You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@roller.apache.org by Dave <sn...@gmail.com> on 2012/06/24 19:03:19 UTC
Apache Roller 5.0.1 available & upgrade recommended for all Roller sites
New release: Apache Roller 5.0.1 is now available on Apache mirrors
world-wide and you can find it here:
http://roller.apache.org/downloads.html
This release fixes two security vulnerabilities in Roller, listed below:
CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability
CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability
Because the above are serious security vulnerabilities, we recommend
that all sites running Apache Roller upgrade to this new release as
soon as possible.
Thanks,
Dave
--
Dave M. Johnson
Apache Roller PMC Chair
http://rollerweblogger.org/roller
Re: JRoller replacement? (Was Re: Apache Roller 5.0.1 available &
upgrade recommended for all Roller sites)
Posted by Frans Thamura <fr...@meruvian.org>.
the blog basically from my student, to start do blogging.
and we use the roller as case study, because we also create a framework
based on struts2-spring-hibernate, take a look www.meruvian.org and the
kids www.facebook.com/meruvian
like bootstrap and facebook
take a look one of them
http://blogs.mervpolis.com/roller/dwx/
the problem, the server located in indonesian internet exchange, faster for
indonesian to access..
but dunno how slow when you access server outside indonesia
F
On Mon, Jun 25, 2012 at 8:34 PM, Glen Mazza <gm...@talend.com> wrote:
> Awesome! I'll look into it--thanks!
>
> Glen
>
>
> On 06/25/2012 09:27 AM, Frans Thamura wrote:
>
>> Our roller free services
>>
>> Blogs.mervpolis.com
>>
>> Use roller 5
>> On Jun 25, 2012 1:06 AM, "Glen Mazza"<gm...@talend.com> wrote:
>>
>> JRoller has long deprecated their service; they're stuck on 3.1 and not
>>> accepting new accounts. Is anyone aware of another community blogging
>>> service that hosts using Apache Roller? I couldn't find anything. If
>>> not
>>> I'll need to transfer probably to Google's Blogger service.
>>>
>>> Glen
>>>
>>> On 06/24/2012 01:03 PM, Dave wrote:
>>>
>>> New release: Apache Roller 5.0.1 is now available on Apache mirrors
>>>> world-wide and you can find it here:
>>>>
>>>> http://roller.apache.org/****downloads.html<http://roller.apache.org/**downloads.html>
>>>> <http://roller.**apache.org/downloads.html<http://roller.apache.org/downloads.html>
>>>> >
>>>>
>>>>
>>>> This release fixes two security vulnerabilities in Roller, listed below:
>>>> CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF)
>>>> vulnerability
>>>> CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability
>>>>
>>>> Because the above are serious security vulnerabilities, we recommend
>>>> that all sites running Apache Roller upgrade to this new release as
>>>> soon as possible.
>>>>
>>>> Thanks,
>>>> Dave
>>>>
>>>>
>>>>
>>>> --
>>> Glen Mazza
>>> Talend Community Coders - coders.talend.com
>>> blog: www.jroller.com/gmazza
>>>
>>>
>>>
>
> --
> Glen Mazza
> Talend Community Coders
> coders.talend.com
> blog: www.jroller.com/gmazza
>
>
Re: JRoller replacement? (Was Re: Apache Roller 5.0.1 available &
upgrade recommended for all Roller sites)
Posted by Glen Mazza <gm...@talend.com>.
Awesome! I'll look into it--thanks!
Glen
On 06/25/2012 09:27 AM, Frans Thamura wrote:
> Our roller free services
>
> Blogs.mervpolis.com
>
> Use roller 5
> On Jun 25, 2012 1:06 AM, "Glen Mazza"<gm...@talend.com> wrote:
>
>> JRoller has long deprecated their service; they're stuck on 3.1 and not
>> accepting new accounts. Is anyone aware of another community blogging
>> service that hosts using Apache Roller? I couldn't find anything. If not
>> I'll need to transfer probably to Google's Blogger service.
