Introducing Swansea Jack (Lucee CFML 6 announced)
During the 2018 CFCamp in Munich, a bombshell was dropped.
That bombshell, of course, is the announcement of Lucee 6. I know this will come as surprise to some, but most Lucee users probably have been excited for the past few weeks.
What Can We Expect from Lucee 6?
Lucee users should be really excited about what’s going to be released with this new version. Although the info is limited at this time, we do have a sneak peek at what to look forward to.
You see, Lucee 6 is an upgrade on all levels. Lucee is being used more and more for various operations such as:
Fundamentally, Lucee is a Java servlet. Always has and always will. That’s not going to change. But these new working environments have some new requirements that must be met. Lucee must become faster, more efficient, and more adaptable.
The Lucee team rose to the challenge and responded in kind. Here is a list of changes straight from Gert Franz and Michael Offner on the Lucee team.
- Improve the Startup Time < 0.5s
- Improve the Existing Serverless Deployment (JSR 223)
- Introduce Headless Deployment for AWS Lambda
- Add Built-In Support for syslog
- Add a Default Log Appender which is the Fallback if not configured.
- Startup with only One Context
- Native Support for cfconfig
All of these sound pretty awesome. Particularly for those who interact with Lambda or Adobe ColdFusion. A headless deployment with AWS Lambda would significantly increase agility. This has one Lucee user stating,
“The introduction of a headless package via Lambda COMPLETELY changes the game and future-proofs CFML for the foreseeable future. Fantastic work!!! Can’t wait to get the manageless microservicing going with Lucee!!”
Those interacting with ACF will greatly appreciate the native support now for cfconfig.
All in all, these are some real premium upgrades.
But that’s not all!
Lucee is packing more heat with even more upgrades coming.
- Hibernate Upgrade
- Event Driven Architecture
- New Operators
- Improved Functionality of Futures and Promises
- Brand New Native Support for JavaStreams
Lucee 6 Security Upgrade
Lucee is also getting a security overhaul. Their goal is to not only block external attacks but to prevent attacks from within. This is why Lucee is implementing the following:
- Lockdown Settings for Administrators
- The Use of Lucee will now be Disguised
- Individual CFTOKEN or CFID Names
- Introduction of a Password Vault
Lucee will also be gaining a quarantine mode. According to a 2016 Lucee Docs post, Gert Franz lays out exactly what the Quarantine Mode does, advantages of, and disadvantages.
First, what does it do?
It allows Lucee to be run in a READONLY way. This means that Lucee will actually stop compiling CFM files on a production server . protecting you from upload exploits. Only code that you trust will be executed on your server.
Pros and Cons of Lucee Quarantine Mode
- No editing of files on the live server anymore
- No source file on the server anymore
- Attackers can’t upload their own malicious code (unless they have the private key and to tool to encrypt class files)
- No real performance hits (only on the first read, but neglectable)
- Additional hardening of the live server
- No editing of files on the live server anymore
- Updates are a little more complicated
- Small performance hit
- Error handling a little more complex (no stack trace in the error messages, as the source files, normally are not on the server anymore)
In a nutshell, this new Lucee version is really going to do wonders for not just Lucee users, but all CFML developers.
For those interested, here’s a brief synopsis of where Lucee chose the name for their latest edition and why!
Who was Swansea Jack?
Swansea Jack–or Jack– was flat-haired retriever (locally called Newfoundland dogs) born in 1930. Jack lived near the docks and riverbanks of Swansea, Wales with his master William Thomas. And Jack did something incredible during the summer of 1931.
A small boy had fallen into the river and began to drown. Hearing his cries for help, Jack dove into the water and retrieved the boy. Jack had saved the boy from drowning. Now, this incident went largely unreported. However, Jack did not go unnoticed for long.
A few short weeks later, Jack had done it again. He had rescued another swimmer, yet this time in front of a crowd. Over his life-saving career, Jack pulled 27 individuals from the docks and banks of the River Tawe.
In 1936, Jack was awarded the “Bravest Dog of the Year” award from the London Star. He also accomplished a feat that is unrivaled to this day. Jack is the only dog to ever receive two bronze star medals from the Canine Defence League (presently known as Dogs Trust). He was also awarded a silver cup from the Lord Mayor of London.
During the October of 1937, Jack fell ill and died after eating rat poison. But with Jack’s passing, his legacy only grew and became cemented in local history.
Jack was a tremendous dog, and Lucee 6 is honored to share his namesake.
And to continue learning how to make your ColdFusion apps more modern and alive, I encourage you to download our free ColdFusion Alive Best Practices Checklist.
Because… perhaps you are responsible for a mission-critical or revenue-generating CF application that you don’t trust 100%, where implementing new features is a painful ad-hoc process with slow turnaround even for simple requests.
What if you have no contingency plan for a sudden developer departure or a server outage? Perhaps every time a new freelancer works on your site, something breaks. Or your application availability, security, and reliability are poor.
And if you are depending on ColdFusion for your job, then you can’t afford to let your CF development methods die on the vine.
You’re making a high-stakes bet that everything is going to be OK using the same old app creation ways in that one language — forever.
All it would take is for your fellow CF developer to quit or for your CIO to decide to leave the (falsely) perceived sinking ship of CFML and you could lose everything — your project, your hard-won CF skills, and possibly even your job.
Luckily, there are a number of simple, logical steps you can take now to protect yourself from these obvious risks.
No Brainer ColdFusion Best Practices to Ensure You Thrive No Matter What Happens Next
Modern ColdFusion development best practices that reduce stress, inefficiency, project lifecycle costs while simultaneously increasing project velocity and innovation.
√ Easily create a consistent server architecture across development, testing, and production
√ A modern test environment to prevent bugs from spreading
√ Automated continuous integration tools that work well with CF
√ A portable development environment baked into your codebase… for free!
Learn about these and many more strategies in our free ColdFusion Alive Best Practices Checklist.
Originally published at teratech.com on December 18, 2018.