Dear Apache Roller Community, I am pleased to call for a vote on the release of Apache Roller 6.1.5-RC2 (and cancel the previous vote). This release includes significant improvements to session management, security enhancements, and important dependency updates.
This new RC fixes a problem in the ValidateSaltFilter for the file-upload multu-part form case where the salt is sent as a request attribute instead of a parameter. It also replaces all references to the old favicon.ico with the new favicon.svg. The release candidate files can be found at: https://dist.apache.org/repos/dist/dev/roller/roller-6.1/v6.1.5/ Please review the release candidate and cast your vote: [ ] +1 Release this package as Apache Roller 6.1.5 [ ] 0 No opinion [ ] -1 Do not release this package because... The vote will be open for at least 72 hours. ## Key Changes in Apache Roller 6.1.5 ### Security & Session Management * New RollerLoginSessionManager implementation for improved session tracking * Enhanced session invalidation for disabled users and password changes * Improved cache handling for user sessions ### Dependency Updates * Added Java 23 support to test matrix * Log4j2 updated to 2.24.3 * Lucene updated to 9.12.1 * Spring Security updated to 5.8.14 * Ant updated to 1.10.15 * Commons libraries refreshed to latest versions * jQuery UI updated to 1.14.1 ### UI Improvements * New SVG favicons for better visual scaling across devices * Updated web interface components ### Testing Enhancements * New comprehensive test suite for session management * Enhanced Selenium test compatibility * Additional unit test coverage ## Complete Dependency Updates * ASM 9.7 → 9.7.1 * Commons Codec 1.17.1 → 1.18.0 * Commons Text 1.12.0 → 1.13.0 * Commons Lang3 3.16.0 → 3.17.0 * Eclipse Link 4.0.4 → 4.0.5 * Mockito 5.12.0 → 5.15.2 * Instancio 5.0.1 → 5.3.0 * Velocity 2.3 → 2.4.1 Thank you for your time and contributions to the Apache Roller project. Best regards, Dave Johnson
