Remaining 2017 Development Schedule


Hi again, Lucee-ers (“loo-SEE-ers?”).

As we’re now in the 4th quarter of 2017 (!!), I wanted to share another update about the Lucee release schedule. It’s been a very busy year of development, as planned. With the end-of-year holidays coming up, along with other things we planned for like vacations and such, but also because it’s been such a busy development year, we’re going to slow the pace of Lucee development for the remainder of 2017, so that we can start to reflect more on 2017 efforts, and most importantly plan for an even better 2018.

Accordingly, we’re going to delay the next batch of releases just a bit. We’re putting final touches on 5.2.4 now, and the final release will be ready over the next week or so (any customers needing 5.2.4 urgently can get an immediate build). And 5.2.5-RC will come out around that same time. We’ll aim to make 5.2.5 a final release around Dec. 1, but we’re likely not putting out a release candidate on Dec. 1. Instead, we’ll be shifting focus to some other important efforts as we wrap up Lucee development for 2017, like putting in some planning time for the next minor version (5.3), establishing more/better collaboration with our community with regard to the overall Lucee roadmap, and clarifying the process for communicating about security vulnerabilities specifically. We’ll be working on other “cleanup” efforts, too, like continuing to refine the build processes, review Jira workflows, etc.

We’ll share more updates from the development team when we ship 5.2.4-final and 5.2.5-RC later this month, and when we post 5.2.5-final in Dec. We’ll also have some end-of-year retrospectives (e.g., taking score as compared to our Lucee 2017 Development Plans), and some other missives, too, so stay tuned.

Thanks as always for listening, and please do keep the questions/comments coming.


in terms of bug fixes for 5.2.x is it too late for this one to be addressed?

CSRF functions are restricted to CF Sessions

The default session type in Lucee is “cfml”. This often causes issues for Lucee servers running in Docker containers. If you use CFML sessions you should set the session type to “j2ee” in a Lucee configuration file or Application.cfc.



Hey Zac. Definitely not too late for a 2017 release. I’ve labeled that ticket for sprint review, and I’ve also flagged your note here. Stay tuned to the ticket for updates. Thanks for the heads-up.


@IamSigmund - Probably need to address at the same time, which was previously marked as fixed but the test case was wrong. I believe the test case has been updated, so it should be good to go.


Hi @IamSigmund I will make another plug for my favorite bug: LDEV-1267 :slight_smile: . I would love to see that fixed - it is super annoying to me since it is a regression and breaks my existing code, hampering any version updates.

Announcing Lucee 5.2.5 (Final)

Hi @IamSigmund,

I will try my luck with the next sprint, too :slight_smile: No, just kidding. It would be cool, if could be adressed in 2017, since this is blocking us to move forward to Lucee. We have to stick to Coldfusion at the moment, cause we make heavy use of procedures with # as package synonyme, which is impossible to refactor.

Thanks in advance for the good work, I really appreciate the efforts to be more transparent and community-driven. Keep up this work!


Is downloading all updates and extensions over SSL on the radar?


Hi Zac. Yes, that is indeed on the radar. Part of the infrastructure updates we’re planning for next year. Thanks for the reminder.


one more regarding debugging

Query times are always reported as 0 under Execution time for components
cached in the application scope


Thanks, John. That one’s already under investigation, along with being flagged for an upcoming sprint (not to mention it’s a blocker). All point to a really good chance for inclusion in a near-term sprint/release. Stay tuned to the ticket.


Tagged it. Thx.


Thanks @phal0r. This one is both tagged for an upcoming sprint, and has also been requested for fixing by at least one member organization. Both good signs for a high priority on this one. Keep watch on the ticket.


Thanks for the heads up, @IamSigmund.