Both Lucee and Oracle have released security updates that may be needed
to be applied to your server.

Lucee has released a security patch “to fix an XSS vulnerability found
in the default error and debug templates”.
To update Lucee, simply run the updater from the Lucee Admin to version:
4.5.1.024 (stable branch), 4.5.2.017
(development branch) or 5.0.0.98 (beta).

You can read more about it at the following URL:
http://lucee.org/blog/new-lucee-security-patch-available.html

If you’re using Railo, you may want to upgrade to Lucee to take
advantage of these security updates.

Oracle has released a security update for Java:
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html#AppendixJAVA
This update addresses 25 vulnerabilities of which 5 have the potential
to be exploited in server side java deployments.
Oracle has released Java 8 update 65 to address these vulnerabilities,
they have also released Java 8 update 66 which includes both
the security fixes and some new bug fixes. You can find a listing of
bugs fixed in each update here:
http://www.oracle.com/technetwork/java/javase/documentation/8u-relnotes-2225394.html
If you have any questions, please submit a support request