>>
>> Glen
>>
>> On 06/24/2012 01:03 PM, Dave wrote:
>>
>>> New release: Apache Roller 5.0.1 is now available on Apache mirrors
>>> world-wide and you can find it here:
>>>
>>> http://roller.apache.org/**downloads.html<http://roller.apache.org/downloads.html>
>>>
>>> This release fixes two security vulnerabilities in Roller, listed below:
>>> CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF)
>>> vulnerability
>>> CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability
>>>
>>> Because the above are serious security vulnerabilities, we recommend
>>> that all sites running Apache Roller upgrade to this new release as
>>> soon as possible.
>>>
>>> Thanks,
>>> Dave
>>>
>>>
>>>
>> --
>> Glen Mazza
>> Talend Community Coders - coders.talend.com
>> blog: www.jroller.com/gmazza
>>
>>
--
Glen Mazza
Talend Community Coders
coders.talend.com
blog: www.jroller.com/gmazza
Re: JRoller replacement? (Was Re: Apache Roller 5.0.1 available &
upgrade recommended for all Roller sites)
Posted by Frans Thamura <fr...@meruvian.org>.
Our roller free services
Blogs.mervpolis.com
Use roller 5
On Jun 25, 2012 1:06 AM, "Glen Mazza" <gm...@talend.com> wrote:
> JRoller has long deprecated their service; they're stuck on 3.1 and not
> accepting new accounts. Is anyone aware of another community blogging
> service that hosts using Apache Roller? I couldn't find anything. If not
> I'll need to transfer probably to Google's Blogger service.
>
> Glen
>
> On 06/24/2012 01:03 PM, Dave wrote:
>
>> New release: Apache Roller 5.0.1 is now available on Apache mirrors
>> world-wide and you can find it here:
>>
>> http://roller.apache.org/**downloads.html<http://roller.apache.org/downloads.html>
>>
>> This release fixes two security vulnerabilities in Roller, listed below:
>> CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF)
>> vulnerability
>> CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability
>>
>> Because the above are serious security vulnerabilities, we recommend
>> that all sites running Apache Roller upgrade to this new release as
>> soon as possible.
>>
>> Thanks,
>> Dave
>>
>>
>>
>
> --
> Glen Mazza
> Talend Community Coders - coders.talend.com
> blog: www.jroller.com/gmazza
>
>
Re: JRoller replacement? (Was Re: Apache Roller 5.0.1 available & upgrade recommended for all Roller sites)
Posted by David Johnson <sn...@gmail.com>.
Sent from my iPad
On Jun 24, 2012, at 3:31 PM, Glen Mazza <gm...@talend.com> wrote:
> I think that's Roller's biggest problem right now with its adoption, namely the lack of a community service providing hosting for it. Perhaps it didn't work for DZone (JRoller hosters) because they weren't shutting down inactive blogs (maybe hundreds create a "Hello World!" blog entry and ignore their blog forever after), bloating the administrative load, perhaps also in not requiring a blogroll linkage back to its site. To fix the first problem, maybe it would be good if Roller had an "auto-delete" feature, deleting all blogs that haven't had a new entry after an administrator-defined number of months; the second, giving the administrator an ability to force a blogroll entry or some other advertisement on everybody's blog, pointing back to the hoster.
>
> As for working at a company that offers Roller hosting, I suspect most devs try not to keep blogs with their company if they can avoid it, because people switch from company to company and want to take their blogs with them. For that reason, people might be reluctant to ask their companies to host Apache Roller even if they prefer it. The alternative for people in my shoes, paying for Tomcat hosting, is time-consuming and not cost-effective (having each user individually pay for Tomcat hosting just to host one blog is overkill.)
>
> I've used Roller for six years and am quite pleased with it--Google Blogger holds my hand too much and is too restrictive, but having looked at it again last week, I can see that Blogger has much improved over the last time I looked at it (2008), so switching is probably doable for me.
