There's a security patch for Lucee released today, and if you're running Lucee 4.5, you really must apply it.
Update:Actually don't do what I say here. LAS have ballsed-up and rolled this critical fix in with a bunch of other fixes, and as a result, I can't confidently say you should automatically apply this fix. The fix they're espousing needs to go through full regression testing on your system, rather than being a quick fix: I know of at least one upgrade that has failed because of this. I'm fucked off about having delivered this message and the having to back out of it, and I am following it up.
Lucee have released a blog article about it: "Lucee Stable Release - Security Update Included", and the executive summary is:
Today Lucee would like to announce the latest 4.5 stable release and point out that this release includes a very important security update, so we are recommending that you update to this release as soon as possible. We are however not releasing details of the security issue at this time for several reasons.