New Release Candidate (

There is a new Release Candidate ( ) available to download from our download page or via the Lucee Admin.


You can now define a global Proxy in the Lucee admin that is used for all external calls like for example cfhttp, but also by Lucee itself to download Lucee updates or extensions.

Allow ${variable} inside the Lucee config.
You can now define system properties or environment variables in the Lucee configuration (lucee-server.xml,lucee-web.xml) the following way:
The old way ({env:<env-var>},{system:<system-prop>}) is still supported.

Mixed-orientation PDF support
Lucee supports now to have different orientation on single pages in a PDF (portrait, landscape)

Function StructValueArray
This function returns all values of a struct as an array.

Function QuerySetRow
Like QuerySetCell but for an entire row, QueryRowData also now supports returning an array.

Application.cfc setting for searching queries
We added support for the setting this.searchResults to the Application.cfc, that allows to control if Lucee looks in the surrounding queries for a variable or not.

Argon2 Hashing Algorithm
We added the functions Argon2CheckHash and GenerateArgon2Hash that are supporting the Argon2 Hashing Algorithm.

Life timeout for datasources
Next to the already supported idle timeout, we added support for life timeout to datasources, so you can define how long a datasource connection lives overall.

Java Regex
So far Lucee only was supporting the “Perl 5” regular expression dialect, now Lucee also supports the Java dialect.

Request timeout threshold
So far Lucee simply supported a time based request timeout, now you can also define a threshold (CPU,Memory or running requests) for request timeouts. If set, Lucee will only kill a request when the defined threshold is reached.

Query of Query performance improvements
Query of Query has been drastically improved (but only for queries without joins)

CFMAIL Validation changes
Previously, CFMAIL only validated email addresses when spooling, it now validates immediately and will throw an error if basic checks don’t pass.

Debugging Improvements
The debug log viewer allows purging logs
Disabling debugging purges any logs in memory
The debugging template isn’t no longer run after a CFCONTENT (performance)

File Upload nameconflict="forceunique"
For security, the file name for a file upload is never predictable. File uploads also now use a guid suffix instead of a numeric counter.

