[Looking for Charlie's main web site?]

Updates released for ColdFusion 2023/2021, Mar 12 2024: possible breaking change, solutions

This is a very important heads-up for my readers: there was an important security update released today by Adobe for ColdFusion 2023 (update 7) and 2021 (update 13). While as always there's much to say about what's changed in this update, I want to make this important clarification:

It's very important that people read the technote before "just applying this update". There is a very important (and fundamental) change in how CFML processes variables, with regard to searching for scopes when no scope is indicated on a variable name. It's NOT that you "must scope all your variables", as some are asserting. But it's still almost certainly a BREAKING change in many CF apps, if they use unscoped variables under certain conditions (that I discuss below). The change is for the sake of security, but it's just one aspect of the security fixes in this update.

Anyway, there are 3 things you can consider doing to rectify/work-around this breaking change, as I discuss below (or see the update technote, for this and more). And you may reasonably wonder what the implications would be of using the workarounds. You may also wonder if this scope matter relates to the CVE listed in the APSB (linked to below). That's currently unclear. It does not. As well, note that the Adobe security bulletin (link below) shows the security fix to be only a P3 (priority 3, the lowest severity), not a P1 (priority 1, the highest), though it IS regarded as "critical".1

But then there are still other aspects of the update beyond this scope matter, and you should be aware of those also.

For more, read on.

[....Continue Reading....]

Recent critical Lucee security vulns: make sure you're protected, finding out more about them

There has been important news released (this week and last week) about a critical Lucee security vuln (an RCS or remote code execution vuln). You'll want to make sure your Lucee instances are protected either by updates or configuration (or both). There are actually 3 matters to beware.

[....Continue Reading....]

Recording posted for my CF Online Summit talk, "Hidden Gems in CF2023"

Last week (Feb 15) I gave the first talk in the annual Adobe ColdFusion Online Summit for CF2024, and the recording of that session has now been posted by the Adobe CF team (as the first of many such recordings to come).

Description and slide deck/PDF

Recording (see also embedded video below)

Sorry that I didn't get a chance to offer a blog post announcing this talk (or the Online Summit). My wife had some rather significant surgery early last week (planned for, and she's ok), which had me quite busy taking care of her and my work. The announcing of this talk slipped between the cracks (but Adobe had announced it and the Online Summit themselves, of course). I have a few more posts to offer that have been delayed.

About the CF Online Summit

[....Continue Reading....]

Delighted to be speaking at Into the Box 2024, coming to DC in May

I'm delighted to announce that I've been selected to speak at Into the Box 2024, in DC, coming up in May. This will be my 5th time presenting at this wonderful event, going back to my first time in 2017.

My talk will be...

[....Continue Reading....]

Recordings and links for my presentations in Jan 2024, Dec 2023

I've done a few online presentations in recent weeks, and while I've done a blog post announcing each when it was upcoming, I was torn about also doing a blog post after each, just to mention their recording URL. I don't want people to feel there are "too many" posts. Also, since I use youtube live for the CFMeetup sessions, technically the url for the meeting is indeed the same one to use to view the recording of it: so if you know one, you know both.

But some people seem to notice when news is shared of a recording being made available, so here you go.:-) These are 4 sessions I've done in Jan 2024 and Dec 2023.

[....Continue Reading....]

Presenting "The Many Capabilities of CF Package Management and cfpm", Thurs Jan 25, Online

Do you feel you understand all there is to know about the CF Package Management feature (and cfpm tool), added by Adobe in CF2021? It has far more capabilities than most may realize.

So I'll be presenting a talk on this topic, online this Thursday, at noon US Eastern, on the CFMeetup youtube livestream (which will be recorded). Folks who are members of the Online ColdFusion Meetup will have already gotten email notification about this, including the meeting URL, but for those who are not members here are the details:

[....Continue Reading....]

Presenting "Updating the Java underlying ColdFusion: considering it, doing it" Thurs Jan 18, Online

As most know, ColdFusion runs atop Java (and has since CF6). Did you know that JVM updates come out quarterly (including one just this week)? While some may find the process of doing them to be "old hat", others are often surprised to discover it's their responsibility to keep that Java updated. And on the surface, "installing Java" is easy--but like so many other things, "the devil is in the details".

So I will be presenting presented a talk on this topic, online this Thursday, at noon US Eastern, on the CFMeetup youtube livestream (which will be was recorded). Folks who are members of the Online ColdFusion Meetup will already have gotten notification about this, but for those who are not, here are the details:

[....Continue Reading....]

Several things to consider when applying updates to Java (aka the JVM, JDK, JRE)

If you learn there's a new Java update available, it may well be relatively simple for you to apply that update, but if you're running important applications that rely on Java, it's in your interest to give some consideration to various matters related to doing such an update.

And as important, if you may have skipped some Java updates before this one, there are some additional points to consider regarding some potentially important changes in updates you may be skipping.

In this post, I cover several topics in both those areas.

[....Continue Reading....]

New updates released for Java 8, 11, 17, and 21 as of Jan 16 2024: resources and thoughts

It's that time again: there are new JVM updates released today (Jan 16, 2024) for the current long-term support (LTS) releases of Oracle Java, 8, 11, 17, and 21.

TLDR: The new updates are 1.8.0_401 (aka 8u401), 11.0.22, 17.0.10, and 21.0.2 respectively). For more on each of them, including what changed and the security fixes they each contain (including their CVE scores regarding urgency of concerns), see the Oracle resources I list below. Oracle calls them "critical patch updates" (yep, CPU), but they are in fact scheduled quarterly updates, so that "critical" nomenclature may sometimes be a bit overstated. Again, more details below. And as is generally the case with these Java updates, most of them have the same changes and fixes across the four JVM versions, though not always.

For some folks, that's all they need to hear. For others, read on.

[....Continue Reading....]

Presenting "Installing CF2023: choices, challenges, and solutions" Thurs Dec 21, Online CFMeetup

Last week I did a talk on MIGRATING to CF2023 (as that's a challenge that many contemplate BEFORE proceeding to install it). This week I will follow-that up with a talk on INSTALLING it, and addressing various challenges in doing that. Some people don't do development and only deal with installing it. (Others don't ever want to install CF, and I address alternatives for them also.)

So I will be presenting presented this talk online this Thursday, at noon US Eastern, on the CFMeetup youtube livestream (which will be was recorded). Folks who are members of the Online ColdFusion Meetup will already have gotten notification about this, but for those who are not, here are the details:

[....Continue Reading....]

More Entries

Copyright ©2024 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting