You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@roller.apache.org by Dave <sn...@gmail.com> on 2014/01/11 23:12:17 UTC
Apache Roller 5.0.3 available & upgrade recommended for all Roller sites
New release: Apache Roller 5.0.3 is now available on Apache mirrors
world-wide and you can find it here:
http://roller.apache.org/downloads/downloads.html
This release fixes a security vulnerability in Roller, listed below:
CVE-2014-0030 Apache Roller XML-RPC susceptible to XML Entended Entity
attacks
Because of the above security vulnerability, we recommend that all sites
running
Apache Roller upgrade to this new release as soon as possible.
Thanks,
The Apache Roller team
Re: Blog updates needed... (Was Re: Apache Roller 5.0.3 available
& upgrade recommended for all Roller sites)
Posted by Glen Mazza <gl...@gmail.com>.
(Hmm...just noticed we have a lady boxer using Roller:
http://www.kaliesha.com/konakart/.)
Access requested off-line. JSPWiki doesn't have a blog but shares its
Twitter account password on the JSPWiki private list so any PMC member
who wants to tweet (presently just me) can do so.
For simplicity, I think continuing with rollerweblogger.org as the team
blog is fine, so long as any PMC member (at least) requesting an account
can have one. Otherwise, we can rename "Project Blog" to "Dave's
[Roller] Blog" on the Roller home page, giving you complete ownership of
it and you can update or not update it to your heart's content, and
potentially create a separate "Roller Blog" tied to Apache blogs for any
committer or PMC member to write to.
Regards,
Glen
On 01/11/2014 07:28 PM, Dave wrote:
> Thanks for those suggestions, Glen. For now, I'd prefer to keep on hosting
> the project blog at rollerweblogger.org and because blogs.apache.org does
> not allow custom themes and because, sadly, I'm not sure the infrastructure
> team will stick with Roller.
>
> I would be happy to make any Roller contributor an editor or admin of the
> Roller blog (and of the apache_roller Twitter account). Let me know
> off-list if you want me to set you up with an account and/or give you the
> password for the Twitter account.
>
> - Dave
>
>
>
> On Sat, Jan 11, 2014 at 7:09 PM, Glen Mazza <gl...@gmail.com> wrote:
>
>> Hi Dave, thanks for taking care of the below. Note for your Roller blog,
>> the left side menu has "Latest docs/documentation" listed twice and perhaps
>> it would be good to add a link to Roller's twitter feed. Also, in the blog
>> footer, it would be nice to remove the dead links and update the copyright
>> year. Finally, you may wish to take out the "Planet" and "About" tabs
>> until they are working again--the formatting is missing on those pages
>> (there's not much information on them anyway that we don't have elsewhere).
>>
>> Whether or not you update your blog would not normally be anyone's
>> business, but it's listed on the Roller home page as the official project
>> blog so periodic pestering is fair game IMO. :) But if you're really
>> running out of time to maintain the blog, the project can also switch to a
>> blogs.apache.org account so anyone on the team can take care of its
>> maintenance.
>>
>> Regards,
>> Glen
>>
>> On 01/11/2014 05:12 PM, Dave wrote:
>>
>>> New release: Apache Roller 5.0.3 is now available on Apache mirrors
>>> world-wide and you can find it here:
>>>
>>> http://roller.apache.org/downloads/downloads.html
>>>
>>> This release fixes a security vulnerability in Roller, listed below:
>>> CVE-2014-0030 Apache Roller XML-RPC susceptible to XML Entended Entity
>>> attacks
>>>
>>> Because of the above security vulnerability, we recommend that all sites
>>> running
>>> Apache Roller upgrade to this new release as soon as possible.
>>>
>>> Thanks,
>>> The Apache Roller team
>>>
>>>
Re: Blog updates needed... (Was Re: Apache Roller 5.0.3 available &
upgrade recommended for all Roller sites)
Posted by Dave <sn...@gmail.com>.
Thanks for those suggestions, Glen. For now, I'd prefer to keep on hosting
the project blog at rollerweblogger.org and because blogs.apache.org does
not allow custom themes and because, sadly, I'm not sure the infrastructure
team will stick with Roller.
I would be happy to make any Roller contributor an editor or admin of the
Roller blog (and of the apache_roller Twitter account). Let me know
off-list if you want me to set you up with an account and/or give you the
password for the Twitter account.
- Dave
On Sat, Jan 11, 2014 at 7:09 PM, Glen Mazza <gl...@gmail.com> wrote:
> Hi Dave, thanks for taking care of the below. Note for your Roller blog,
> the left side menu has "Latest docs/documentation" listed twice and perhaps
> it would be good to add a link to Roller's twitter feed. Also, in the blog
> footer, it would be nice to remove the dead links and update the copyright
> year. Finally, you may wish to take out the "Planet" and "About" tabs
> until they are working again--the formatting is missing on those pages
> (there's not much information on them anyway that we don't have elsewhere).
>
> Whether or not you update your blog would not normally be anyone's
> business, but it's listed on the Roller home page as the official project
> blog so periodic pestering is fair game IMO. :) But if you're really
> running out of time to maintain the blog, the project can also switch to a
> blogs.apache.org account so anyone on the team can take care of its
> maintenance.
>
> Regards,
> Glen
>
> On 01/11/2014 05:12 PM, Dave wrote:
>
>> New release: Apache Roller 5.0.3 is now available on Apache mirrors
>> world-wide and you can find it here:
>>
>> http://roller.apache.org/downloads/downloads.html
>>
>> This release fixes a security vulnerability in Roller, listed below:
>> CVE-2014-0030 Apache Roller XML-RPC susceptible to XML Entended Entity
>> attacks
>>
>> Because of the above security vulnerability, we recommend that all sites
>> running
>> Apache Roller upgrade to this new release as soon as possible.
>>
>> Thanks,
>> The Apache Roller team
>>
>>
>
Blog updates needed... (Was Re: Apache Roller 5.0.3 available &
upgrade recommended for all Roller sites)
Posted by Glen Mazza <gl...@gmail.com>.
Hi Dave, thanks for taking care of the below. Note for your Roller
blog, the left side menu has "Latest docs/documentation" listed twice
and perhaps it would be good to add a link to Roller's twitter feed.
Also, in the blog footer, it would be nice to remove the dead links and
update the copyright year. Finally, you may wish to take out the
"Planet" and "About" tabs until they are working again--the formatting
is missing on those pages (there's not much information on them anyway
that we don't have elsewhere).
Whether or not you update your blog would not normally be anyone's
business, but it's listed on the Roller home page as the official
project blog so periodic pestering is fair game IMO. :) But if you're
really running out of time to maintain the blog, the project can also
switch to a blogs.apache.org account so anyone on the team can take care
of its maintenance.
Regards,
Glen
On 01/11/2014 05:12 PM, Dave wrote:
> New release: Apache Roller 5.0.3 is now available on Apache mirrors
> world-wide and you can find it here:
>
> http://roller.apache.org/downloads/downloads.html
>
> This release fixes a security vulnerability in Roller, listed below:
> CVE-2014-0030 Apache Roller XML-RPC susceptible to XML Entended Entity
> attacks
>
> Because of the above security vulnerability, we recommend that all sites
> running
> Apache Roller upgrade to this new release as soon as possible.
>
> Thanks,
> The Apache Roller team
>