FilegetMimeType() seems like it has history with office docs - https://luceeserver.atlassian.net/browse/LDEV-1549 - the issue I'm experiencing is similar, but not... A recent security scan pointed out that we are accepting files with incorrect extensions, like a .pdf with a .png extension. I found FilegetMimeType() and 'fixed' the issue but 'proper' testing has found that for office documents labelled as something else FilegetMimeType() will return the mime type of the file extension rather than of the file itself. So, for a .docx labelled as a .pdf "application/pdf" and as a .jpg "image/jpeg". I've tried .docx, .doc, .pptx, .ppt, .xls and .xlsx and all exhibit the same issue. Does anybody have any ideas? Or is it simply a bug? Thanks!

Tested on Lucee 5.3.9.141 but in Dev I am running Lucee 5.3.10.84-SNAPSHOT - the results are the same.

^^ threads plz

ehCache extension 2.10.0.33-SNAPSHOT is available for testing https://dev.lucee.org/t/improving-the-ehcache-extension/10326/2

Hi guys, once again, love the work… could I ask if there what level of importance the Lucee team is putting on Java 17 support ?

Is there a way to override a built in tag in Lucee? I'd like to have Lucee log the file & line number of <cfabort/> when encountered. We have some cfaborts somewhere that are sometimes getting triggered and I don't know where they are.

Is there an explainer page somewhere on why there is a Lucee 5.9.x path, a Lucee 5.10.x path and a Lucee 6.x (beta) path. And which one we should be using. (5.9.x or 5.10.x) Sorry if this somewhere obvious, but i can’t find it.

Lucee 5.3.9.166. Memory heap is always growing until achieve maximum. See FR screen I run it under Commanbox:

{
  "jvm": {
    "args": "-javaagent:C:\\FusionReactor\\instance\\evolve\\fusionreactor.jar=name=evolve,address=8098",
    "heapSize": "3000"
  },
  "profile": "production",
  "trayEnable": "false",
  "web": {
    "AJP": {
      "enable": "true",
      "port": "8901"
    },
    "host": "127.0.0.1"
  }
}

ACF 2016 looks different Should I use some special JVM arguments?

here's an interesting bug we just discovered which was lurking since 2015.... default CFID expire time is only 20 days https://luceeserver.atlassian.net/browse/LDEV-4274

Since we just recently fully migrated to Lucee, I wanted to see if there was anything built-in goodness that might help with a problem I'm working to solve. We have a reporting engine that can end up producing really large amounts of data. Today we're buffering the output into memory, but that can lead to JVM memory issues, so I was going to refactoring things to buffer the output to file system instead. I know I can just append to a file or use Java to create a file stream, but I wasnt' sure if there was anything more baked into Lucee which I should be looking at using.

Who's played with the latest 5.3.10-RC2 ? I just knocked up somethign to make playing with cofig import easier https://dev.lucee.org/t/announcing-lucee-5-3-10-94-rc-2/11488/3?u=zackster

We recently ran into several timeout errors when performing S3 operations using the built in file functions (listing files in a directory, checking if a file exits etc). It hinted towards certain requests waiting for a lock to be released. A restart of lucee fixes the problem until it randomly crops up again. Has anyone else run into something like this? Any suggestions on how to address it?

is there a utility or commandbox tool to generate lucee encrypted passwords for dsns without running a lucee instance with the admin and then getting those details from the admin ui?

there's a

toBase64

, is there a

fromBase64

?

There was recent talk of pulling all the libraries in Lucee to match them up against known vulns. Ortus has a gov client who helped us get a huge scan done on Lucee that tagged 161 known vulns in it's 3rd party libs I've documented them all here in a ticket https://luceeserver.atlassian.net/browse/LDEV-4279 Please make some noise to get these addressed. They are preventing us from using Lucee in DOD shops basically due to the number of unpatched vulns. Just updating EHCache will take care of most of the critical ones!

Question: Why would a MSSQL query that typically takes about 17s, returns 14 rows, 9 columns - nothing special... takes 743s when using queryExecute? Lucee 5.3.7, 5.3.8, 5.3.9 affected

The cfquery not working it gives an error “java.lang.NullPointerException|java.lang.NullPointerException”

what is the solution to this problem?

this is my lucee version

@zackster Any thoughts on this thread: https://dev.lucee.org/t/change-the-output-stream/10956/3 It's related to the post I had the other day. Trying to figure out a way to get Lucee to redirect the output stream to the FS, instead of writing to a StringBuilder and buffering in memory. The JSP spec indicates the

PageContext

should have a

pushBody(Writer writer)

method should be implemented that would allow you to change the writer being used, but Lucee does not actually implement in

PageContextImpl

. It has it's own

pushBody()

method, which does not allow arguments and handles managin a

BodyContentStack

object. I tried using reflection to see if I could override things, but it's protected and the JVM isn't letting me get the

PageContextImpl

writer instance. Have any thoughts on how I might be able to do this?

thanks to @dswitzer we have a feature update for the EHCache extension, plus an update to address a CVE https://dev.lucee.org/t/ehcache-extension-2-10-9-2-snapshot-cve-2019-20330/11522

Anyone got around to testing the 5.3.10.94-RC? We'd like to release this week....

Would anyone have any recommendations for storing sessions in aws managed services?

I’m guessing best practice is redis Elasticache non clustered with the lucee provided extension and then upgrade to the Ortiz extension if you need clustered. I’m just curious if the are any specific gotchas

Having an issue w/ Lucee not processing password file. I have a password file here "D:\lucee\tomcat\lucee-server\context". Clicking import just wraps back around to the same screen. Any idea?

i have this date in cfparam

<CFPARAM NAME="FromDate" default="#dateformat(StartDate,"dd/mm/yyyy")#">

but the date is coming as:

1/01/2022

, how can if i that one, it should display me

01

instead of just one. i am using cf2021

this is my test case, seems working well, but not sure why in my code it is displaying the 1 instead of 01 https://trycf.com/gist/d9ff9aa9ef685b342883747d52bd581c/acf2021?theme=monokai