[Looking for Charlie's main web site?]

New updates released for Java 8, 11, 17, and 20 as of Jul 18 2023: resources and thoughts

It's that time again: there are new JVM updates released today (Jul 18, 2023) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17, as well as the current interim update 20.

TLDR: The new updates are 1.8.0_381 (aka 8u381), 11.0.20, 17.0.8, and 20.0.2 respectively). For more on each of them, including what changed and the security fixes they each contain (including their CVE scores regarding urgency of concerns), see the Oracle resources I list below. Oracle calls them "critical patch updates" (yep, CPU), but they are in fact scheduled quarterly updates, so that "critical" nomenclature may sometimes be a bit overstated. And as is generally the case with these Java updates, most of them have the same changes and fixes across the 4 JVM versions, though not always.

For some folks, that's all they need to hear. For others, read on.

[....Continue Reading....]

A second priority 1 CF security update in one week, released Jul 14 2023

Just days after a P1 security update released on Jul 11, Adobe has released yet another on Jul 14. (I don't recall such a short gap between updates before, so yes: it's unusual.)

For more on the update, and some additional thoughts, read on.

[....Continue Reading....]

P1 security update released Jul 11 2023 for ColdFusion 2023, 2021, and 2018

Folks using CF2023, 2021, or 2018 will want to know that a Priority 1 security update has been released today affecting all 3 releases, update 1 for CF2023 (its first), update 7 for CF2021, and update 17 for CF2018 (its last). The security bulletin indicates that the updates "resolve critical and important vulnerabilities that could lead to arbitrary code execution and security feature bypass".

Update: 3 days after this update, Adobe released yet another, and then 4 days after that they released yet another, both p1 security updates. While I have posts on each of the two subsequent updates, the one on Jul 14 and then the one on Jul 19, the information below is still important and has details that I do not repeat in the later post.

For more resources as well as some additional thoughts on the updates, read on.

[....Continue Reading....]

Presenting "CF Scheduled Tasks: more than you may know, and should" at Hawaii CF Meetup, Jul 28

On Jul 28 at 6pm US Eastern, I'll be offering this talk (online) on the Hawaii ColdFusion Meetup (hosted by John Barrett). For more on the topic and its motivation, read on.

[....Continue Reading....]

Restoring the CF Admin logviewer removed in Oct 2022 CF updates, at your own risk

As of the Oct 2022 CF updates (CF2021 update 5 and CF2018 update 15), Adobe has chosen to remove the CF Admin feature to view, search, download, and delete CF logs, due to asserted (but as-yet undocumented) security concerns.

What if you want it back? In this post, I explain what changed, why, and how to get the functionality back--albeit at your own risk. For more, read on.

[....Continue Reading....]

How to solve "Failed Signature verification", for downloads of ColdFusion updates--since Oct 2022

If you try to download a CF update using the ColdFusion Administrator AND you get an error, "error occurred while installing the update: Failed Signature Verification", there are both a couple of possible explanations (one of them new), both with fairly simple solutions.

Update Jul 2023: Before considering what I share in this post, note that if you have updated your CF to use the Java update from Jul 2023, the cause of this error may be due to a totally different issue. See my post from July 2023 on that matter.

Update Feb 2023: In mid-February 2023, Adobe did re-sign their jars and placed them on the uploads site so that either the CF Admin update download or anyone performing a manual download after that date WOULD get the newly signed jars, and the problem below then no longer happens. (They are now signed as "SHA256withRSA, 4096-bit key".) I leave the rest here still for those who would want to understand what DID happen and why the update jars that were in place then DID change (slightly) for this reason.

[....Continue Reading....]

Finding default/initial CF admin config (neo-*.xml) files, now at cfmlrepo.com

Have you ever wished to obtain a copy of one CF's neo-*.xml files (like neo-cron.xml), for the purpose of setting yours back to its defaults? Folks sometimes need to do that to recover from certain problems.

I've seen the problem raised often enough that when I saw someone raising it this weekend, I decided to solve it by creating a new folder in the cfmlrepo.com site, at least for CF2021 and CF2018 (for now), offering there the initial versions of all the neo-*.xml files for those two editions.

For more information, see what I shared (including more background on the issue, where I got the files, where I put the files, and more) in my reply about all this to the CF Community thread where the user raised the need this weekend.

And for the sake of those who may "just want the files" without any need of explanation or warnings:

I welcome thoughts, feedback, or suggestions.

New updates released for Java 8 and 11, Oct 2020

Note: This blog post is from 2020. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
For those using the Long-term support (LTS) versions of Oracle Java, 8 and 11, please note that there were new updates released last week (Oct 20), specifically Java 11.0.9 and 8.0_271. For more on each, see the:

For some, that's all they need to hear.

And I could (and probably should) leave it at that. But there are other questions which folks will have, including more on getting those binaries/installers (from Oracle or Adobe), on the difference between those LTS versions and "more recent" Java versions, as well as non-Oracle JVMs, and on licensing matters and more. For those, read on. Perhaps I will split this other stuff out into its own post at some point, so I can just point to it from news of these Java updates.

[....Continue Reading....]

It's looking like cf2020 will be cf2021, if I'm reading things right

Note: This blog post is from 2020. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
As much as many have been referring to the new release (known for now as "Project Stratus") as "CF2020", it's looking like it may be instead "CF2021", if I'm reading the tea leaves right. And maybe it's only the name, not the actual release year. Let me explain (Hey, the bright side is that "2020" as a year is one many want to forget.)

[....Continue Reading....]

Come see my online talk, "Migrating or Comparing CF Admin Settings", at noon ET on Aug 13

Note: This blog post is from 2020. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
Just thought I'd share a heads-up here on the blog that I'll be the speaker for the Online ColdFusion Meetup this week, Aug 13, at noon ET, presenting a new talk:

Migrating or Comparing CF Admin Settings, between instances, versions, and engines

You can learn more (including the description, the online meeting URL, where the recording will be posted, and more) at the meetup event page. FWIW, the session name had to be shortened a bit as presented on the meetup site there and even in the title here. :-)

As a bonus for you, my blog readers, I'll note that I'll be covering the CF migration and CAR features, the Commandbox CFConfig tool (which can be used for more than just "box" instances) and the CF2020 cfsetup tool (which has been shown publicly already), and more.

I'll also have a special surprise for people who "just want to compare the Admin settings of two instances without resorting to command-line tools, or hopping back and forth between browser tabs", using a free cross-platform GUI compare tool (and a simple trick in the CF Admin) which has delighted nearly everyone I've ever shown it to. And the tool can benefit you for far more than this one task. :-)

More Entries

Copyright ©2024 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting