Both Lucee and Oracle have released security updates that may be needed
to be applied to your server.
Lucee has released a security patch “to fix an XSS vulnerability found
in the default error and debug templates”.
To update Lucee, simply run the updater from the Lucee Admin to version:
4.5.1.024 (stable branch), 4.5.2.017
(development branch) or 220.127.116.11 (beta).
You can read more about it at the following URL:
If you’re using Railo, you may want to upgrade to Lucee to take
advantage of these security updates.
Oracle has released a security update for Java:
This update addresses 25 vulnerabilities of which 5 have the potential
to be exploited in server side java deployments.
Oracle has released Java 8 update 65 to address these vulnerabilities,
they have also released Java 8 update 66 which includes both
the security fixes and some new bug fixes. You can find a listing of
bugs fixed in each update here:
If you have any questions, please submit a support request