While I mainly use Adobe ColdFusion, I do maintain several Lucee installs - most of which are running on auto-pilot and/or hosted/configured/maintained by the host. However, when I first heard of the Lucee vulnerability on the Modernize or Die podcast, I decided to take an inventory of where I was using Lucee to see what needed upgrades and patches. Lucee patches for this vulnerability are,, and I was running This Lucee install was woefully out of date, so much so that an update for 4 was not listed. Indeed, a comment from Zac Spitzer indicated that 4.5 was probably not affected. Nevertheless, it was time to upgrade.