Note: This blog post is from 2014. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.

Here's a nice surprise for some about a change in CF11: you can now create and read CAR files (ColdFusion archive files, a CF Admin feature) in the STANDARD edition of ColdFusion 11. In prior releases, it was available only in ColdFusion Enterprise.

Read on for more, including a gotcha regarding importing from previous release Standard editions, but for many this news will be a delight and all they need to know.

For more on what the CAR mechanism is, finding more on it, the gotcha (and what NOT to do if you hit that gotcha), and info on still more hidden gems in CF, read on.

[....Continue Reading....]

Note: This blog post is from 2014. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.

What if you either don't have such an account or only use CF for Development or trial purposes? How do you find older previous installers?

Find CF installers, updates, and docs for past several releases

The good news is that if one wants to find ANY installers for most ANY version of CF, they can be found on an external repository setup years ago by Gavin Pickin (and still maintained by him and others, including myself, at:

CFML Repo

The site even has installers all the way back to CF1.5, as well as updates, docs, CFBuilder installers, and more.

The name, CFMLRepo, may confuse some if they presume it's a repo of CFML. It's not. IT's that it has both CF and Lucee installers, thus the more "generic" name.

(And there used to be a longer and hard-to-remember URL for the site, when I had posted this originally in 2014, and I had created a shortened url, http://bit.ly/cfdownloads. It's now definitely not "shorter", but I leave this here for posterity.)

Thanks so much to Gavin for creating the repo, and to him and others for maintaining it. Let's hope it remains a viable solution to find downloads for years to come.

Note: This blog post is from 2014. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.

But as is often the case in a lot of the CF server troubleshooting consulting I do, I find the causes to be far less often what most people seem to suspect. So what would I look for when someone reported high CPU in ColdFusion (or Lucee or Railo )? Read on.

[....Continue Reading....]

Note: This blog post is from 2014. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.

I was wanting to point out to someone the various ColdFusion security resources, and while I have a category on them in my CF411 site, I thought this was a list worth pulling out into its own blog entry and expanding a bit.

You may be surprised to find that there are more to CF security guidelines than just the venerable server "lockdown guide" (for those administering and configuring CF, the OS, and the web server, among other things).

Did you know that there have been "developer security guidelines" as well, focused instead on coding? This latter guide has gone through three iterations, including just recently, as I'll discuss along with the lockdown guides, below.

[....Continue Reading....]

Note: This blog post is from 2014. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.

And your operation fails. You're then prompted to "Click here to login", but even if you back up or client another link, you'll be prompted with the CF Admin login.

What gives? Why is it happening? And how can you fix things? Is CF broken? No, not in the sense that you need to reinstall or anything. The good news is that there is a quite simple solution. Well, there are several, depending on your goals.

The simple solution: delete the duplicate cfid/cftoken or jsessionid cookies that you will find your browser is sending to CF. But there is much more to this, as well as other solutions, which would be worth most readers taking a few minutes to read on here.

BTW, the same root problem can be the cause of your own application's users finding that they can't stay logged in. More on that in a moment.

[....Continue Reading....]

Note: This blog post is from 2014. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.

Of course, in CF10 it's easier now because of the built-in "server updates" feature of the CF Admin. But in earlier releases, it was all on you to both keep up on the updates and to apply them manually. And a lot of people either never bothered, or may have tried and failed, or did it but got it wrong.

What you need to know

So in this blog entry, I some key info that will help you, if you may be in need of applying one or more of those updates to CF9 and earlier. Indeed, I'll point to some past entries I've done where I shared a lot more detail that I find is vital and rarely mentioned when some people try to share just the bare minimum of info (often leaving people hanging).

For instance, I'll help you answer such questions as what hotfixes do you already have applied? How do you find out? And you need to know exactly what version of CF you have, whether 9.0/9.0.1/9.0.2, 8.0/8.0.1, 7.0/7.0.1/7.0.2, and so on. I'll explain how to tell and why that's important, and especially when it comes to finding and applying hotfixes. And if you have applied hotfixes, are you sure you have done it right? It's easy to get things wrong and botch things. I'll help you avoid several very common mistakes.

