Issues
- path outside mapping not correctly resolvedLDEV-5437
- Properly Scope Internal Tag Variables in Lucee FunctionsLDEV-5416Michael Offner
- remove support for loginStorage="cookie" and sessionStorage="cookie"LDEV-5403Pothys - MitrahSoft
- Change Application.log log level default to ERRORLDEV-5366Resolved issue: LDEV-5366Michael Offner
- allow auto session rotate on unknown session cookie (disabled)LDEV-5304
- LSparseDateTime() tests failing since java 21.0.6.7 update / IANA TZ Data 2024bLDEV-5279Zac Spitzer
- enable lucee.security.limitEvaluation by default for Lucee 7LDEV-5177Resolved issue: LDEV-5177Zac Spitzer
- enable quoted-printable for CFMAIL by default for Lucee 7LDEV-5176Resolved issue: LDEV-5176Zac Spitzer
- default to lucee.url.encodeAllowPlus=true for Lucee 7LDEV-5174Resolved issue: LDEV-5174Zac Spitzer
- Separate Request Scope from HttpServletRequest Attributes with Configurable OptionLDEV-5148Michael Offner
- by default only look for Application.cfcLDEV-5042Resolved issue: LDEV-5042Michael Offner
- Implement all the "FUTURE" marksLDEV-4909Michael Offner
- QoQ doesn't handle | and * correctly in LIKE expressionsLDEV-4829Resolved issue: LDEV-4829Pothys - MitrahSoft
- Regression: Lucee 6 not finding/reading component mapped archive filesLDEV-4772Resolved issue: LDEV-4772Pothys - MitrahSoft
- unbundle hibernate from standard distribution 6.0LDEV-4606Resolved issue: LDEV-4606Zac Spitzer
- ListFirst() function not compat with acfLDEV-4596
- Types specified by `queryNew` are ignored when populating dataLDEV-4564Resolved issue: LDEV-4564Michael Offner
- All Breaking Changes in Lucee 6.0 (implemented / scheduled )LDEV-4534Resolved issue: LDEV-4534
- don't accept strings of format “m d" as valid datesLDEV-4506Resolved issue: LDEV-4506Pothys - MitrahSoft
- stop queryparam casting empty string values to null, except for varcharLDEV-4410Resolved issue: LDEV-4410Pothys - MitrahSoft
- directoryList() - UDF filter arguments incompatibility with ACFLDEV-4393Resolved issue: LDEV-4393Pothys - MitrahSoft
- Lucee parses empty WDDX differently than AdobeLDEV-4392Resolved issue: LDEV-4392Pothys - MitrahSoft
- web accessible mappings should be case sensitiveLDEV-4351
- FileWriteLine uses wrong line seperator on windowsLDEV-4332Resolved issue: LDEV-4332
- Remove Lucee DIALECT in 6.0LDEV-4327Resolved issue: LDEV-4327Michael Offner
- Hash numIterations is not compatible with Adobe CFLDEV-4243Michael Offner
- Incompatibility - cffile action=upload attemptedserverfile key returns a different result than ACFLDEV-4201Resolved issue: LDEV-4201Pothys - MitrahSoft
- add cachedWithin support for custom tagsLDEV-4164
- change hash quick to throw when numIterations > 1 instead of loggingLDEV-4154Michael Offner
- GetBuiltInFunction() add throwOnError argumentLDEV-4134
- remove old extensions from default install (chart,lucene,form,ajax,axis) (saves 10.4MB)LDEV-4072Resolved issue: LDEV-4072
- arrayEach/Reduce ignores elements with null valuesLDEV-4023Michael Offner
- cfcontent with a file url which returns a 403 doesn't throw an exception / fileExists returns trueLDEV-3947Resolved issue: LDEV-3947Pothys - MitrahSoft
- Array.every incompatibility with ACFLDEV-3873Michael Offner
- Adobe QoQ supports MSSQL [] regex char sets in LIKE operatorLDEV-3826Resolved issue: LDEV-3826Pothys - MitrahSoft
- SELECT DISTINCT with ORDER BY in QoQ incompatibility - ACFLDEV-3822Resolved issue: LDEV-3822Brad Wood
- FormatBaseN() returns different values in Lucee compared to ACFLDEV-3776Resolved issue: LDEV-3776Pothys - MitrahSoft
- String member functions assume list instead of char array like AdobeLDEV-3747Resolved issue: LDEV-3747Michael Offner
- DollarFormat incorrect negative values on Java 11LDEV-3743Resolved issue: LDEV-3743Pothys - MitrahSoft
- cfcontent delivers wrong content-typeLDEV-3742Resolved issue: LDEV-3742Michael Offner
- invoke function doesn't support same scope callsLDEV-3714Resolved issue: LDEV-3714Pothys - MitrahSoft
- cfhtmlhead ignores body content with text attributeLDEV-3618Resolved issue: LDEV-3618Pothys - MitrahSoft
- Character is not considered simple according to isSimpleValue()LDEV-3598Resolved issue: LDEV-3598Pothys - MitrahSoft
- Query.addRow not compatible with ColdFusionLDEV-3581Resolved issue: LDEV-3581Pothys - MitrahSoft
- DirectoryRename should return the new path, not voidLDEV-3453Resolved issue: LDEV-3453Pothys - MitrahSoft
- Disable XML entities by default against XXE in Lucee 6.0 & 5.4LDEV-3451Resolved issue: LDEV-3451Pothys - MitrahSoft
- Change session cookie defaults to be secure in Lucee 6 (samesite=lax, httponly=true)LDEV-3448Resolved issue: LDEV-3448Pothys - MitrahSoft
- cflocation change addToken to default to false for Lucee 6LDEV-3437Resolved issue: LDEV-3437Zac Spitzer
- deserializeJSON an empty string dont throw errorLDEV-3413Resolved issue: LDEV-3413Pothys - MitrahSoft
- Do not store empty session/client scope to storageLDEV-3340Resolved issue: LDEV-3340Zac Spitzer
50 of 69
path outside mapping not correctly resolved
Description
Environment
None
Details
Assignee
UnassignedUnassignedReporter
Michael OffnerMichael OffnerPriority
NewLabels
New Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue
Details
Details
Assignee
Unassigned
UnassignedReporter
Michael Offner
Michael OffnerPriority
NewLabels
New Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue
Created 26 March 2025 at 16:33
Updated 26 March 2025 at 17:36
Activity
Show:
Michael Offner26 March 2025 at 16:34
this could causes issue for relpath overlap existing mapping, this is very rare and most likely not really affect anybody.
in case you have a realpath in a mapping from a cfile tag or cfinclude, Lucee resolves this relative to the current mapping, instead Lucee should take a step back and resolve it against all mappings.