>
> Glen
>
>
> On 06/24/2012 02:43 PM, Dave wrote:
>> I don't know of any other public Roller hosting services.
>>
>> If you are really desperate for Roller you could get a job at Oracle
>> and get a blog on the Roller server at blogs.oracle.com ;-)
>>
>> - Dave
>>
>>
>> On Sun, Jun 24, 2012 at 2:05 PM, Glen Mazza<gm...@talend.com> wrote:
>>> JRoller has long deprecated their service; they're stuck on 3.1 and not
>>> accepting new accounts. Is anyone aware of another community blogging
>>> service that hosts using Apache Roller? I couldn't find anything. If not
>>> I'll need to transfer probably to Google's Blogger service.
>>>
>>> Glen
>>>
>>> On 06/24/2012 01:03 PM, Dave wrote:
>>>> New release: Apache Roller 5.0.1 is now available on Apache mirrors
>>>> world-wide and you can find it here:
>>>>
>>>> http://roller.apache.org/downloads.html
>>>>
>>>> This release fixes two security vulnerabilities in Roller, listed below:
>>>> CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF)
>>>> vulnerability
>>>> CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability
>>>>
>>>> Because the above are serious security vulnerabilities, we recommend
>>>> that all sites running Apache Roller upgrade to this new release as
>>>> soon as possible.
>>>>
>>>> Thanks,
>>>> Dave
>>>>
>>>>
>>>
>>> --
>>> Glen Mazza
>>> Talend Community Coders - coders.talend.com
>>> blog: www.jroller.com/gmazza
>>>
>>
>>
>
>
> --
> Glen Mazza
> Talend Community Coders - coders.talend.com
> blog: www.jroller.com/gmazza
>
Re: JRoller replacement? (Was Re: Apache Roller 5.0.1 available &
upgrade recommended for all Roller sites)
Posted by Glen Mazza <gm...@talend.com>.
I would have to see what such a market becomes, but I think the Apache
Roller site should allow advertisements of people who will provide
Roller blog hosting, either free w/ads or with a cost w/no ads. This
would not be a particular money-maker, as the fact that Blogger and
Wordpress are free would put a limit on how much one could charge for
blog hosting, and it would be limited primarily to those who like
Roller's velocity based templating and the bells and whistles it
provides and would pay for that specifically. OTOH, for somebody who's
already gone to the effort of Tomcat hosting just for his or her Roller
blog, it wouldn't be much effort for that person to allow additional
blogs, and if he can get a few extra blogs to cover the cost of his
Tomcat hosting, great.
What is really needed are those who are already in the business of
providing Tomcat hosting to just sell simple Roller blog accounts of an
already existing instance of Roller on Tomcat. They should be able to
offer that at a considerably reduced price over standalone Tomcat hosting.
Glen
On 06/25/2012 08:46 AM, Chalupa, Leroy T CTR USAF AFWA AFWA /SEMS wrote:
> Glen:
>
> I agree with you that hosting a tomcat instance for one or two blogs is not
> cost effective.
>
> What would it be worth to you for me or someone else to host an instance of
> roller? It wouldn't take many
> paying users to pay for a hosted site. I want to avoid ads on the site. On
> some sites, ads are so intrusive it's difficult to find
> the content on the page: less is more.
>
> Lee
>
> -----Original Message-----
> From: Glen Mazza [mailto:gmazza@talend.com]
> Sent: Sunday, June 24, 2012 2:31 PM
> To: user@roller.apache.org
> Subject: Re: JRoller replacement? (Was Re: Apache Roller 5.0.1 available&
> upgrade recommended for all Roller sites)
>
> I think that's Roller's biggest problem right now with its adoption, namely
> the lack of a community service providing hosting for it.
> Perhaps it didn't work for DZone (JRoller hosters) because they weren't
> shutting down inactive blogs (maybe hundreds create a "Hello World!"