(That's why it's so great that CF10 finally handles things for us. But this entry, focused on 9 and earlier, is not the place to discuss concerns with the CF10 hotfix mechanism. If you have questions or concerns about that, see the substantial CF10 Hotfix Installation Guide from Adobe, a 50-question FAQ on all things related to that feature.)

I'll also point you to where to find hotfixes and installers for CF9 and earlier (not as easy as it may seem), and still more.

If any of that's of interest, and I hope it is if you're on CF9 or earlier, then read on.

[....Continue Reading....]

Note: This blog post is from 2014. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.

But guess what: it technically only has changes related to Mac OS X (specifically adding support for its Mavericks version).

This is addressed if you read the technote that the update text points to, or the Adobe blog entry from last night which announced the update (more on these in a moment.) Those DO indicate that if you are not running that OS, you need not apply the update. (And the day after I wrote this entry, this indication was added to the update text itself.)

But what if you are on Windows (or another *nix variant besides OS X)? Should you apply it? What if you do? (there's NO PROBLEM!) What if you don't? And given that the update text says you need to reconfigure the web server connector, do you really need to bother on Windows?

And what if you are installing CF10 for the first time, since you DO need to apply updates upon installation? (you can either apply update 13 or 12, but you must apply at least one of them to be fully updated.)

As important, how might Adobe have better clarified this, and how might they make a simple change now related to that (they since did)?

I address in this entry these questions and a few other concerns I have, about confusion that may ensue.

[....Continue Reading....]

Note: This blog post is from 2013. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.

I wanted to point out to my readers that I have proposed two talks. The first one I gave at the Adobe CF summit last month and was very well-received. You can see the description and VOTE button on each of the following pages:

CF911: Solving Frequent CF Server Problems in New/Better Ways (click to visit, then vote)

The second is one that I gave to the Atlanta CFUG earlier this year.

Updating/Hotfixing ColdFusion 10, 9 and 8: Tips and Traps (click to visit, then vote)

Both are full of surprising and helpful tips, based on my experience helping hundreds of shops with related issues in my CF server troubleshooting services. But the talks are not "sales pitches".

They're goal is to be just like my blog entries here, and my past talks: I just want to help people find, understand, and resolve problems with their CF servers. It's wonderful to be able to help people come away more confident and capable in managing their servers, whether from the consulting sessions, the talks, the blog entries, the cf911.com wiki of cf server troubleshooting resources, the cf411.com site of tools and resources of interest to CFers, and so on.

Anyway, if these talks sound interesting, please go add your votes using the link for each above, and click the vote option that then appears. And of course, vote for all the other talks you think ought to be invited. The board uses your votes, so every vote counts.

Note: This blog post is from 2013. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.

In this entry, I want to throw in another reason why it's important to make sure you properly update (reconfigure/rebuild/upgrade) your web server connector after applying certain CF10 updates, or if applying only the latest update for the first time to a newly installed CF10 instance.

[....Continue Reading....]

Note: This blog post is from 2013. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.

In brief, a VERY common problem is that while they MAY WELL have applied the provided "updates" for CF, folks often do NOT notice that they may have to (and generally must) "update" the web server "connector" (if they are using an external web server, like IIS or Apache) as a separate manual step, after applying the update.

I explain here what that means, how do to it, and why you may miss that you need to.

Update in 2019:

Since writing this entry, I did one in 2019 on When and how to upgrade CF web server connector, easier since CF2016, which at least makes it EASIER to upgrade, though much of what I write here still applies. I also updated this post since originally writing it, in ways discussed below.

(Or if you'd rather just have me help you quickly help you analyze and rectify your situation, whether with regard to the connectors or any other CF server troubleshooting, I can do that in a brief consulting session, likely less than an hour, remotely and securely. I provide all the detail here for those who prefer to "go it on their own". For more on my consulting services, including rates, approach, satisfaction guarantee, and more, see the consulting page at carehart.org.)

[....Continue Reading....]