Recent critical Lucee security vulns: make sure you're protected, finding out more about them

Posted At : February 22, 2024 11:22 AM | Posted By : Charlie Arehart
Related Categories: updates, security, lucee
Comments: (1)

There has been important news released (this week and last week) about a critical Lucee security vuln (an RCS or remote code execution vuln). You'll want to make sure your Lucee instances are protected either by updates or configuration (or both). There are actually 3 matters to beware.

[....Continue Reading....]

Comments (1)

Recording posted for my CF Online Summit talk, "Hidden Gems in CF2023"

Posted At : February 19, 2024 9:10 PM | Posted By : Charlie Arehart
Related Categories: presentations, cf2023
Comments: (0)

Last week (Feb 15) I gave the first talk in the annual Adobe ColdFusion Online Summit for CF2024, and the recording of that session has now been posted by the Adobe CF team (as the first of many such recordings to come).

Description and slide deck/PDF

Recording (see also embedded video below)

Sorry that I didn't get a chance to offer a blog post announcing this talk (or the Online Summit). My wife had some rather significant surgery early last week (planned for, and she's ok), which had me quite busy taking care of her and my work. The announcing of this talk slipped between the cracks (but Adobe had announced it and the Online Summit themselves, of course). I have a few more posts to offer that have been delayed.

About the CF Online Summit

[....Continue Reading....]

Comments (0)

Delighted to be speaking at Into the Box 2024, coming to DC in May

Posted At : January 30, 2024 11:42 AM | Posted By : Charlie Arehart
Related Categories: presentations, performance, monitoring, troubleshooting
Comments: (0)

I'm delighted to announce that I've been selected to speak at Into the Box 2024, in DC, coming up in May. This will be my 5th time presenting at this wonderful event, going back to my first time in 2017.

My talk will be...

[....Continue Reading....]

Comments (0)

Recordings and links for my presentations in Jan 2024, Dec 2023

Posted At : January 26, 2024 11:06 AM | Posted By : Charlie Arehart
Related Categories: presentations, updates, cf2016, cf2021, admin, java, cf11, cf2023, cf2018, lucee
Comments: (0)

I've done a few online presentations in recent weeks, and while I've done a blog post announcing each when it was upcoming, I was torn about also doing a blog post after each, just to mention their recording URL. I don't want people to feel there are "too many" posts. Also, since I use youtube live for the CFMeetup sessions, technically the url for the meeting is indeed the same one to use to view the recording of it: so if you know one, you know both.

But some people seem to notice when news is shared of a recording being made available, so here you go.:-) These are 4 sessions I've done in Jan 2024 and Dec 2023.

[....Continue Reading....]

Comments (0)

Presenting "The Many Capabilities of CF Package Management and cfpm", Thurs Jan 25, Online

Posted At : January 23, 2024 7:45 PM | Posted By : Charlie Arehart
Related Categories: presentations, updates, cf2021, admin, cf2023
Comments: (0)

Do you feel you understand all there is to know about the CF Package Management feature (and cfpm tool), added by Adobe in CF2021? It has far more capabilities than most may realize.

So I'll be presenting a talk on this topic, online this Thursday, at noon US Eastern, on the CFMeetup youtube livestream (which will be recorded). Folks who are members of the Online ColdFusion Meetup will have already gotten email notification about this, including the meeting URL, but for those who are not members here are the details:

[....Continue Reading....]

Comments (0)

Presenting "Updating the Java underlying ColdFusion: considering it, doing it" Thurs Jan 18, Online

Posted At : January 17, 2024 10:15 AM | Posted By : Charlie Arehart
Related Categories: presentations, updates, cf2016, cf2021, admin, java, cf2023, cf2018, lucee
Comments: (0)

As most know, ColdFusion runs atop Java (and has since CF6). Did you know that JVM updates come out quarterly (including one just this week)? While some may find the process of doing them to be "old hat", others are often surprised to discover it's their responsibility to keep that Java updated. And on the surface, "installing Java" is easy--but like so many other things, "the devil is in the details".

So I ~~will be presenting~~ presented a talk on this topic, online ~~this Thursday, at noon US Eastern~~, on the CFMeetup youtube livestream (which ~~will be~~ was recorded). Folks who are members of the Online ColdFusion Meetup will already have gotten notification about this, but for those who are not, here are the details:

[....Continue Reading....]

Comments (0)

Several things to consider when applying updates to Java (aka the JVM, JDK, JRE)

Posted At : January 17, 2024 12:23 AM | Posted By : Charlie Arehart
Related Categories: updates, cf2016, cf2021, admin, cf10, java, cf11, cf2023, cf2018, lucee
Comments: (0)

If you learn there's a new Java update available, it may well be relatively simple for you to apply that update, but if you're running important applications that rely on Java, it's in your interest to give some consideration to various matters related to doing such an update.

And as important, if you may have skipped some Java updates before this one, there are some additional points to consider regarding some potentially important changes in updates you may be skipping.

In this post, I cover several topics in both those areas.

[....Continue Reading....]

Comments (0)

Announcing Java updates of Jan 2024 for 8, 11, 17, and 21: resources and thoughts

Posted At : January 16, 2024 11:41 PM | Posted By : Charlie Arehart
Related Categories: updates, java
Comments: (0)

It's that time again: there are new JVM updates released today (Jan 16, 2024) for the current long-term support (LTS) releases of Oracle Java, 8, 11, 17, and 21.