Parallel Improvements
Memory usage has been reduced for parallel operations

Tickets addressed in this release cycle

LDEV-93 - cfpdf action=“write” fails to preserve info metadata
LDEV-265 - Static variable values seem to occasionally “reset”
LDEV-784 - CSRFverifyToken() does not work when this.sessionCluster = true
LDEV-946 - Always include functions and properties in CFC metadata
LDEV-1114 - Proxy settings in server admin broken
LDEV-1162 - allow to set a general Proxy in the admin.
LDEV-1200 - datasource hints don’t include username if password is blank
LDEV-1328 - add optional offset argument to callStackGet()
LDEV-1703 - Add additional extension metadata
LDEV-1724 - Daylight Savings Time, Scheduler, and 100% CPU Usages
LDEV-1746 - Allow ${} in Lucee config files
LDEV-1960 - add a purge debugging logs button/method
LDEV-1997 - getPageContext().getRequest().getRequestUrl() different
LDEV-2087 - Lucee 4 and 5 consumes too much heap memory with large uploads due to bug in
LDEV-2120 - lucee/graph.cfm lack of exception handling
LDEV-2156 - ReMatchNoCase() doesn’t work as expected when handling with vast data
LDEV-2233 - mail spooler still retries mails with a missing from address
LDEV-2234 - cfmail only validates emails when spooling
LDEV-2382 - Query of Query doesn’t return correct results when UPPER() is used
LDEV-2424 - cfpdf action=“getinfo” does not return PageRotations or PageSizes properties
LDEV-2473 - Lucee ignores cfmailparam name=“Message-ID”
LDEV-2480 - cfdocument crashes generating PDF with embedded base64 image in Java 11
LDEV-2483 - snapshot updates aren’t being advertised on admin overview page
LDEV-2518 - when the update provider isn’t accessible, show an error message
LDEV-2528 - Mixed-orientation PDF support
LDEV-2538 - Improve error message - cflocation tag with end tag didn’t work properly
LDEV-2555 - Application action=“update” reverts sessioncluster and clientcluster to false.
LDEV-2556 - Regression: Local images no longer render in PDF in Lucee 5.3+
LDEV-2559 - arrayEach has too much memory overhead from duplicating pageContext
LDEV-2561 - No provider for smtp exception using AWS SES
LDEV-2562 - \WEB-INF\lucee\context\admin\resources\img\arrow-right.gif.cfm not found
LDEV-2595 - file generated by PDF extension is missing an important newline
LDEV-2617 - Change the info in update page - Admin
LDEV-2623 - Encrypted password didn’t showing properly - Admin - Mail
LDEV-2645 - Regression: In Lucee 5.3.3, component Property function does not recognize variables defined at the top of that Component
LDEV-2674 - disabling debugging should purge the debug logs from memory
LDEV-2686 - Add function structValueArray()
LDEV-2689 - Function isValid for URLs does not validate SharePoint/Office365 links properly
LDEV-2712 - shutdown taking 1m
LDEV-2748 - Short-hand component properties parsed incorrectly - regression from 5.3.3
LDEV-2749 - JavaLoader throws exception loading Apache Tika library
LDEV-2764 - Allow Query to return a 1-record Struct
LDEV-2772 - add an application setting to disable searching query resultsets for unscoped variables
LDEV-2810 - CFXML error
LDEV-2823 - lucee session databases queries aren’t named
LDEV-2881 - Add iso format for DateTimeFormat
LDEV-2883 - Add support for the Argon2 hashing algorithm
LDEV-2885 - Can’t copy file
LDEV-2888 - local lucee docs doesn’t use member-position for object methods
LDEV-2898 - Seemingly random but regular lucee.runtime.exp.TemplateException: lucee.transformer.library.tag.TagLibException popping up
LDEV-2903 - Parallel processing array.each() duplicates tmp-xxx.upload files on every loop, crashing the server
LDEV-2912 - Add attribute directory to cfexecute
LDEV-2920 - cfqueryparam list throws cryptic exception
LDEV-2926 - Mail leaks server information in Message-ID
LDEV-2927 - Web admin panel displays incorrect datasource host
LDEV-2928 - code change affects already loaded components
LDEV-2932 - component looses static functions
LDEV-2933 - Oracle transaction isolation bug
LDEV-2934 - ParseNumber has no default radix
LDEV-2937 - add possibility to configure the maximal lifetime of a datasource connection
LDEV-2943 - add maximum lifetime timeout for datasources
LDEV-2945 - CFMAIL doesn’t default type to plain text when empty
LDEV-2950 - reFindNoCase does not return subexpression
LDEV-2960 - Showing wrong exception using cfadmin - getdefaultSecurityManager function
LDEV-2961 - PassBy=“value” doesn’t duplicate entire structure
LDEV-2971 - array.append with merge with non array fails silently
LDEV-2977 - administrator.cfc updateMapping()
LDEV-2978 - Administrator.updateDatasource() issues creating MSSQL datasource
LDEV-2988 - Missing “debugging.implicitAccess” variable in debug template
LDEV-2990 - Application.log missing
LDEV-2992 - Add enabled attribute to cfdump
LDEV-2993 - SameSite for CFCookie doesn’t send None values
LDEV-2998 - cfhttp result cookie query resultset doesn’t contain a samesite column
LDEV-3001 - Application log missing application name
LDEV-3009 - add support for Java Regex
LDEV-3010 - queryparam measures maxlength based on character length instead of byte length
LDEV-3016 - clicking an admin update notification should auto select the latest version
LDEV-3017 - the word blacklist is offensive and should not be used
LDEV-3018 - File uploads doesn’t support allowedExtensions or strict=“false”
LDEV-3019 - add possibility to add a cpu/memory/concurrent request threshold for request timeout
LDEV-3023 - XSS in REST error handler
LDEV-3026 - ListAsArray.containsAll() invokes List.contain() method instead of List.containsAll()
LDEV-3036 - Hang: Log4JEngine: failed to stop thread. Conflict in same thread
LDEV-3040 - GetTagData should return the tag attributes in an ordered struct
LDEV-3042 - Query of Query performance is very bad and single threaded for complex SQL
LDEV-3054 - Setting enablenullsupport in cfapplication tag throws NoSuchMethodError
LDEV-3062 - add sessioncookie support for path attribute
LDEV-3066 - ReReplace regression
LDEV-3074 - debugging template is called redundantly after a cfcontent tag
LDEV-3075 - Remove support for pack200
LDEV-3083 - regression, logging from thread doesn’t work
LDEV-3101 - Allow initially missing application defined mapping physical paths to be re-checked
LDEV-3111 - nullPointerError
LDEV-3122 - add nameconflict=“forceunique” for file uploads to use a filename with a uuid
LDEV-3124 - Datasource timeout (isvalid()) checks can completely lock connection pool
LDEV-3126 - Allow Controler validation of datasource connections to be disabled
LDEV-3143 - cfqueryparam Should Accept datetime type as alias to timestamp
LDEV-3147 - ACF2021 - add function ClearTimeZone
LDEV-3149 - ACF2021 - add member function toJson
LDEV-3155 - REST errors do not trigger Application.onError()
LDEV-3163 - cache connection not get updated with deployment
LDEV-3167 - since toJson function, wrong available functions on error with unknown function
LDEV-3185 - csrfGenerateToken() returns an empty string
LDEV-3210 - Heap memory gradually increases after complex use of ArrayEach() with parallel threads
LDEV-3211 - regression with LDEV-2810