> blog entry and ignore their blog forever after), bloating the administrative
> load, perhaps also in not requiring a blogroll linkage back to its site. To
> fix the first problem, maybe it would be good if Roller had an "auto-delete"
> feature, deleting all blogs that haven't had a new entry after an
> administrator-defined number of months; the second, giving the administrator
> an ability to force a blogroll entry or some other advertisement on
> everybody's blog, pointing back to the hoster.
>
> As for working at a company that offers Roller hosting, I suspect most devs
> try not to keep blogs with their company if they can avoid it, because
> people switch from company to company and want to take their blogs with
> them. For that reason, people might be reluctant to ask their companies to
> host Apache Roller even if they prefer it. The alternative for people in my
> shoes, paying for Tomcat hosting, is time-consuming and not cost-effective
> (having each user individually pay for Tomcat hosting just to host one blog
> is overkill.)
>
> I've used Roller for six years and am quite pleased with it--Google Blogger
> holds my hand too much and is too restrictive, but having looked at it again
> last week, I can see that Blogger has much improved over the last time I
> looked at it (2008), so switching is probably doable for me.
>
> Glen
>
>
> On 06/24/2012 02:43 PM, Dave wrote:
>> I don't know of any other public Roller hosting services.
>>
>> If you are really desperate for Roller you could get a job at Oracle
>> and get a blog on the Roller server at blogs.oracle.com ;-)
>>
>> - Dave
>>
>>
>> On Sun, Jun 24, 2012 at 2:05 PM, Glen Mazza<gm...@talend.com> wrote:
>>> JRoller has long deprecated their service; they're stuck on 3.1 and
>>> not accepting new accounts. Is anyone aware of another community
>>> blogging service that hosts using Apache Roller? I couldn't find
>>> anything. If not I'll need to transfer probably to Google's Blogger
> service.
>>> Glen
>>>
>>> On 06/24/2012 01:03 PM, Dave wrote:
>>>> New release: Apache Roller 5.0.1 is now available on Apache mirrors
>>>> world-wide and you can find it here:
>>>>
>>>> http://roller.apache.org/downloads.html
>>>>
>>>> This release fixes two security vulnerabilities in Roller, listed below:
>>>> CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF)
>>>> vulnerability
>>>> CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS)
>>>> vulnerability
>>>>
>>>> Because the above are serious security vulnerabilities, we recommend
>>>> that all sites running Apache Roller upgrade to this new release as
>>>> soon as possible.
>>>>
>>>> Thanks,
>>>> Dave
>>>>
>>>>
>>> --
>>> Glen Mazza
>>> Talend Community Coders - coders.talend.com
>>> blog: www.jroller.com/gmazza
>>>
>>
>
> --
> Glen Mazza
> Talend Community Coders - coders.talend.com
> blog: www.jroller.com/gmazza
>
--
Glen Mazza
Talend Community Coders
coders.talend.com
blog: www.jroller.com/gmazza
RE: JRoller replacement? (Was Re: Apache Roller 5.0.1 available &
upgrade recommended for all Roller sites)
Posted by "Chalupa, Leroy T CTR USAF AFWA AFWA /SEMS" <Le...@offutt.af.mil>.
Glen:
I agree with you that hosting a tomcat instance for one or two blogs is not
cost effective.
What would it be worth to you for me or someone else to host an instance of
roller? It wouldn't take many
paying users to pay for a hosted site. I want to avoid ads on the site. On
some sites, ads are so intrusive it's difficult to find
the content on the page: less is more.
Lee
-----Original Message-----
From: Glen Mazza [mailto:gmazza@talend.com]
Sent: Sunday, June 24, 2012 2:31 PM
To: user@roller.apache.org
Subject: Re: JRoller replacement? (Was Re: Apache Roller 5.0.1 available &
upgrade recommended for all Roller sites)
I think that's Roller's biggest problem right now with its adoption, namely
the lack of a community service providing hosting for it.