TLDR: The new updates are 1.8.0_401 (aka 8u401), 11.0.22, 17.0.10, and 21.0.2 respectively). For more on each of them, including what changed and the security fixes they each contain (including their CVE scores regarding urgency of concerns), see the Oracle resources I list below. Oracle calls them "critical patch updates" (yep, CPU), but they are in fact scheduled quarterly updates, so that "critical" nomenclature may sometimes be a bit overstated. Again, more details below. And as is generally the case with these Java updates, most of them have the same changes and fixes across the four JVM versions, though not always.

For some folks, that's all they need to hear. For others, read on.

[....Continue Reading....]

Comments (0)

Home

View all posts

Enter your email address to subscribe to this blog.

Recent Comments

ColdFusion 2025 released, Feb 25 2025: resources and my initial thoughts
Charlie Arehart said: Uday, I assume you're speaking in your role as a member of the cf team. Thanks. But can you clarify ... [more]

ColdFusion 2025 released, Feb 25 2025: resources and my initial thoughts
Uday Ogra said: Christopher, that periodic check in call will be made by running CF server

ColdFusion 2025 released, Feb 25 2025: resources and my initial thoughts
Charlie Arehart said: Christopher, I don't work for Adobe so can't answer that last question. :-) I'm just a messenger, po ... [more]

ColdFusion 2025 released, Feb 25 2025: resources and my initial thoughts
Christopher said: So if I'm understanding the new licensing correctly for those of us who previously would purchase a ... [more]

Easily finding cached/old versions of a site/page when it's down or gone
Charlie Arehart said: I'm sorry to hear of your plight. What you ask is well beyond the scope of this post, but I realize ... [more]

Calendar

Sun	Mon	Tue	Wed	Thu	Fri	Sat
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31

Entries by year

2025 (5)

2024

December (1)
October (2)
September (2)
August (1)
July (5)
June (1)
May (3)
April (4)
March (1)
February (2)
January (6)

2023 (33)
2022 (20)
2021 (18)
2020 (17)
2019 (23)
2018 (15)
2017 (14)
2016 (17)
2015 (10)
2014 (19)
2013 (18)
2012 (32)
2011 (21)
2010 (30)
2009 (52)
2008 (95)
2007 (94)
2006 (94)

RSS

Contact

About

A veteran server troubleshooter who's worked in enterprise IT for more than three decades, Charlie Arehart (@carehart) is a longtime contributor to the community who as an independent consultant provides remote, short-term, and even on-demand troubleshooting/tuning assistance for organizations of all sizes and experience levels (carehart.org/consulting).

You can reach Charlie by email at charlie (at) carehart.org, or you can follow him on twitter, @carehart. This blog is one resource among several within https://www.carehart.org/, where you can also find out more about him.

In fact, if you'd like his help, he's available for consulting for as little as 15 minutes.

Appreciate any of the resources I've offered?

Archives By Subject

admin (107) [RSS]
apache (11) [RSS]
API Manager (4) [RSS]
basics (8) [RSS]
blogging (14) [RSS]
bug reports (1) [RSS]
business (2) [RSS]
carehart classics (26) [RSS]
CF Server Monitor (26) [RSS]
cf10 (60) [RSS]
cf11 (46) [RSS]
cf2016 (59) [RSS]
CF2016 Intro Series (9) [RSS]
cf2018 (58) [RSS]
cf2021 (60) [RSS]
cf2023 (40) [RSS]
cf2025 (4) [RSS]
cf411 series (10) [RSS]
cf8 (52) [RSS]
cf9 (34) [RSS]
cf911 (54) [RSS]
CFBuilder (20) [RSS]
CFFundamentals (5) [RSS]
cfml (35) [RSS]
cfmx (8) [RSS]
cfmythbusters (7) [RSS]
commandbox (3) [RSS]
community (24) [RSS]
connector (8) [RSS]
contributions (13) [RSS]
debugging (13) [RSS]
derby (5) [RSS]
docker (8) [RSS]
editors (10) [RSS]
evangelism (5) [RSS]
fusionreactor (62) [RSS]
general (59) [RSS]
hidden gems (12) [RSS]
homesite+ (3) [RSS]
hotfix (21) [RSS]
IIS (13) [RSS]
installation (9) [RSS]
introduction (2) [RSS]
java (45) [RSS]
javascript (2) [RSS]
jdbc (10) [RSS]
keyboard shortcuts (5) [RSS]
licensing (8) [RSS]
logs (8) [RSS]
lucee (20) [RSS]
migrating (1) [RSS]
monitoring (42) [RSS]
news (22) [RSS]
orm (2) [RSS]
performance (14) [RSS]
personal (3) [RSS]
PMT (6) [RSS]
podcasts (5) [RSS]
presentations (28) [RSS]
railo (10) [RSS]
redis (2) [RSS]
resource lists (26) [RSS]
security (28) [RSS]
seefusion (11) [RSS]
sql server (14) [RSS]
tips (22) [RSS]
tomcat (9) [RSS]
tools (44) [RSS]
training (8) [RSS]
troubleshooting (74) [RSS]
tuning (14) [RSS]
ugtv (11) [RSS]
updates (63) [RSS]
web services (8) [RSS]
webserver (5) [RSS]
writing (20) [RSS]
zeus (3) [RSS]

Upcoming/Recent Conference Appearances

Adobe CF Summit
Sep 2025

Into The Box
May 2025

Adobe CF Summit East
Mar 2025

CFCamp
June 2024

BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the HTML in this page?)

Managed Hosting Services provided by