Do any of the latest ACF vulernabiliies affect Lucee CFML?

It’s been a bad few weeks for Adobe ColdFusion - several successive patches for security fixes. I haven’t seen any of it being discussed with regard to Lucee; so, I just wanted to see if there was any cause for concern on our side of the ecosystem?

This is in regard to: Active Exploitation of Multiple Adobe ColdFusion Vulnerabilities | Rapid7 Blog

Lucee has a rather stricter/more limited support for WDDX, so you can’t reference java types

I’m dropping a RC for 5.4.2 later today, as this XXE stuff should be on by default


Awesome, thank you!