Perhaps it didn't work for DZone (JRoller hosters) because they weren't
shutting down inactive blogs (maybe hundreds create a "Hello World!"
blog entry and ignore their blog forever after), bloating the administrative
load, perhaps also in not requiring a blogroll linkage back to its site. To
fix the first problem, maybe it would be good if Roller had an "auto-delete"
feature, deleting all blogs that haven't had a new entry after an
administrator-defined number of months; the second, giving the administrator
an ability to force a blogroll entry or some other advertisement on
everybody's blog, pointing back to the hoster.
As for working at a company that offers Roller hosting, I suspect most devs
try not to keep blogs with their company if they can avoid it, because
people switch from company to company and want to take their blogs with
them. For that reason, people might be reluctant to ask their companies to
host Apache Roller even if they prefer it. The alternative for people in my
shoes, paying for Tomcat hosting, is time-consuming and not cost-effective
(having each user individually pay for Tomcat hosting just to host one blog
is overkill.)
I've used Roller for six years and am quite pleased with it--Google Blogger
holds my hand too much and is too restrictive, but having looked at it again
last week, I can see that Blogger has much improved over the last time I
looked at it (2008), so switching is probably doable for me.
Glen
On 06/24/2012 02:43 PM, Dave wrote:
> I don't know of any other public Roller hosting services.
>
> If you are really desperate for Roller you could get a job at Oracle
> and get a blog on the Roller server at blogs.oracle.com ;-)
>
> - Dave
>
>
> On Sun, Jun 24, 2012 at 2:05 PM, Glen Mazza<gm...@talend.com> wrote:
>> JRoller has long deprecated their service; they're stuck on 3.1 and
>> not accepting new accounts. Is anyone aware of another community
>> blogging service that hosts using Apache Roller? I couldn't find
>> anything. If not I'll need to transfer probably to Google's Blogger
service.
>>
>> Glen
>>
>> On 06/24/2012 01:03 PM, Dave wrote:
>>> New release: Apache Roller 5.0.1 is now available on Apache mirrors
>>> world-wide and you can find it here:
>>>
>>> http://roller.apache.org/downloads.html
>>>
>>> This release fixes two security vulnerabilities in Roller, listed below:
>>> CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF)
>>> vulnerability
>>> CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS)
>>> vulnerability
>>>
>>> Because the above are serious security vulnerabilities, we recommend
>>> that all sites running Apache Roller upgrade to this new release as
>>> soon as possible.
>>>
>>> Thanks,
>>> Dave
>>>
>>>
>>
>> --
>> Glen Mazza
>> Talend Community Coders - coders.talend.com
>> blog: www.jroller.com/gmazza
>>
>
>
--
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza
Re: JRoller replacement? (Was Re: Apache Roller 5.0.1 available &
upgrade recommended for all Roller sites)
Posted by Glen Mazza <gm...@talend.com>.
I think that's Roller's biggest problem right now with its adoption,
namely the lack of a community service providing hosting for it.
Perhaps it didn't work for DZone (JRoller hosters) because they weren't
shutting down inactive blogs (maybe hundreds create a "Hello World!"
blog entry and ignore their blog forever after), bloating the
administrative load, perhaps also in not requiring a blogroll linkage
back to its site. To fix the first problem, maybe it would be good if
Roller had an "auto-delete" feature, deleting all blogs that haven't had
a new entry after an administrator-defined number of months; the second,
giving the administrator an ability to force a blogroll entry or some
other advertisement on everybody's blog, pointing back to the hoster.
As for working at a company that offers Roller hosting, I suspect most
devs try not to keep blogs with their company if they can avoid it,
because people switch from company to company and want to take their
blogs with them. For that reason, people might be reluctant to ask
their companies to host Apache Roller even if they prefer it. The
alternative for people in my shoes, paying for Tomcat hosting, is
time-consuming and not cost-effective (having each user individually pay
for Tomcat hosting just to host one blog is overkill.)
I've used Roller for six years and am quite pleased with it--Google
Blogger holds my hand too much and is too restrictive, but having looked
at it again last week, I can see that Blogger has much improved over the
last time I looked at it (2008), so switching is probably doable for me.
