Announcing Lucee 5.2.8.50-RC


#1

Hello Lovers of Lucee! Time for another of our regularly scheduled sprint retrospectives. The May sprint produced the latest Release Candidate: 5.2.8.50-RC, which went live on June 8.

I was especially pleased with this release, because it tested our ability to have the dev team stick to a strict schedule (the monthly sprints), while also being flexible enough to adjust our development focus as needed. The first test was responding to a potential security vulnerability related to ZIP archives, and the second was the need to put in some time working on closures functionality in 5.3. Both problems arose near the end of the May sprint, and while a few tickets did get pushed to the July sprint, this was mostly not due to the time constraints imposed by reacting to these two unplanned outside-the-sprint development efforts.

Regarding the security vulnerability, it’s been discussed ever so briefly here:

In addition, we had extensive discussion in the private security forum, and of course internally on the dev team and amongst the LAS members. It’s not an especially severe vulnerability, but we nonetheless patched it immediately, as per our security protocol. We will have a formal public post about the patch in the next couple of weeks. If anyone has any questions/concerns in the meantime, please don’t hesitate to let us know.

Here’s the final list of fixes for 5.2.8.50-RC:

Issue key Summary
LDEV-1876 Server.Coldfusion.SupportedLocales not supporting Welsh locale
LDEV-1854 javascript error in admin with heap/non heap graphs
LDEV-1838 cannot serialise CGI Scope
LDEV-1837 cannot serialze server.os.macAddress
LDEV-1834 ERR_TOO_MANY_REDIRECTS
LDEV-1830 cannot ObjectLoad a closure
LDEV-1810 ListFirst count invalid
LDEV-1803 toBase64 behaves differently with strings and numbers
LDEV-1797 Cannot run thread tags in member functions
LDEV-1787 trim long string in argument validation errors
LDEV-1715 abstract functions missing from component meta data
LDEV-1682 REFind - scope is missing
LDEV-1592 Possible DeserializeJSON problem
LDEV-1578 NPE at lucee.runtime.spooler.SpoolerEngineImpl.getFile()
LDEV-1565 Search in the Lucee Admin does not work anymore
LDEV-1497 Session variable not set after sessionrotate() within same request
LDEV-1494 cfajaxproxy throw error while try to access the component
LDEV-1467 Regression? REMatch() bug LDEV-90 fixed in 4.5, still present in 5.2.3.31-RC
LDEV-1293 query.map mishandles the “template” query
LDEV-1281 cfinput validate=“email” client-side JS should be case insensitive
LDEV-1207 this.sessioncluster=true breaks sessions
LDEV-1143 Confusing Error Message with Partial Null Support and Debug Enabled
LDEV-1119 GetHttpRequestData().content sometimes empty when body content posted
LDEV-1092 STARTTLS command not executed for SMTP mail.
LDEV-1021 cfmail subject doesn’t sanitise new lines
LDEV-974 Support Adobe’s settings for JSON serialization
LDEV-630 CF setting, this.smtpServerSettings, is missing from Lucee
LDEV-398 SerializeJSON difference between ACF and Lucee
LDEV-215 Creating a datasource storage table does not create an index
LDEV-98 Saving an edit to a mapping does not return the user to the mappings list page
LDEV-95 CFHTTP doesn’t send username and password attributes as Basic Authentication header over SSL

(@thefalken - This text-based ticket list is for you! :slight_smile: )

Please head over to the download site and give 5.2.8.50-RC a spin. It will be finalized in early July, as per the regular schedule. We’re now working on finalizing 5.2.8, and prepping the final ticket list for the July sprint, which will produce Lucee 5.2.9-RC. As always, please let us know which tickets you’d really like to see done in July.

Thanks for listening!


Lucee 5.2.7.63
#2

I would really like to see:

https://luceeserver.atlassian.net/browse/LDEV-1845
https://luceeserver.atlassian.net/browse/LDEV-784

added to the July sprint. There are numerous web service tickets open still that haven’t been touched in a while. If you look at LDEV-784 it says that it is set for the next sprint but that was done in October of last year and hasn’t been touched, please see my comments on that ticket.


#3

Ok, @Yamaha32088, we’ll take a look. Thanks for the heads-up!