New Security Patch Available for Lucee 4.5 and 5.0

Hi All,

There is a new security patch available for Lucee 4.5 and 5.0, details
found here:

Kind regards,

Andrew
about.me http://about.me/andrew_dixon - mso http://www.mso.net - Lucee
Association Member http://lucee.org

Ahh, someone just read the thread we had last time this happened and has
made the blog post more useful :slight_smile:

TomOn Thursday, September 1, 2016 at 12:42:04 PM UTC+1, Tom Chiverton wrote:

On Thursday, September 1, 2016 at 10:38:27 AM UTC+1, Andrew Dixon wrote:

Hi All,

There is a new security patch available for Lucee 4.5 and 5.0, details
found here:

http://lucee.org/blog/new-security-patch-available-for-lucee-4-5-and-5-0.html

There is not enough information here for a security update. How bad is it
? Remote code exec. ? Information leak ?

Where’s the bug ID ?

Tom

There is not enough information here for a security update. How bad is it ?
Remote code exec. ? Information leak ?

Where’s the bug ID ?

TomOn Thursday, September 1, 2016 at 10:38:27 AM UTC+1, Andrew Dixon wrote:

Hi All,

There is a new security patch available for Lucee 4.5 and 5.0, details
found here:

http://lucee.org/blog/new-security-patch-available-for-lucee-4-5-and-5-0.html

Rene, no there is not a patch at this time for the beta. It will get it
eventually, but since everything is very bleeding edge and experimental on
the beta channel, the thought is no one should be using it in production.
Micha can comment on when the beta channel will receive the update.

Thanks!

~BradOn Thursday, September 1, 2016 at 7:57:17 AM UTC-5, René Hochstrasser wrote:

Hi all, is there also a Patch for the Beta 5.1 available ?

Regards
Rene

Am Donnerstag, 1. September 2016 11:38:27 UTC+2 schrieb Andrew Dixon:

Hi All,

There is a new security patch available for Lucee 4.5 and 5.0, details
found here:

http://lucee.org/blog/new-security-patch-available-for-lucee-4-5-and-5-0.html

Kind regards,

Andrew
about.me http://about.me/andrew_dixon - mso http://www.mso.net - Lucee
Association Member http://lucee.org

Hi all, is there also a Patch for the Beta 5.1 available ?

Regards
ReneAm Donnerstag, 1. September 2016 11:38:27 UTC+2 schrieb Andrew Dixon:

Hi All,

There is a new security patch available for Lucee 4.5 and 5.0, details
found here:

http://lucee.org/blog/new-security-patch-available-for-lucee-4-5-and-5-0.html

Kind regards,

Andrew
about.me http://about.me/andrew_dixon - mso http://www.mso.net - Lucee
Association Member http://lucee.org

In updating a couple of Windows servers, the JAR dowloaded as a file
64,146KB in size and Tomcat gave 404 errors any time a page was requested.
Downloading the file a second time, the size was 64,166KB and worked fine.
If you’re experiencing something similar, double-check the size of the
lucee.jar file.
Simon

Mine is 64164 KB. It is running well…

However, I think the attached image is not shown in my previous post…

when I tried to update my Lucee 5, I saw the message

*If this Lucee install is on a Windows based computer/server, please do not
use the updater for this version due to a bug. Instead download the latest
lucee.jar from here http://stable.lucee.org/download/?type=snapshots and
replace your existing lucee.jar with it. This is a one-time workaround. *

So I downloaded the lucee-5.0.0.254-20160829.214414-3.jar and renamed it to
be lucee.jar and replaced the old one.

Now when I login to sever admin, I see the following message:

*A patch (5.0.0.254) is available for your current version
(5.0.0.254-SNAPSHOT). *

https://lh3.googleusercontent.com/-bDRXH8O5P4o/V8muZnvNQeI/AAAAAAAANzY/LqRlQ9FXkM4Rr8IzhCccoDghZwtPsjRTgCLcB/s1600/Lucee%2BServer%2BAdministrator.png

please advise.

Thank you very much

AllenOn Thursday, September 1, 2016 at 10:07:05 PM UTC-4, Simon Goldschmidt wrote:

In updating a couple of Windows servers, the JAR dowloaded as a file
64,146KB in size and Tomcat gave 404 errors any time a page was requested.
Downloading the file a second time, the size was 64,166KB and worked fine.
If you’re experiencing something similar, double-check the size of the
lucee.jar file.
Simon

5.0.0.254 issue… what should I do now??

https://lh3.googleusercontent.com/-X7GexzWje1E/V8jTuzPpZKI/AAAAAAAANzE/rGT7sG-wfRwxrdxGF9mfBRW6h-MsW6SOACLcB/s1600/Lucee%2BServer%2BAdministrator.pngOn Thursday, September 1, 2016 at 5:38:27 AM UTC-4, Andrew Dixon wrote:

Hi All,

There is a new security patch available for Lucee 4.5 and 5.0, details
found here:

http://lucee.org/blog/new-security-patch-available-for-lucee-4-5-and-5-0.html

Kind regards,

Andrew
about.me http://about.me/andrew_dixon - mso http://www.mso.net - Lucee
Association Member http://lucee.org