This content is viewable by Everyone
04/16/25: Critical Vulnerability In Apache Roller open-source, Java-based blogging server software
Apache released security updates to address a Critical vulnerability in Apache Roller open-source, Java-based blogging server software. An attacker could exploit the vulnerability to retain unauthorized access even after a password change.
For a complete description of the vulnerabilities and affected systems, go to CVE-2025-24859: Apache Roller: Insufficient Session Expiration on Password Change.
Read more about IT Security service offerings.