Apache Roller version 5.0.2 has been recently released addressing two important security issues. This version fixes the RSS/Atom Feed templates that contain XSS vulnerabilities and some parts of Roller's editor and administration console to prevent remote code execution. You can find more details at the Roller blog entry.
If you are using BitNami Roller, it is recommended that you upgrade your installation to include the latest security fixes. We just released new native installers, virtual machines and Amazon EC2 and Azure cloud images that ship the latest, updated version.
We will also be removing older versions of Apache Roller from Amazon, Azure and other repositories, to prevent end users from inadvertently launching insecure versions of this application.