[Looking for Charlie's main web site?]

Recording posted and PDF updated for my presentation on CF Scheduled Tasks

Last week, I presented a talk at the online Hawaii CF Meetup, "CF Scheduled Tasks: More than you may know, and should".

The recording has been posted.

Also, I have updated the PDF, since giving the talk (Fri Jul 28). I not only corrected a couple of typos and improved some wording and organization, but I also have added some new links and content.

Both those links are offered on my presentations page, where I offer info and links for every one of my nearly 170 CF talks over the past 25 years--most of which I daresay would still be useful to many even today.

FusionReactor 10.0.2 update released Jul 19 2023: resources and thoughts

If you're using FusionReactor, note that a 10.0.2 update was released recently, Jul 19, with a few bug fixes/improvements. (Sorry for the delay in reporting this. This was the week after there were multiple CF updates and a Java update as well.)

I want to draw special attention to the one "new improvement" and one "new feature". (In my posts on past FR updates, I sometimes don't do much more than list the simple bullet points offered in the FR release notes.) See the elaboration on these two things below.

For more on the update, as well as help on installing such FR updates, read on.

[....Continue Reading....]

My meta resource page about updating CF, the Java underlying it, the wsconfig, and more

With all the recent updates to CF (and the ongoing need to keep up and related things up-to-date), I wanted to share some news: I've long had on my site a meta resource page regarding keeping ColdFusion updated, where I offered both links and tips related to updating CF as well as the JVM underlying CF, the web server connector(wsconfig), the CF PMT, FusionReactor, CF Builder (old Eclipse and new VSCode versions) and even Lucee.

It's been on my site as my "CFUpdate" page (linked to from my old-school top-level nav bar), and I've kept the page updated. [Hey, updating my meta resource on updates. That's SO meta!]

But I suspect a lot of people may never find it for one reason or another, so I wanted to offer a link to it here.

Check it out, and I welcome comments or feedback here.

Delighted to be speaking again at Adobe ColdFusion Summit 2023

I'm delighted to announce that I've been selected to speak again (for the 11th straight year) at the upcoming Adobe CF Summit conference, to be held in Las Vegas October 2-3.

I'll be offering my traditional "Hidden Gems in ColdFusion 2023" talk.

And see the conference web site for other speakers and their Summit sessions (with more to come).

Besides just being a great conference (in terms of content as well as meeting fellow attendees, Adobe folks, and vendors), which is being offered in-person only and at a VERY reasonable price of only US$199, the Summit is also a great chance for folks to pursue Adobe CF Certification (offered both online and in a separate one-day workshop the day after the conference, Oct 4, for just $100 more).

Note also that qualified students can attend the Summit for free. That's a great nod to Adobe supporting CF in higher education and among emerging developers.

Beware you can't install CF updates via the CF Admin after Jul 2023 JVM update

Be aware: if you update ColdFusion to run using the latest JVM updates (released July 18, 2023), you will encounter challenges, which have solutions as I describe here.

You will find that you can no longer INSTALL CF updates via the CF admin, if CF is using this new Java version. And even if the CF update is run from the command line, if using this newer Java version that also will fail. In either case, there is a new JVM argument that solved the problem, as I discuss below.

This is happening in CF2023, 2021, and 2018. (And this may continue to happen with future JVM updates, until Adobe otherwise addresses the problem.)

As an update, you may want to read a more recent post I did on this matter, in October 2023.

As an another update, when I first created this post originally on July 21st, another problem was that you would find that you could no longer use the CF Administrator to download CF updates, if CF was running this new Java version. You would get an error reporting, "Failed Signature verification"--or in some cases you may see only "error failed". But within a couple of weeks, I found that the CF Admin COULD now download updates (including the August 2023 CF update) but the CF update STILL fails to install correctly, as discussed in this post, unless the workaround offered is used.

FWIW, Adobe has also updated the technotes for CF2021 update 10 and CF2023 update 4 with a text box at the top that acknowledges this issue and points to this post for more detail.

In this post, I explain a) what this is all about, then b) how you can fix the problem of INSTALLING the update using the CF Admin, I'll explain how it seems we HAVE to workaround that problem (for now). I also offer a link to a bug report I've filed. I even offer a thought on how this new JVM update may prove over time to affect MORE than just this, and even MORE than just CF (and Lucee) but many java apps. Read on for more.

[....Continue Reading....]

A third Priority 1 CF security update has been released, Jul 19 2023

Just days after two P1 CF security updates were released on Jul 11 and 14, Adobe has released yet another on Jul 19.

Yes, this is shocking. Yes, unless there's a good explanation, I can understand how many would feel "someone on the CF team should be flogged". Don't shoot me: I'm just the messenger. I don't work for Adobe.

But I will add that in this post, besides just sharing news about the update (and more than JUST pointing to the update), I also offer an ADDITIONAL "fix" some will want to consider, to go BEYOND what this update addresses. See the discussion on "blocking the _cfclient query string".

Read on for more, where I cover:

  • Finding more info on this update
  • A suggestion on blocking the _cfclient query string
  • News for those doing manual offline installs: this update DOES have a zip
  • As for doing a Java update along with this update
  • CF2018 WAS indeed also updated

[....Continue Reading....]

FusionReactor 10.0.1 update released Jun 22 2023: resources and thoughts

If you're using FusionReactor, note that a 10.0.1 update was released last month, Jun 22, with a few bug fixes/improvements. (Sorry for the delay in reporting this. It's been a busy few weeks.)

For more on the update, as well as help on installing such FR updates, read on.

[....Continue Reading....]

New updates released for Java 8, 11, 17, and 20 as of Jul 18 2023: resources and thoughts

It's that time again: there are new JVM updates released today (Jul 18, 2023) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17, as well as the current interim update 20.

TLDR: The new updates are 1.8.0_381 (aka 8u381), 11.0.20, 17.0.8, and 20.0.2 respectively). For more on each of them, including what changed and the security fixes they each contain (including their CVE scores regarding urgency of concerns), see the Oracle resources I list below. Oracle calls them "critical patch updates" (yep, CPU), but they are in fact scheduled quarterly updates, so that "critical" nomenclature may sometimes be a bit overstated. And as is generally the case with these Java updates, most of them have the same changes and fixes across the 4 JVM versions, though not always.

For some folks, that's all they need to hear. For others, read on.

[....Continue Reading....]

A second priority 1 CF security update in one week, released Jul 14 2023

Just days after a P1 security update released on Jul 11, Adobe has released yet another on Jul 14. (I don't recall such a short gap between updates before, so yes: it's unusual.)

For more on the update, and some additional thoughts, read on.

[....Continue Reading....]

P1 security update released Jul 11 2023 for ColdFusion 2023, 2021, and 2018

Folks using CF2023, 2021, or 2018 will want to know that a Priority 1 security update has been released today affecting all 3 releases, update 1 for CF2023 (its first), update 7 for CF2021, and update 17 for CF2018 (its last). The security bulletin indicates that the updates "resolve critical and important vulnerabilities that could lead to arbitrary code execution and security feature bypass".

Update: 3 days after this update, Adobe released yet another, and then 4 days after that they released yet another, both p1 security updates. While I have posts on each of the two subsequent updates, the one on Jul 14 and then the one on Jul 19, the information below is still important and has details that I do not repeat in the later post.

For more resources as well as some additional thoughts on the updates, read on.

[....Continue Reading....]

Copyright ©2024 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting