Fixed
Details
Assignee
Pothys - MitrahSoftPothys - MitrahSoftReporter
Michael OffnerMichael OffnerLabels
New Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue
Sprint
NonePriority
New
Details
Details
Assignee
Pothys - MitrahSoft
Pothys - MitrahSoftReporter
Michael Offner
Michael OffnerLabels
New Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue
Sprint
None
Priority
Created 6 November 2024 at 10:51
Updated last week
Resolved 8 November 2024 at 11:52
To enhance configuration flexibility, we are adding a setting that controls whether Lucee is permitted to execute precompiled bytecode files (.cfm) directly. By default, Lucee will allow direct execution of bytecode; however, this new setting provides administrators with the option to disable this feature if preferred.
Implementation Details
A new system property and environment variable,
lucee.compiler.block.bytecode
(orLUCEE_COMPILER_BLOCK_BYTECODE
for environment variables), will allow direct bytecode execution to be toggled on or off.Example Configuration:
To block direct bytecode execution, set:
System property:
-Dlucee.compiler.block.bytecode=true
Environment variable:
LUCEE_COMPILER_BLOCK_BYTECODE=true
Error Handling: If the setting is enabled and direct bytecode execution is attempted, Lucee will throw a
TemplateException
with a message that includes guidance on how to adjust the configuration. The exception will read:Motivation
This update supports environments where control over bytecode execution is a priority, offering administrators enhanced configurability to tailor execution behavior as needed.