Our thanks goes to all Contributors for this release candidate:

  • John Bampton
  • Mircea Botex
  • Ben Bluemel
  • Andrew Dixon
  • kaputotx
  • Michael Offner
  • Eric Peterson
  • Pothys Ravichandran
  • Andreas Ru
  • Igal Sapir
  • Zac Spitzer
  • stillnet
  • Brad Wood


If you encounter any regressions with this release candidate, please first post to the mailing list at, or raise a ticket with and the label “regression”, we will look into it with the highest priority.

cfexecute directory="#GetTempDirectory()#" throws error

Increased CPU usage (+40%) - due to scheduled task threads

Regression: Closure in static method calling another static method causes request to hang when run in parallel

org.objectweb.asm.MethodWriter.a - Method code too large!


Wow, huge list of tickets and lots of contributors. Good work, team!


Wow! I just realized I made it to that list with my humble contributions. Feeling very proud to see my name along with my cfml heros. Really motivating! Just did a screenshot :slight_smile:


Mate, I count you as one my cfml heros too!

Thank you for all your contributions helping out people in the community here!


This looks awesome!!

Very important to point out that writelog(“foo”) by design no longer outputs to Application.log by default.

This may be important to some people.

@thefalken This issue was fixed several versions ago. Could you please see here, [LDEV-3081] writeLog() does not write to application log (regression since Lucee 5.3.7) - Lucee :slightly_smiling_face:

Does this now then spam the application.log with internal details like “check size of directory” which was why it was initially changed ?
There were some many bugs around logging I may have lost track.

Doesn’t appear to…

Is there a time frame when this might be released ? We’ve got some deploys coming up, and would like the benefit of some of the fixes in this release…

There’s going to need to be a RC2, followed by a release, so probably end of the month

We are working thru the final regressions and polishing a few rough edges

2 Likes is out, release notes tomorrow


Lucee 5.3.8-RC+167 and Lucee Light 5.3.8-RC+167 are published to ForgeBox to facilitate testing.

1 Like

I can’t see the RC2 / +167 release notes anywhere on release - Lucee Dev ?


If you go to and then click on the changelog it is showing up for me. Here’s a list:

Version- Changelogs

LDEV-3430- ORMExecuteQuery() with named argument throws error
LDEV-3244- member function with too many arguments throws incorrect Error
LDEV-3243- Schedule task - action=delete doesn’t throws error for the non existing task
LDEV-3377- tag cfhttp stream support
LDEV-3352- apache commons logging locked
LDEV-3316- test.tags.Query.testQueryParamCharset tests failing on windows
LDEV-3290- Reevaluate performance of locking overhead in pc.initApplicationContext() for every request
LDEV-3287- Unnecessary getRootPath() file system access on every request adds overhead
LDEV-3278- IllegalArgumentException timeout value is negative - using now() on cfschedule tag
LDEV-3275- IsNumeric returns True on strings like “3d” and “6f” (5.3.8 regression!)
LDEV-3266- cflog doesn’t write application name to log
LDEV-3256- web admin-Debugging settings shows Can’t cast String to a boolean error
LDEV-3242- NPE customtag and server.cache in admin (listCTCache)
LDEV-3236- Failed to download the bundle [com.sun.jna:5.5.0] on first start without network connection
LDEV-3221- Regression: Closure in static method calling another static method causes request to hang when run in parallel
LDEV-3214- Increased CPU usage (+40%) - due to scheduled task threads
LDEV-3117- cfexecute directory="#GetTempDirectory()#" throws error
LDEV-2973- Sessiontimeout ignored with J2EE sessions
LDEV-2087- Lucee 4 and 5 consumes too much heap memory with large uploads due to bug in