The mail engine of Lucee uses an older version of JavaMail. The mail Message-Id leaks the current user/hostname of the Java process. This issue has been resolved in JavaMail 1.5.3.
Is there any plan of migrating to a newer version?
Thanks
Lucee isn’t always good about upgrading java libs if the current version is working fine. Please put a ticket in JIRA to bring this to the attention of the dev team and if there is a security fix brought about by the new javamail version, please mention that as well in the ticket.
Hi Brad,
Thanks for your reply! I created a Jira ticket: EHIB-29
You might want to migrate or copy that to the LDEV project instead.