versions
* jQuery UI updated to 1.14.1

### UI Improvements
* New SVG favicons for better visual scaling across devices
* Updated web interface components

### Testing Enhancements
* New comprehensive test suite for session management
* Enhanced Selenium test compatibility
* Additional unit test coverage

## Complete Dependency Updates
* ASM 9.7 → 9.7.1
* Commons Codec 1.17.1 → 1.18.0
* Commons Text 1.12.0 → 1.13.0
* Commons Lang3 3.16.0 → 3.17.0
* Eclipse Link 4.0.4 → 4.0.5
* Mockito 5.12.0 → 5.15.2
* Instancio 5.0.1 → 5.3.0
* Velocity 2.3 → 2.4.1

Thank you for your time and contributions to the Apache Roller project.

Best regards,
Dave Johnson

Reply via email to