Security in IC 2.0 vs IC 3.0
We take security very seriously, and we continue to address all vulnerabilities in IC2 as they become known to us. You can be confident that any current, actionable security issues in the product or its dependencies are patched and maintained.
That said, IC2 relies on several older technologies that are approaching the end of their long‑term support cycles:
- Lucee (CFML engine) – IC2 currently uses Lucee 5.4.x, which is nearing end of support. Since Lucee runs on Java, its security profile depends heavily on keeping that underlying stack updated. Our upcoming release adds support for Lucee 7, but the CFML ecosystem as a whole is becoming more limited in future security and platform support options.
- Elasticsearch – IC2 uses a version that will require an upgrade in the near future to stay within a well‑supported, fully patched release line.
Neither of these components is currently known to be vulnerable, and we continue to maintain and secure them. However, due to their age and shrinking long-term support runway, we strongly recommend planning a transition to IC3.
IC3 was built from the ground up on modern, widely supported technologies (.NET, SQL Server, MudBlazor), which ensures a much broader and longer-lasting security support landscape. It also allows us to deliver faster security updates, improved hardening, and more robust architectural protections moving forward.
In short:
✅ IC2 remains secure today, and we continue to support it.
🔒 IC3 is the more future‑proof choice, designed with modern security standards and long‑term sustainability in mind.