So, just want to clarify that if you want to consider your business, clients, etc to be running on a supported version of Lucee, please update to the latest 5.4 release.
The latest 5.3 release, currently 5.3.12 will receive further security updates, when possible.
Please understand and take action, Lucee 5.4 has had all the underlying java libraries updated, so if a zero day vulnerability occurs which cannot be easily patched due to old java libs, etc, the Lucee team will patch and release the 5.4 release immediately and then potentially the latest 5.3 stable release later, if both feasible and possible
If you are still running older releases like 5.3.7, 5.3.8, 5.3.9 (or earlier) which just received emergency releases, you should be planning to update to 5.4.3.2 immediately
If there is a blocker which is preventing you upgrading, let us know
And please consider sponsoring the Lucee project if you haven’t already!
Please note that @Zackster is very probaly still recovering. Haven’t heard much about him lately and I hope he is doing well and getting better.
Because Zac is Lucees Dev Community Manager and the one whos main task is intermediating/communicating between us (the community here, Slack Twitter/X, LinkedIn etc) and the Lucee Dev Team, we need to be pacient getting information as we’ve been familiar during the past years from the Lucee devs. But I can see that the Lucee devs are comitting almost on a daliy basis at github to the Lucee source. So all I can add is, check the download page regulary follow their tasks in Jira and commits at Github (its all open source). I know many of the Lucee devs see the forum threads regularily, but consider that their time is very limited for responding to us directly. This is a full time job and they are very commited and dedicated to the source. I wish they had more paying contributors so the could hire more devs and also community managers to help out.
@andreas you may not realize the time for patient is slipping away if not already gone.
IMO the implied “stable release” contract died long ago. I have already resolved to never start new projects on Lucee despite the development productivity loss. Stable operation matters above all; my customers don’t care how Lucee gets done.
IMO dev team testing is inadequate. The emphasis on new features over a truly stable release may cause Lucee project failure when user community trust erodes to nothing.
Yes, user community participation is valuable but despite interest, most of us can’t afford the time.
I’m seeing a release of 5.4.3.16 stable at the download page. It moved from the latest RC to stable. I don’t understand what you are trying to say exactly? Can,'t see any 5.4.4 RC there, I don’t think there never was one?
Since late last year too many bugs emerged on “stable release” to the point where “stable” has lost credibility.
Communications about said bugs is chaotic, scattered across multiple posts, has abrupt unannounced changes in direction (5.4.4 release abandoned), and never a single post clearly stating the current recommended remediation. Every post regarding stable release bug remediation should be complete within a single post; references to other posts are burdensome, and lose relevance as new knowledge emerges. Expecting user community to track the entire Lucee Dev board to stay informed is asking too much.
Annoyance level with “stable release” delivery and quality is rising and eroding trust which has Lucee project long term viability implications.
Open software projects fail or thrive based on reputation. IMO Lucee’s reputation is going downhill.
I write because the “stable release” is a critical asset and I want my concerns to be proven wrong.
From what I understand, the 5.4.4 code base is being maintained for security and emergency bugs only. It is not being actively developed on. The 6.0 code base is the latest and being actively developed on.
It might help if you mention what specific issue you are needing to be addressed in the 5.4.4 code base. Then they can prioritize the work if it is needed.
The Lucee 5.3 is EOL update may indeed apply to 5.4 but that is a convention known only to experienced project participants. I advocate explicit communications as new releases emerge to make the understanding the project easier for casual users or newcomers.
Explicitly recapitulating what carries forward with each release is best as each post is complete and by design supersedes prior posts about the same release series thus the latest release information is complete and in one place.
@Zackster edited opening post to include 5.4 which is very appreciated; apologies for any oversight.