Glen
On 06/24/2012 02:43 PM, Dave wrote:
> I don't know of any other public Roller hosting services.
>
> If you are really desperate for Roller you could get a job at Oracle
> and get a blog on the Roller server at blogs.oracle.com ;-)
>
> - Dave
>
>
> On Sun, Jun 24, 2012 at 2:05 PM, Glen Mazza<gm...@talend.com> wrote:
>> JRoller has long deprecated their service; they're stuck on 3.1 and not
>> accepting new accounts. Is anyone aware of another community blogging
>> service that hosts using Apache Roller? I couldn't find anything. If not
>> I'll need to transfer probably to Google's Blogger service.
>>
>> Glen
>>
>> On 06/24/2012 01:03 PM, Dave wrote:
>>> New release: Apache Roller 5.0.1 is now available on Apache mirrors
>>> world-wide and you can find it here:
>>>
>>> http://roller.apache.org/downloads.html
>>>
>>> This release fixes two security vulnerabilities in Roller, listed below:
>>> CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF)
>>> vulnerability
>>> CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability
>>>
>>> Because the above are serious security vulnerabilities, we recommend
>>> that all sites running Apache Roller upgrade to this new release as
>>> soon as possible.
>>>
>>> Thanks,
>>> Dave
>>>
>>>
>>
>> --
>> Glen Mazza
>> Talend Community Coders - coders.talend.com
>> blog: www.jroller.com/gmazza
>>
>
>
--
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza
Re: JRoller replacement? (Was Re: Apache Roller 5.0.1 available &
upgrade recommended for all Roller sites)
Posted by Dave <sn...@gmail.com>.
I don't know of any other public Roller hosting services.
If you are really desperate for Roller you could get a job at Oracle
and get a blog on the Roller server at blogs.oracle.com ;-)
- Dave
On Sun, Jun 24, 2012 at 2:05 PM, Glen Mazza <gm...@talend.com> wrote:
> JRoller has long deprecated their service; they're stuck on 3.1 and not
> accepting new accounts. Is anyone aware of another community blogging
> service that hosts using Apache Roller? I couldn't find anything. If not
> I'll need to transfer probably to Google's Blogger service.
>
> Glen
>
> On 06/24/2012 01:03 PM, Dave wrote:
>>
>> New release: Apache Roller 5.0.1 is now available on Apache mirrors
>> world-wide and you can find it here:
>>
>> http://roller.apache.org/downloads.html
>>
>> This release fixes two security vulnerabilities in Roller, listed below:
>> CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF)
>> vulnerability
>> CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability
>>
>> Because the above are serious security vulnerabilities, we recommend
>> that all sites running Apache Roller upgrade to this new release as
>> soon as possible.
>>
>> Thanks,
>> Dave
>>
>>
>
>
> --
> Glen Mazza
> Talend Community Coders - coders.talend.com
> blog: www.jroller.com/gmazza
>
--
Dave M. Johnson
Apache Roller PMC Chair
http://rollerweblogger.org/roller
JRoller replacement? (Was Re: Apache Roller 5.0.1 available & upgrade
recommended for all Roller sites)
Posted by Glen Mazza <gm...@talend.com>.
JRoller has long deprecated their service; they're stuck on 3.1 and not
accepting new accounts. Is anyone aware of another community blogging
service that hosts using Apache Roller? I couldn't find anything. If
not I'll need to transfer probably to Google's Blogger service.
Glen
On 06/24/2012 01:03 PM, Dave wrote:
> New release: Apache Roller 5.0.1 is now available on Apache mirrors
> world-wide and you can find it here:
>
> http://roller.apache.org/downloads.html
>
> This release fixes two security vulnerabilities in Roller, listed below:
> CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability
> CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability
>
> Because the above are serious security vulnerabilities, we recommend
> that all sites running Apache Roller upgrade to this new release as
> soon as possible.
>
> Thanks,
> Dave
>
>
--
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza