[Looking for Charlie's main web site?]

ColdFusion March 2023 emergency update, and what to do about it

If you've not heard, a new update has been released (March 14, 2023) for ColdFusion 2021 and 2018. Despite what you may hear, this is an URGENT (rated "Priority 1" by Adobe) update that everyone should apply ASAP, for reasons I will explain in this post. In fact, Hackernews reported yesterday (Mar 16) that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) had issued an urgent warning about this, giving federal agencies a deadline to apply the update.

TLDR; For some folks, the above may be all you need to hear: you may be dropping your coffee and donuts now to get the update applied. Still others will see this "huge post" and think, "crap, I don't have time for this". For you, skip to the bottom and its "concluding key points". You can then decide what you think you do or don't "need to know" and pick and choose from the sections as you like.

Finally, for those who prefer because of the importance of all this to be led more carefully through understanding things (in a way that's worked for the many people I have helped so far this week, and is far more than either Adobe or Hackernews has shared), please do read on.

[....Continue Reading....]

Thrilled to be speaking at Adobe CF Summit East, Apr 6

I'm thrilled to announce that I've been asked to present again at the Adobe ColdFusion Summit East 2023, a free one-day conference being held in Washington DC on Apr 6, at the Marriott Marquis.

For more on the event, my talk, and how this means I have to skip attending/speaking at DevNexus the same week, read on.

[....Continue Reading....]

FusionReactor 9.2.1 update released

If you're using FusionReactor, note that a new 9.2.1 update was released last week, Jan 31, with a couple of bug fixes--including one where you may need to add a JVM arg to prevent an error, in a certain case as I will discuss.

For more, read on.

[....Continue Reading....]

New URL for signing up to the CFML Slack: cfml-slack.net

TLDR; the URL for joining the CFML Slack workspace and channels has changed. If you want to join the CFML Slack, use the form at cfml-slack.net. As some may have noticed, the old URL for joining (cfml-slack.herokuapp.com) no longer works.

Since it's mentioned in many places on the web, I wanted to help spread this news. This cfml-slack.net URL replaces that, while the URL for the CFML Slack channel itself is unchanged: cfml.slack.com.

For more explanation/context, and especially if you may be new to considering the CFML Slack, read on.

[....Continue Reading....]

Be aware that ColdFusion 2018 end-of-life (and end of updates) is coming July 2023

Are you still running ColdFusion 2018? Did you know that its end-of-life is July 13, 2023? That's the date that "core" support ends--meaning, no more updates from Adobe after that, not even security fixes.

As for CF2021, it gets updates into 2025, and the currently running pre-release of CF2023 is a great sign for the continued vitality of CF. But this looming deadline for CF2018 is a reminder that as the years roll on, we not only get new versions but we must say good-bye to old ones.

Wondering what you can do? or when CF2021 or CF2023 support will end also? And what's the difference between "core" and "extended" support Adobe sells? (The extended support plan does NOT provide updates beyond this coming July.) For more on these, including official Adobe documentation that discusses such things, as well as my thoughts on migration, costs, various options to consider, and more, do read on.

[....Continue Reading....]

Thrilled to be presenting at Devnexus 2023

I'm thrilled to announce that I've been selected as a speaker at Devnexus 2023, the long-running professional developer conference held in Atlanta. If you may not be familiar with it, I'll talk about the event a bit more below, as well as offer a discount code to attend.

As for my session, it will be "Transitioning to Java 17 from 11 or 8 for Admins":

[....Continue Reading....]

What's new in FusionReactor 9.2.0, released Jan 18 2023

If you're a user of the wonderful FusionReactor monitoring and observability solution (for ColdFusion, Lucee, Java servers and more), you may delight in hearing news of a new FusionReactor (FR) version. 9.2.0 was released last week, Jan 18, 2023.

You can learn more (in brief) about what's new in the bullets for 9.2.0 offered at the release notes page.

TLDR: For some folks, news of the new version is all the need to hear. For those who may like to hear a bit more about the update, read on.

[....Continue Reading....]

