New Release Candidate (

Release Candidate ( ) is available to download from our download page or via the Lucee Admin.


  • Lucee now uses https for all updates and downloads
  • xmlValidate supports passing multiple XSD files into the function
  • jsonValidate a new function to validate JSON, optionally using a JSON schema (via the optional extension “JSON”).

Same Site Cookies

Tormented by SameSite cookie warnings in your console? Enjoy!

sameSite (lax, strict, none) cookie options for <cfcookie> and session cookies.

via Application.cfc

this.sessionCookie.sameSite = "strict";
this.tag.cookie.sameSite = "strict";


<cfcookie name=”id” value=”#createUUID()” samesite=”strict”>

Bug fixes and improvements

Bug fixes and improvements in the code, the focus for the 5.3.7 sprint was stability and regressions, details in the tickets below.

Tickets addressed in this release cycle

LDEV-2889 - allow to use multiple xsd files with XMLValidate
LDEV-2860 - Error - Unable to resolve lucee.image.extension
LDEV-2857 - directoryDelete() can throw NPE
LDEV-2852 - Showing wrong result - using FindOneOf() Member function
LDEV-2834 - Admin-Update, seems has wrong if No upgrade/downgrade version
LDEV-2814 - Lucene and S3 extension get (re) deployed after each update
LDEV-2808 - Regression - Intermittent ClassNotFoundException exception when compiling
LDEV-2798 - Method code too large! after update from to
LDED-2791 - Can’t access plugins install at server level in context web admin
LDEV-2779 - NPE uninstalling an extensionLDEV-2655 - autocommit=true always set
LDEV-2654 - Floor() / Int() can round a number down to > 1 less than its value
LDEV-2651 - Scan deploy folder for extensions to install on startup
LDEV-2597 - createObject (“webservice”, …) broken since (SOAP v1.1)
LDEV-2578 - Reduce INFO logging
LDEV-2568 - CFCOOKIE - Incompatibility with ACF
LDEV-2558 - Extension management broken inside CommandBox CLI/JSR-233
LDEV-2533 - Status showing open - when using Fileclose()
LDEV-2524 - DeserializeJSON does not properly handle uppercase letters in basic multilingual plane values
LDEV-2505 - getFileInfo() is really slow
LDEV-2487 - QoQ and QuerySort don’t sort varchar columns correctly
LDEV-2312 - java.lang.Thread.State: BLOCKED at
LDEV-2288 - Lucee engine reset() kills current thread (regression)
LDEV-2277 - REGRESSION - createObject webservice WSDL error on generating token
LDEV-2158 - Query sorting ignores leading hyphen
LDEV-2061 - getting exception from release in Jetty Servlet engine
LDEV-1846 - CFDocument fails to produce pdf with lmdp locked error
LDEV-1506 - server and extension updates are insecurely downloaded over http
LDEV-1236 - Add SameSite-attribute to cfcookie


Our thanks goes to all Contributors for this release candidate:


If you encounter any regressions with this release candidate, please first post to the mailing list at, or raise a ticket with and the label “regression”, we will look into it with the highest priority.

Open Tickets flagged as regressions

Tickets assigned to the Next Sprint"NextSprint"