There is a new Release ( 5.3.7.43 ) available to download from our download page https://download.lucee.org or via the Lucee Admin.
Highlights
Lucee now uses https for all updates and downloads
Thresholds for request timeouts (experimental)
You can now set a Memory,CPU and/or Concurrent request threshold for Lucee, if set Lucee will not kill requests reaching the timeout when the defined threshold is not reached. [LDEV-3019] - Lucee
cfLogin (experimental)
You can now define a private key/salt for cflogin that then will be used to encrypt the data send to the user when loginstorage is set to cookie. [LDEV-3013] - Lucee
xmlValidate
Supports passing multiple XSD files into the function. [LDEV-2889] - Lucee
jsonValidate
a new function to validate JSON, optionally using a JSON schema (via the optional extension āJSONā). [LDEV-1188] - Lucee
Optional query cache
In case the cache used for a query with ācachedwithinā fails, the query itself will no longer throw an exception, instead it will log the error to the application.log. So a failing cache does not break your website. [LDEV-3058] - Lucee
sameSite
(lax, strict, none) cookie options for and session cookies.
// via Application.cfc
this.sessionCookie.sameSite = "strict";
this.tag.cookie.sameSite = "strict";
<cfcookie name=āidā value=ā#createUUID()ā samesite=āstrictā>
https://luceeserver.atlassian.net/browse/LDEV-1236
Bug fixes and improvements in the code, the focus for the 5.3.7 sprint was stability and regressions, details in the tickets below.
Tickets addressed in this release cycle
LDEV-2889 - allow to use multiple xsd files with XMLValidate
LDEV-2860 - Error - Unable to resolve lucee.image.extension
LDEV-2857 - directoryDelete() can throw NPE
LDEV-2852 - Showing wrong result - using FindOneOf() Member function
LDEV-2834 - Admin-Update, seems has wrong if No upgrade/downgrade version
LDEV-2814 - Lucene and S3 extension get (re) deployed after each update
LDEV-2808 - Regression - Intermittent ClassNotFoundException exception when compiling
LDEV-2798 - Method code too large! after update from 5.3.4.80 to 5.3.5.92
LDED-2791 - Canāt access plugins install at server level in context web admin
LDEV-2779 - NPE uninstalling an extensionLDEV-2655 - autocommit=true always set
LDEV-2654 - Floor() / Int() can round a number down to > 1 less than its value
LDEV-2651 - Scan deploy folder for extensions to install on startup
LDEV-2597 - createObject (āwebserviceā, ā¦) broken since 5.2.9.31 (SOAP v1.1)
LDEV-2578 - Reduce INFO logging
LDEV-2568 - CFCOOKIE - Incompatibility with ACF
LDEV-2558 - Extension management broken inside CommandBox CLI/JSR-233
LDEV-2533 - Status showing open - when using Fileclose()
LDEV-2524 - DeserializeJSON does not properly handle uppercase letters in basic multilingual plane values
LDEV-2505 - getFileInfo() is really slow
LDEV-2487 - QoQ and QuerySort donāt sort varchar columns correctly
LDEV-2312 - java.lang.Thread.State: BLOCKED at lucee.runtime.op.date.DateCaster.toDateAdvanced
LDEV-2288 - Lucee engine reset() kills current thread (regression)
LDEV-2277 - REGRESSION - createObject webservice WSDL error on generating token
LDEV-2158 - Query sorting ignores leading hyphen
LDEV-2061 - getting exception from release in Jetty Servlet engine
LDEV-1846 - CFDocument fails to produce pdf with lmdp locked error
LDEV-1506 - server and extension updates are insecurely downloaded over http
LDEV-1236 - Add SameSite-attribute to cfcookie
LDEV-3050 - make query cache optional
LDEV-3040 - GetTagData should return the tag attributes in an ordered struct
LDEV-3019 - add possibility to add a cpu/memory/concurrent request threshold for request timeout
LDEV-3013 - add support for a private key with cflogin
LDEV-2993 - SameSite for CFCookie doesnāt send None values
Contributors
Our thanks goes to all Contributors for this release candidate:
- Mircea Botex
- kabutotx
- Michael Offner
- Andrew Penhorwood
- Pothys Ravichandran
- Igal Sapir
- Zac Spitzer
- VovanVod