Newer version of Javamail? Message-Id leaks user/hostname of Java process

The mail engine of Lucee uses an older version of JavaMail. The mail Message-Id leaks the current user/hostname of the Java process. This issue has been resolved in JavaMail 1.5.3.

Is there any plan of migrating to a newer version?


Lucee isn’t always good about upgrading java libs if the current version is working fine. Please put a ticket in JIRA to bring this to the attention of the dev team and if there is a security fix brought about by the new javamail version, please mention that as well in the ticket.

Hi Brad,

Thanks for your reply! I created a Jira ticket: EHIB-29

You might want to migrate or copy that to the LDEV project instead.

Thanks Geoff, they migrated it to