While Lucee is not affected by the recent Tomcat CVE, we are rolling out a 5.4.7 LTS release with the latest versions of Tomcat (9.0.102) and Java (11.0.26-4), plus an update to the bundled cacerts (root certificates for TLS/SSL etc) just to keep your infosec team happy!
Lucee 6 uses the JVM’s bundled cacerts by default, so it doesn’t need cacerts to be updated.
Huh? if you are seeing some cfhttp calls failing with 5.x, this will solve your problem
As per our Roadmap, 5.4 is in LTS mode and is no longer being maintained, except for security updates like this, it’s time to start planning your upgrade to 6.2
The upgrade is worth it, Lucee 6.2 is way faster than 5.4
