New Release Candidate (5.3.8.139-RC)

There is a new Release Candidate ( 5.3.8.139-RC ) available to download from our download page https://download.lucee.org or via the Lucee Admin.

Highlights

Proxy
You can now define a global Proxy in the Lucee admin that is used for all external calls like for example cfhttp, but also by Lucee itself to download Lucee updates or extensions.
https://luceeserver.atlassian.net/browse/LDEV-1162

Allow ${variable} inside the Lucee config.
You can now define system properties or environment variables in the Lucee configuration (lucee-server.xml,lucee-web.xml) the following way:
${<system-prop-or-env-var-variable>:<default-value>}
The old way ({env:<env-var>},{system:<system-prop>}) is still supported.
https://luceeserver.atlassian.net/browse/LDEV-1746

Mixed-orientation PDF support
Lucee supports now to have different orientation on single pages in a PDF (portrait, landscape)
https://luceeserver.atlassian.net/browse/LDEV-2528

Function StructValueArray
This function returns all values of a struct as an array.
https://luceeserver.atlassian.net/browse/LDEV-2686

Function QuerySetRow
Like QuerySetCell but for an entire row, QueryRowData also now supports returning an array.
https://luceeserver.atlassian.net/browse/LDEV-1826

Application.cfc setting for searching queries
We added support for the setting this.searchResults to the Application.cfc, that allows to control if Lucee looks in the surrounding queries for a variable or not.
https://luceeserver.atlassian.net/browse/LDEV-2772

Argon2 Hashing Algorithm
We added the functions Argon2CheckHash and GenerateArgon2Hash that are supporting the Argon2 Hashing Algorithm.
https://luceeserver.atlassian.net/browse/LDEV-2883

Life timeout for datasources
Next to the already supported idle timeout, we added support for life timeout to datasources, so you can define how long a datasource connection lives overall.
https://luceeserver.atlassian.net/browse/LDEV-2937
https://luceeserver.atlassian.net/browse/LDEV-2943

Java Regex
So far Lucee only was supporting the “Perl 5” regular expression dialect, now Lucee also supports the Java dialect.
https://luceeserver.atlassian.net/browse/LDEV-3009

Request timeout threshold
So far Lucee simply supported a time based request timeout, now you can also define a threshold (CPU,Memory or running requests) for request timeouts. If set, Lucee will only kill a request when the defined threshold is reached.
https://luceeserver.atlassian.net/browse/LDEV-3019

Query of Query performance improvements
Query of Query has been drastically improved (but only for queries without joins)
https://luceeserver.atlassian.net/browse/LDEV-3042

CFMAIL Validation changes
Previously, CFMAIL only validated email addresses when spooling, it now validates immediately and will throw an error if basic checks don’t pass.
https://luceeserver.atlassian.net/browse/LDEV-2234

Debugging Improvements
The debug log viewer allows purging logs
https://luceeserver.atlassian.net/browse/LDEV-1960
Disabling debugging purges any logs in memory
https://luceeserver.atlassian.net/browse/LDEV-2674
The debugging template isn’t no longer run after a CFCONTENT (performance)
https://luceeserver.atlassian.net/browse/LDEV-3074

File Upload nameconflict="forceunique"
For security, the file name for a file upload is never predictable. File uploads also now use a guid suffix instead of a numeric counter.
https://luceeserver.atlassian.net/browse/LDEV-3122

Parallel Improvements
Memory usage has been reduced for parallel operations
https://luceeserver.atlassian.net/browse/LDEV-3210
https://luceeserver.atlassian.net/browse/LDEV-2559
https://luceeserver.atlassian.net/browse/LDEV-2903

