Issues
- esapi temp properties should use a instance specific temp dirLDEV-4862Resolved issue: LDEV-4862Pothys - MitrahSoft
- XMLSearch returns empty arrays when lenient=trueLDEV-4781Michael Offner
- decimalFormat wrong roundingLDEV-4776Michael Offner
- function scope context cascading and cfloop queryLDEV-4771Michael Offner
- S3GeneratePresignedURL() function doesn't support the SSE AlgorithmLDEV-4729Michael Offner
- ACF returns a text sorted StructKeyList() / cfloop collection for unordered structsLDEV-4725Michael Offner
- Lucee Request Timeouts can lead to ThreadDeath which cause issues in TomcatLDEV-4696Michael Offner
- Session struct values not correctly syncronized to datasourceLDEV-4683Michael Offner
- Redis Extension v2.9.0.10 does not work with Lucee 5.4.xLDEV-4674Resolved issue: LDEV-4674Pothys - MitrahSoft
- backblaze s3 tests can't delete bucket after testsLDEV-4673Michael Offner
- webp codec doesn't work on arm archLDEV-4626Michael Offner
- applicationStop(). should close ORM sessionsLDEV-4520Michael Offner
- (redis) race between cachePut/cacheGet can result in miswritesLDEV-4413Michael Offner
- false update notification for Lucee MariaDB extension in adminLDEV-4378
- move ldap support into an extensionLDEV-3481
- unscoped access to arguments scope is very slowLDEV-2876Pothys - MitrahSoft
- Extensions should not be restricted to using obscure UUIDsLDEV-2788Pothys - MitrahSoft
- Windows Installer 5.3.4.80 / Ghostcat fix / PerformanceLDEV-2741Michael Offner
esapi temp properties should use a instance specific temp dir
Description
Environment
Attachments
Details
Assignee
Pothys - MitrahSoftPothys - MitrahSoftReporter
Zac SpitzerZac SpitzerPriority
NewLabels
Fix versions
New Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue
Details
Details
Assignee
Reporter
Priority
NewLabels
Fix versions
New Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue
Activity
Pothys - MitrahSoft5 February 2025 at 09:57
I have tested this issue with Lucee version 6.2.0.314-SNAPSHOT. When I tried to use ESAPI with version 2.2.4.18-SNAPSHOT, I found that the esapi.properties and validation.properties files are now located in the server's temp folder.
Michael Offner6 January 2025 at 16:39
Michael Offner6 January 2025 at 16:05
this is global to the JVM, so this only is an issue, when 2 Lucee instances use the same temp directory, best is to use the Lucee server context directory instead of the temp directory.
Pothys - MitrahSoft3 June 2024 at 13:28
I checked this ticket with Lucee version 6.1.0.169-SNAPSHOT. Yes, when using the ESAPI, it uses the "temp\properties\esapi224" folder. From my perspective, ESAPI should use the GUID for the folder name, and will decide about this.
it’s always using C:\Users\zacsp\AppData\Local\Temp\properties\esapi224 for me
this should be at least lucee prefixed and perhaps with the instance guid?
perhaps all the lucee system temp dir usage should be under such a specific folder, to avoid conflicts?