Lucee.org and HTTPS/TLS


#21

Just updating everyone that the new site is live and we have https for lucee.org as well as the cdn subdomain. A couple of the other subdomains still need to be re directed to https. We are working on that.

Regards,
Joy


#22

Awesome, thanks for the info. FYI, some of content is hard to read because it ends up being white text on a white-ish background… :slight_smile:


#23

Thanks for the feedback! I will pass that along to the person who maintains that subdomain.

Joy


#24

New site looks good, just one little thing, is it possible to mention cfml right up front?

Both the new site and the GitHub repo intro make a bigger deal about slightly obscure Java stuff rather than lucee’s core functionality as the leading open source cfml application server/engine


#25

Looks great!

Unfortunately, all of the crucial areas of the site for which I originally raised this issue still don’t support SSL:

download.lucee.org
release.lucee.org 
Links to cdn.lucee.org from Download
(though that does now have a valid cert if you play around with it).

Example URL:
http://release.lucee.org/rest/update/provider/light/5.2.8.50?s3=false

Presuming these are the subdomains mentioned here:

A couple of the other subdomains still need to be re directed to https. We are working on that.

Any ETA on that part? That’s really all that I was hoping for. At the moment there’s almost no security when downloading Lucee releases - no checksums, and no TLS.

Thanks for your hard work on the main site! : - )


#26

Good point Zac. Will see if we can add/change wording on the site. I don’t have access to the GitHub area, but i’ll mention it to those that do in case they miss this conversation.


#27

It’s wonderful to finally see a s in this url https://download.lucee.org/


#28

Ah fantastic progress all, thanks kindly!

If we can just get releases.lucee.org behind SSL too we’ll be in a wonderful position.


#29

‘releases’ was nothing more than a redirect, so guessing that’s going to change to the fixed URL before it gets treated to SSL


#30

I was wrong about this. ‘releases’ serves a REST interface. Thanks Brad for letting me know! =)