Tickets addressed in this release cycle

LDEV-93 - cfpdf action=“write” fails to preserve info metadata
LDEV-265 - Static variable values seem to occasionally “reset”
LDEV-784 - CSRFverifyToken() does not work when this.sessionCluster = true
LDEV-946 - Always include functions and properties in CFC metadata
LDEV-1114 - Proxy settings in server admin broken
LDEV-1162 - allow to set a general Proxy in the admin.
LDEV-1200 - datasource hints don’t include username if password is blank
LDEV-1328 - add optional offset argument to callStackGet()
LDEV-1703 - Add additional extension metadata
LDEV-1724 - Daylight Savings Time, Scheduler, and 100% CPU Usages
LDEV-1746 - Allow ${system.property} in Lucee config files
LDEV-1960 - add a purge debugging logs button/method
LDEV-1997 - getPageContext().getRequest().getRequestUrl() different
LDEV-2087 - Lucee 4 and 5 consumes too much heap memory with large uploads due to bug in HTTPServletRequestWrap.java
LDEV-2120 - lucee/graph.cfm lack of exception handling
LDEV-2156 - ReMatchNoCase() doesn’t work as expected when handling with vast data
LDEV-2233 - mail spooler still retries mails with a missing from address
LDEV-2234 - cfmail only validates emails when spooling
LDEV-2382 - Query of Query doesn’t return correct results when UPPER() is used
LDEV-2424 - cfpdf action=“getinfo” does not return PageRotations or PageSizes properties
LDEV-2473 - Lucee ignores cfmailparam name=“Message-ID”
LDEV-2480 - cfdocument crashes generating PDF with embedded base64 image in Java 11
LDEV-2483 - snapshot updates aren’t being advertised on admin overview page
LDEV-2518 - when the update provider isn’t accessible, show an error message
LDEV-2528 - Mixed-orientation PDF support
LDEV-2538 - Improve error message - cflocation tag with end tag didn’t work properly
LDEV-2555 - Application action=“update” reverts sessioncluster and clientcluster to false.
LDEV-2556 - Regression: Local images no longer render in PDF in Lucee 5.3+
LDEV-2559 - arrayEach has too much memory overhead from duplicating pageContext
LDEV-2561 - No provider for smtp exception using AWS SES
LDEV-2562 - \WEB-INF\lucee\context\admin\resources\img\arrow-right.gif.cfm not found
LDEV-2595 - pd4fonts.properties file generated by PDF extension is missing an important newline
LDEV-2617 - Change the info in update page - Admin
LDEV-2623 - Encrypted password didn’t showing properly - Admin - Mail
LDEV-2645 - Regression: In Lucee 5.3.3, component Property function does not recognize variables defined at the top of that Component
LDEV-2674 - disabling debugging should purge the debug logs from memory
LDEV-2686 - Add function structValueArray()
LDEV-2689 - Function isValid for URLs does not validate SharePoint/Office365 links properly
LDEV-2712 - shutdown taking 1m
LDEV-2748 - Short-hand component properties parsed incorrectly - regression from 5.3.3
LDEV-2749 - JavaLoader throws exception loading Apache Tika library
LDEV-2764 - Allow Query to return a 1-record Struct
LDEV-2772 - add an application setting to disable searching query resultsets for unscoped variables
LDEV-2810 - CFXML error
LDEV-2823 - lucee session databases queries aren’t named
LDEV-2881 - Add iso format for DateTimeFormat
LDEV-2883 - Add support for the Argon2 hashing algorithm
LDEV-2885 - Can’t copy file
LDEV-2888 - local lucee docs doesn’t use member-position for object methods
LDEV-2898 - Seemingly random but regular lucee.runtime.exp.TemplateException: lucee.transformer.library.tag.TagLibException popping up
LDEV-2903 - Parallel processing array.each() duplicates tmp-xxx.upload files on every loop, crashing the server
LDEV-2912 - Add attribute directory to cfexecute
LDEV-2920 - cfqueryparam list throws cryptic exception
LDEV-2926 - Mail leaks server information in Message-ID
LDEV-2927 - Web admin panel displays incorrect datasource host
LDEV-2928 - code change affects already loaded components
LDEV-2932 - component looses static functions
LDEV-2933 - Oracle transaction isolation bug
LDEV-2934 - ParseNumber has no default radix
LDEV-2937 - add possibility to configure the maximal lifetime of a datasource connection
LDEV-2943 - add maximum lifetime timeout for datasources
LDEV-2945 - CFMAIL doesn’t default type to plain text when empty
LDEV-2950 - reFindNoCase does not return subexpression
LDEV-2960 - Showing wrong exception using cfadmin - getdefaultSecurityManager function
LDEV-2961 - PassBy=“value” doesn’t duplicate entire structure
LDEV-2971 - array.append with merge with non array fails silently
LDEV-2977 - administrator.cfc updateMapping()
LDEV-2978 - Administrator.updateDatasource() issues creating MSSQL datasource
LDEV-2988 - Missing “debugging.implicitAccess” variable in debug template
LDEV-2990 - Application.log missing
LDEV-2992 - Add enabled attribute to cfdump
LDEV-2993 - SameSite for CFCookie doesn’t send None values
LDEV-2998 - cfhttp result cookie query resultset doesn’t contain a samesite column
LDEV-3001 - Application log missing application name
LDEV-3009 - add support for Java Regex
LDEV-3010 - queryparam measures maxlength based on character length instead of byte length
LDEV-3016 - clicking an admin update notification should auto select the latest version
LDEV-3017 - the word blacklist is offensive and should not be used
LDEV-3018 - File uploads doesn’t support allowedExtensions or strict=“false”
LDEV-3019 - add possibility to add a cpu/memory/concurrent request threshold for request timeout
LDEV-3023 - XSS in REST error handler
LDEV-3026 - ListAsArray.containsAll() invokes List.contain() method instead of List.containsAll()
LDEV-3036 - Hang: Log4JEngine: failed to stop thread. Conflict in same thread
LDEV-3040 - GetTagData should return the tag attributes in an ordered struct
LDEV-3042 - Query of Query performance is very bad and single threaded for complex SQL
LDEV-3054 - Setting enablenullsupport in cfapplication tag throws NoSuchMethodError
LDEV-3062 - add sessioncookie support for path attribute
LDEV-3066 - ReReplace regression
LDEV-3074 - debugging template is called redundantly after a cfcontent tag
LDEV-3075 - Remove support for pack200
LDEV-3083 - regression, logging from thread doesn’t work
LDEV-3101 - Allow initially missing application defined mapping physical paths to be re-checked
LDEV-3111 - nullPointerError
LDEV-3122 - add nameconflict=“forceunique” for file uploads to use a filename with a uuid
LDEV-3124 - Datasource timeout (isvalid()) checks can completely lock connection pool
LDEV-3126 - Allow Controler validation of datasource connections to be disabled
LDEV-3143 - cfqueryparam Should Accept datetime type as alias to timestamp
LDEV-3147 - ACF2021 - add function ClearTimeZone
LDEV-3149 - ACF2021 - add member function toJson
LDEV-3155 - REST errors do not trigger Application.onError()
LDEV-3163 - cache connection not get updated with deployment
LDEV-3167 - since toJson function, wrong available functions on error with unknown function
LDEV-3185 - csrfGenerateToken() returns an empty string
LDEV-3210 - Heap memory gradually increases after complex use of ArrayEach() with parallel threads
LDEV-3211 - regression with LDEV-2810