Beware that latest Oracle JDK installers will REMOVE older JDK installs of that version

Here's something new to beware if you may run the Oracle JDK installer for the recently updated Java 11 or 17, whether on Windows, macOS, or via RPM: the new Oracle jdk installer WILL REMOVE any older previous versions of that JVM version created by previous JDK installers of the same major version. (Note that this issue does not affect those who implement java by extracting it from a compressed file, like a zip or tar.gz.)

Update: Since I posted this last night, I've heard some people assert "this is not new behavior: Java's always popped up and offered to remove old versions". Those folks are misunderstanding something: that was true of past JRE installers (like in Java 8 and earlier, which don't exist for Java 11), but it was never the case for Oracle JDK installers (even for Java 8). THAT's what's new about the JDK 11 and 17 installers, and it's DOCUMENTED in the release notes, as I discuss below. But it may surprise those who never saw a JDK installer do that, thus this post. (The rest of this post remains unchanged.)

I'm referring here to new behavior in the JDK installers from the Jan 2023 update, which I blogged about recently. This topic will apply also to subsequent JVM updates as they come out in the future. (Fortunately for some, this issue does NOT affect those running Java 8 or below, or Java 19 or above, as I will explain.)

While the technotes for the new updates (which I point to in my post above) do make mention of the issue I'm describing, I don't feel they do it in as obvious a manner as they might (it's not clear how it affects CURRENTLY installed earlier updates of JDK 11 or 17)., and I've already helped some people dealing with the ramifications of the change. And of course it's all the MORE important to make sure this is made known to those who might NOT read the release notes.

I've also found that the JDK installer doesn't ALWAYS warn that there are running processes using the older JDK version that it's about to remove. And to be clear, it won't warn about applications that are NOT running but which are configured to try to use the older JDK version that would be removed.

Read on for:

[....Continue Reading....]

New updates released for Java 8, 11, 17, and 19 as of Jan 17 2023

Here's a heads-up that some will want to hear about: there are new JVM updates released today (Jan 17, 2023) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17, as well as the current interim update 19. (Note that prior to Java 9, releases of Java were known technically as 1.x, so 8 is referred to in resources below as 1.8.)

TLDR: The new updates are 1.8.0_361 (aka 8u361), 11.0.18, 17.0.6, and 19.0.2 respectively). For more on each of them, including what changed and the security fixes they each contain (including their CVE scores regarding urgency of concerns), see the Oracle resources I list below. Oracle calls them "critical patch updates" (yep, CPU), but they are in fact scheduled quarterly updates, so that "critical" nomenclature may be a bit overstated. And as is generally the case with these Java updates, most of them have the same changes and fixes as each other, though not always.

Update: After posting this, I learned of some rather surprising implications of a new feature of the new JDK installer. For more, see another post I created.

For some folks, that's all they need to hear. For others, read on for topics like:

  • Finding more info on these Jan 2023 Java updates
  • What about other JVM distributions besides Oracle?
  • News for my CF audience (getting the Java updates from Adobe or Oracle, how to update, why you should NOT for now use Java 17 with CF, etc)
  • Should you apply the update? how soon?
  • Beware a change in the Oct 22 JVM update regarding Java no longer trusting jars signed with SHA-1
  • Beware a change in the April 2021 JVM update, if you may be skipping over it
  • Wrapping up, getting more help

[....Continue Reading....]

Adobe has started to open the prerelease Alpha for ColdFusion 2023 (codename Fortuna)

If you're active in social media you may have heard the news already, but for those who are not, Adobe has started to open the prerelease program for the next CF version, aka ColdFusion 2023--though known for now formally by its code name, Project Fortuna. You can find out more (and request to join) the prerelease program at its page on the Adobe prerelease site (where you will see as well as all kinds of prereleases for other Adobe products).

For now, only the Alpha has been announced, and the number of registrants allowed may be limited.

For more on that and about the prerelease (what can be gleaned/shared publicly), read on.

[....Continue Reading....]

More Entries

Copyright ©2023 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting