Announcing ColdFusion emergency update released March 14 2023: what to do about it

Posted At : March 17, 2023 3:00 AM | Posted By : Charlie Arehart
Related Categories: updates, cf2016, IIS, cf2021, commandbox, cf11, security, apache, cf2018
Comments: (32)

If you've not heard, a new update has been released (March 14, 2023) for ColdFusion 2021 and 2018. Despite what you may hear, this is an URGENT (rated "Priority 1" by Adobe) update that everyone should apply ASAP, for reasons I will explain in this post. In fact, Hackernews reported yesterday (Mar 16) that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) had issued an urgent warning about this, giving federal agencies a deadline to apply the update.

TLDR; For some folks, the above may be all you need to hear: you may be dropping your coffee and donuts now to get the update applied. Still others will see this "huge post" and think, "crap, I don't have time for this". For you, skip to the bottom and its "concluding key points". You can then decide what you think you do or don't "need to know" and pick and choose from the sections as you like.

Finally, for those who prefer because of the importance of all this to be led more carefully through understanding things (in a way that's worked for the many people I have helped so far this week, and is far more than either Adobe or Hackernews has shared), please do read on.

[....Continue Reading....]

Comments (32)

Special offer: upgrade to ColdFusion 2021 from CF2016 or earlier, saving perhaps thousands of $$

Posted At : October 31, 2022 6:05 PM | Posted By : Charlie Arehart
Related Categories: updates, cf9, cf2016, cf2021, cf10, fusionreactor, licensing, cf11, cf2018
Comments: (0)

If you're running CF2016 or earlier, now's your chance (though ~~the end of the year~~ Feb 28, 2023) to save potentially thousands of dollars in upgrading to the latest current version, CF2021. Intergral, the folks who make the FusionReactor monitoring tool and service, are again offering a special deal of 25% off to upgrade CF2016 or earlier to CF2021 (a deal which even Adobe does not offer).

Read on for more details.

[....Continue Reading....]

Comments (0)

I'll be presenting at the online CFMeetup, on Adobe's 'new' CFSetup tool, useful for any CF version

Posted At : September 27, 2022 11:09 AM | Posted By : Charlie Arehart
Related Categories: presentations, cf2016, cf2021, cf10, cf11, cf2018
Comments: (4)

This topic may (should) interest folks using CF2021 or even OLDER CF versions. Did you know there's a command line tool to help view/manage as well as export/import CF Admin settings? I will be presenting a talk on this, Thursday. Anyone can attend online.

Folks who are members of the Online ColdFusion Meetup that I run will already have gotten notification about this, but those who are not:

[....Continue Reading....]

Comments (4)

My presentation will open CF DevWeek this week: CF, more modern than most realize

Posted At : July 17, 2022 10:31 PM | Posted By : Charlie Arehart
Related Categories: presentations, general, cf2016, cf2021, cf11, cf2018
Comments: (0)

Just thought I'd post a reminder for folks that I am giving the opening session for the 2022 CF Dev Week, running July 18-22. Registration is free, of course.

My session will be at 9a 930a Eastern on Monday July 18:

[....Continue Reading....]

Comments (0)

Announcing Java updates of Apr 2022 for for Java 8, 11, 17, and 18: resources and thoughts

Posted At : April 19, 2022 11:52 AM | Posted By : Charlie Arehart
Related Categories: updates, cf2016, cf2021, java, cf2018
Comments: (1)

New JVM updates have been released today (Apr 19, 2022) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17, as well as the new interim update 18. (Note that prior to Java 9, releases of Java were known technically as 1.x, to 8 is referred to in resources below as 1.8.)

The new updates are 1.8.0_331, (aka 8u331), 11.0.15, 17.0.3, and 18.0.1 respectively). And as is generally the case with these Java updates, most of them have the same changes and fixes.

For more on them, including changes as well as the security and bug fixes they each contain, see the Oracle resources I list below, as well as some additional info I offer for if you may be skipping to this from a JVM update from before Apr 2021. I also offer info for Adobe ColdFusion users on where to find the updated Java versions, what JVM versions Adobe CF supports, and more.

[....Continue Reading....]

Comments (1)

Announcing Java updates of Jan 2022 for Java 8, 11, and 17: resources and thoughts

Posted At : January 24, 2022 11:48 PM | Posted By : Charlie Arehart
Related Categories: updates, cf2016, cf2021, java, security, cf2018
Comments: (4)

Note: This blog post is from 2022. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.

New JVM updates have been released last week (Jan 18, 2022) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17. (Note that prior to Java 9, releases of Java were known technically as 1.x, to 8 is referred to in resources below as 1.8.) I'd shared the news in a tweet last week, but was delayed in getting this post out.

The new updates are 1.8.0_321, (aka 8u321), 11.0.14, and 17.0.2, respectively).

