Lucee v4 unsupported for bugs

I just raised a bug with Lucee v4, and its’ been closed out of hand immediately as “Lucee 4.5 is no longer in active development”.

When did v4 transition to unsupported ? Will it get security fixes ? How long for assuming it is still getting them ?

The Lucee 4.x codebase can still receive development via, at minimum, the following ways;

  • A reported security vulnerability that needs patched
  • A major bug
  • Sponsored bug fixes (which just happened this month)
  • Via pull request from the community (check beforehand)

The general rule of thumb I believe was that we supported the two previous minor releases. Major releases are a bit different since we tend to support them a bit longer to give people enough time to make the jump.

As far as exactly when Lucee 4.x fell out of active development-- I’m not sure there was an exact date so much as a slow slide as we wound down the amount of effort put into it. We will likely support security fixes for a long time, but we really really want people to be making their way over to Lucee 5 which is why we’re focusing a lot less on the 4.x codebase.

Your question was well timed as we were just discussing internally that we (LAS) should be a bit more intentional about our communication regarding what the expectation is for Lucee 4.x development. I’ve pinged our project manager @IamSigmund who I’m sure will chime in soon with any additional information I’ve missed.


@bdw429s perfectly explained the process, thanks for that.

I assume you are talking about LDEV-1244, like explained in the comment in that ticket, the S3 resources was completely rewritten with Lucee 5, so this is an issue not exist with Lucee 5 anymore. The S3 Resource in Lucee 4.5 is outdated, spend time to improve that outdated version simply has a very very low priority. i could accept that ticket and set priority to “trivial” and give you hope that it get fixed at some time in the future. But the chance for this are next to 0. So i think rejecting the ticket was much more honest.

1 Like

@bdw429s so is there a high level overview of what changed v4 to v5 ? When v5 came out, all I remember was fuss about a new language (with new file extensions ?).
I can tell anything that touches S3 in our apps will need retesting, and was hopeing there was a full list of other things ?

The proposed Lucee scripting language is only an experimental feature. At this stage there is no motivation to take this further until we’ve addressed a raft of other more important features in the backlog.

Many underlying java libraries were updated at the same time as they were extracted from the core build into separate OSGi projects for Lucee 5. The S3 library had a massive upgrade. You should find its much better in general, but definitely worth testing your app.