TLDR; A most basic message to hear is "get off of CF9", or any version of CF that is no longer supported. But for the sake of those who wonder, "while I work on that, is my CF 9 really impacted?", I address that, and more. But again updating 9 to just "leave it at that" and get on with your life is NOT the main message to be hearing!

Of course, it's always risky to run old versions of software, and to be clear, CF9 was released in 2009 and CF8 in 2007. Sadly, some shops drag their feet to keep even such old software updated (they each got updates for 5 years after their release). But the problem is really coming home to roost for some.

Who's affected, and who's not? And what can you do, if still on CF9 or 8? And what more is known about the attack?

For more, read on. (BTW, yes I am aware that this is not "new info", as some were sharing it as much as 2 weeks ago. It simply took me time to gather up all the info below, to provide more specifics than those general interest articles were sharing.)

[....Continue Reading....]

I've seen the problem raised often enough that when I saw someone raising it this weekend, I decided to solve it by creating a new folder in the cfmlrepo.com site, at least for CF2021 and CF2018 (for now), offering there the initial versions of all the neo-*.xml files for those two editions.

For more information, see what I shared (including more background on the issue, where I got the files, where I put the files, and more) in my reply about all this to the CF Community thread where the user raised the need this weekend.

And for the sake of those who may "just want the files" without any need of explanation or warnings:

• cfmlrepo folder of neo-*.xml files for CF2021
• cfmlrepo folder of neo-*.xml files for CF2018

I welcome thoughts, feedback, or suggestions.

Of course, if you view your FR on-premises user interface, that should inform you when a new version is available (at least since FR versions of the past couple of years). You can also learn of FR updates via the FR downloads page.  As for what the update offers, that's offered in the release notes, whose link is also offered on that downloads page above. 

For the TL;DR crowd, if the brief several words per fix offered in those release notes may be enough for you, you're done. If instead you're left wondering just what they may be referring to, I can elaborate. The changes are things I'm especially glad to see.

[....Continue Reading....]

Note: This blog post is from 2021. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.

[....Continue Reading....]

Note: This blog post is from 2021. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.

Adobe informed speakers after the session about how their session was rated by attendees. Mine got 4.5 out of 5 for "content quality of the session" and 4.4 out of 5 for "speaker's knowledge of the subject". I hope those folks will help me know where I could improve on those. I got no feedback, though I offer my email and social media handle on the title page and every slide. :-)

I offer a PDF of those slides (as well as a link to the recording and the session description) on my "presentations" page link for the talk.

[....Continue Reading....]

Note: This blog post is from 2021. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.

If you may lose track of that link, note that a link to it is also offered on the FR downloads page, where it appears as a "release notes" link in the blue banner shown above the available downloads.

As an aside, the FR folks themselves may or may not share news of a point release (perhaps tweeting via their twitter account, if not a blog post, or perhaps in a direct email to customers). They do tend to do soft rollouts of updates, putting them out for a few days before spreading the news.

So how do I know of it? Well, I use a nifty (old-school) free service called followthatpage.com, which I have watching that page for any changed, so I know if/when they do update the release notes. :-) And I share the news here because I know that many of my readers are FusionReactor users, who are of a sort that might like to know this new in advance.

Note: This blog post is from 2021. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.

This post is about finding and understanding the new, more standard alternatives.

[....Continue Reading....]

Note: This blog post is from 2021. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.

ColdFusion at 25: not the kid most have stuck in their minds

As ColdFusion turns 26 next month, many seem stuck remembering it only as the "teen" they knew or even the "child", when instead it's grown up to be a capable "adult", impressive in many ways, and even more so recently. In this session, we'll look back at how CF has indeed evolved into a very capable platform, with quite modern features that seem to surprise many--including people working with it currently. If you struggle "finding CF people" or "getting buy-in", perhaps these observations could help you with both challenges. If nothing else, they're things designed simply to help you get your job done, while keeping up with modern practices.

We'll start with many modern coding techniques--which will be familiar to those using more "modern" languages but that many don't realize CF supports, and may have for years. We'll then look at ways that things such as CF installation/deployment, configuration/administration, monitoring, security, and more have improved over the years. And we'll look not only at CF itself but the community surrounding it, ranging from resources for help and learning to tools and services that others have created, making CF a far more complete ecosystem than most give it credit. Put another way: it's not your father's CF!

I look forward to presenting this topic and hope you'll come check it out.

Note: This blog post is from 2021. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.

That may sound like a boring or simplistic topic to some. "Doesn't everyone already know how to install CF?" Trust me, they do not. :-) I help people do it every week, whether CF2021 or earlier versions. There are various tips I can and will share, and of course some about CF2021 in particular. But much will benefit you even if still using an older CF version.

For more on the talk, including a description (and my bio) see the meetup event page, which offers details like the URL for attending, the date and time (Thursday at 12p Eastern), and more.

I have just realized that I've been derelict in announcing here on my blog when I'm giving such talks. I did 3 meetup sessions last year, as well as a couple of AMA ("ask me anything") sessions with Dan Wilson, who has been helping me in running the group the past year, with my sincere thanks! :-)

Note: This blog post is from 2021. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.

For most, you should read on, especially about an important change regarding TLS support (and calling out to servers not yet running TLS 1.2 or above). I cover that and other important topics:

• What's in the JVM update, do you need to update to it?
• A key change in this Java update: calls out to TLS 1.1 or 1.0 no longer allowed, by default
• Re-enabling support for calling out to old TLS versions
• Groundhog day: you'll need do make this java.security file change on any later JVM updates
• Should you update to the new JVM version?
• The importance of testing such updates/changes
• More questions you may surely have, and finding answers to them
• Obtaining the updated Java installers

[....Continue Reading....]