Lucee 5.3.9.32-SNAPSHOT now uses log4j2 with log4j1 completely removed
Anyone using custom log appenders will need to update them to use log4j2, as we can’t be backwards compatible without including the old lib (which isn’t vulnerable, only unmaintained).
and yes, we will be updating to 2.17.1 before anyone asks…
The 5.3.9 sprint has a few remaining tickets before we release RC1, feel free to start testing
5.3.9 completed highlights so far include
- Java 17 support [LDEV-3526] Update Felix to 6.0.5 to support Java >= 16 - Lucee
- QoQ fixes https://luceeserver.atlassian.net/issues/?jql=status%20%3D%20QA%20AND%20labels%20%3D%20QofQ
- static fixes https://luceeserver.atlassian.net/issues/?jql=labels%20%3D%20static%20AND%20Sprint%20%3D%2056%20ORDER%20BY%20updated%20DESC
- cfhttp logging [LDEV-3810] add trace logging for cfhttp calls - Lucee
- better decimal handling with json https://luceeserver.atlassian.net/issues/?jql=labels%20%3D%20numeric%20AND%20Sprint%20%3D%2056
- performance improvements with arguments [LDEV-3520] Slow performance on arguments scope due to casting strings to Double - Lucee
- better exception handling
- configImport [LDEV-3790] add function ConfigImport - Lucee
See the sprint board to each ticket
https://luceeserver.atlassian.net/jira/software/c/projects/LDEV/boards/10?selectedIssue=LDEV-3801&sprint=56