For more on them, including information on the security fixes and bug fixes they each contain, see the Oracle resources I list below, as well as some additional info I offer for if you may be skipping to this from a JVM update from before Apr 2021, as well as info for Adobe ColdFusion users on where to find the updated Java versions, what JVM versions Adobe CF supports, and more.

[....Continue Reading....]

Comments (4)

Announcing Java updates of Oct 2021 for 8, 11, and 17: resources and thoughts

Posted At : October 20, 2021 10:47 AM | Posted By : Charlie Arehart
Related Categories: updates, cf2016, cf2021, java, security, cf2018
Comments: (0)

Note: This blog post is from 2021. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.

New JVM updates have been released yesterday (Oct 19, 2021) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17. (Note that prior to Java 9, releases of Java were known technically as 1.x, to 8 is referred to in resources below as 1.8.) While the news has been announced by Oracle and shared in the IT press, I know that some of my readers don't necessarily follow those sources closely.

The new updates are 1.8.0_311, (aka 8u311), 11.0.13, and 17.0.1, respectively).

For more on them, including information on the security fixes and bug fixes they each contain, see the Oracle resources I list below, as well as some additional info I offer for if you may be skipping to this from a JVM update from before Apr 2021, as well as info for Adobe ColdFusion users on where to find the updated Java versions, what JVM versions Adobe CF supports, and more.

[....Continue Reading....]

Comments (0)

My upcoming talk, "ColdFusion at 25: not the kid most have stuck in their minds"

Posted At : June 8, 2021 10:02 AM | Posted By : Charlie Arehart
Related Categories: cf9, cf2016, cf2021, cf10, evangelism, cf11, cf2018
Comments: (0)

Note: This blog post is from 2021. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.

As you may have heard by now, the free Adobe CF Developer Week 2021 will be held June 22-24. My session will be on June 22 at 4p Central in Track 2. While currently the DevWeek site only offers session titles and speakers (descriptions were added after I posted this: click the + sign to the right of each talk), here is mine, from the "presentations" page here on my site:

ColdFusion at 25: not the kid most have stuck in their minds
As ColdFusion turns 26 next month, many seem stuck remembering it only as the "teen" they knew or even the "child", when instead it's grown up to be a capable "adult", impressive in many ways, and even more so recently. In this session, we'll look back at how CF has indeed evolved into a very capable platform, with quite modern features that seem to surprise many--including people working with it currently. If you struggle "finding CF people" or "getting buy-in", perhaps these observations could help you with both challenges. If nothing else, they're things designed simply to help you get your job done, while keeping up with modern practices.
We'll start with many modern coding techniques--which will be familiar to those using more "modern" languages but that many don't realize CF supports, and may have for years. We'll then look at ways that things such as CF installation/deployment, configuration/administration, monitoring, security, and more have improved over the years. And we'll look not only at CF itself but the community surrounding it, ranging from resources for help and learning to tools and services that others have created, making CF a far more complete ecosystem than most give it credit. Put another way: it's not your father's CF!

I look forward to presenting this topic and hope you'll come check it out.

Comments (0)

Announcing Java updates of Apr 2021 for 8 and 11: resources and thoughts

Posted At : April 26, 2021 6:37 PM | Posted By : Charlie Arehart
Related Categories: cf2016, cf2021, cf10, java, cf11, cf2018
Comments: (6)

Note: This blog post is from 2021. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.

For those using the Long-term Support (LTS) versions of Oracle Java, 8 and 11, please note `there were new updates released last week (Apr 20), specifically Java 11.0.11 and 8.0_291. For some, that's all they need to hear. They will take that ball and run with it.

For most, you should read on, especially about an important change regarding TLS support (and calling out to servers not yet running TLS 1.2 or above). I cover that and other important topics:

What's in the JVM update, do you need to update to it?
A key change in this Java update: calls out to TLS 1.1 or 1.0 no longer allowed, by default
Re-enabling support for calling out to old TLS versions
Groundhog day: you'll need do make this java.security file change on any later JVM updates
Should you update to the new JVM version?
The importance of testing such updates/changes
More questions you may surely have, and finding answers to them
Obtaining the updated Java installers

[....Continue Reading....]

Comments (6)

Confirming ColdFusion's Java version, via admin, vars, or code

Posted At : April 5, 2021 11:13 AM | Posted By : Charlie Arehart
Related Categories: cf2016, cf2021, cf10, java, cf11, cf2018, lucee
Comments: (0)

Note: This blog post is from 2021. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.

Have you ever wished you could confirm with 100% certainty what Java version is in use by the CF instance you are running? Or where the JVM's location is (in case you are told to modify files related to it)?

Some good news is that ColdFusion offers simple ways/variables that can show you each of these, via the admin or via CFML code. In this post, I discuss both approaches, including a simple single variable which works in CF2018 and above, a variation for those on CF2016 and earlier, as well as variations for Lucee.

[....Continue Reading....]

Comments (0)

Sun	Mon	Tue	Wed	Thu	Fri	Sat
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30