Contributors

Our thanks goes to all Contributors for this release candidate:

  • John Bampton
  • Mircea Botex
  • Ben Bluemel
  • Andrew Dixon
  • kaputotx
  • Michael Offner
  • Eric Peterson
  • Pothys Ravichandran
  • Andreas Ru
  • Igal Sapir
  • Zac Spitzer
  • stillnet
  • Brad Wood

Regressions?

If you encounter any regressions with this release candidate, please first post to the mailing list at https://dev.lucee.org, or raise a ticket with https://bugs.lucee.org and the label “regression”, we will look into it with the highest priority.

cfexecute directory="#GetTempDirectory()#" throws error
https://luceeserver.atlassian.net/browse/LDEV-3117

Increased CPU usage (+40%) - due to scheduled task threads
https://luceeserver.atlassian.net/browse/LDEV-3214

Regression: Closure in static method calling another static method causes request to hang when run in parallel
https://luceeserver.atlassian.net/browse/LDEV-3221

org.objectweb.asm.MethodWriter.a - Method code too large!
https://luceeserver.atlassian.net/browse/LDEV-3093

10 Likes

Wow, huge list of tickets and lots of contributors. Good work, team!

6 Likes

Wow! I just realized I made it to that list with my humble contributions. Feeling very proud to see my name along with my cfml heros. Really motivating! Just did a screenshot :slight_smile:

3 Likes

Mate, I count you as one my cfml heros too!

Thank you for all your contributions helping out people in the community here!

3 Likes

This looks awesome!!

Very important to point out that writelog(“foo”) by design no longer outputs to Application.log by default.

This may be important to some people.

@thefalken This issue was fixed several versions ago. Could you please see here, [LDEV-3081] writeLog() does not write to application log (regression since Lucee 5.3.7) - Lucee :slightly_smiling_face:

Does this now then spam the application.log with internal details like “check size of directory” which was why it was initially changed ?
There were some many bugs around logging I may have lost track.

Doesn’t appear to…