[Looking for Charlie's main web site?]

Breaking change in CF2021, new date format mask of D may be serious problem for old code

Wow. Beware of this subtle breaking change in CF2021, something discovered since its release (was not documented as one of the "new" things, nor was it documented at all in the beta).

TLDR; a simple demo of the problem

Consider this fragment, which could exist in similar form in millions of CFML templates: 

dateformat("11-24-20","MM-DD-YY")

See anything wrong? Probably not. It will indeed "work fine" in CF2018 and before, producing 11-24-2020, as most would expect.

But that same code in CF2021 will produces instead 11-329-2020, which virtually no one would expect! Because D now means "day in year". It's a Java-standard datemask, but until now CF didn't complain if you used D. It treated it like d.

And the disaster is that you may have old code that's worked like this for years, but now in CF2021 that code will produce these WRONG RESULTS, which is bad enough if it's just a date shown on a page; but it's catastrophic if that date is then used in code to make decisions, to perform calculations, to store in databases, to pass to other systems, and so on.

And of course it applies if you use 2 D's, as in MM/DD/YYYY, or any variation like DD-MM-YY, and so on. It also applies to lsdateformat, and any functions or tags that take a date mask, such as dateadd, datecompare, dateformat, datediff, dateformat, datepart, datetimeformat, parsedatetime.

So yeah, this seems a huge deal!

What changed, why is this a problem, and what can you or Adobe do? what about Lucee?

What's changed is that a new dateformat mask of D was added (to mean "day in year"). Of course, the lower-case d mask has long existed and meant of course "day in month", as in dateformat(now),"m/d/yyyy". 

The problem is that it turns out CF was loose in its enforcement of this casing before, so you got the same "day in the month" with a "d" OR a "D", such as M/D/YYYY.  Until CF2021, that is. So what now?

For more, read on where I discuss what you can do, what Adobe might want to consider, and how the same "loose casing" of masks happens in Lucee as well (but Lucee has no D for "day in year", so does not have the "same" problem, yet). I also explain how this D for "day in year" is indeed a Java-standard mask value.

[....Continue Reading....]

Be aware that updates to ColdFusion 2016 will end Feb 2021

Are you still running ColdFusion 2016? Did you know that its "core" support (meaning, public updates from Adobe) will end in just a couple of months, Feb 21 2021? Same for CFBuilder 2016.

The recent release of CF2021 is a great sign for the continued vitality of CF, but this looming deadline is a reminder that as the years roll on, we not only get new versions but we say good-bye to old ones.

Wondering what you can do? or when CF2018 or CF2021 support ends? And what's the difference between "core" and paid Adobe support plans? For more on these, as well as official Adobe documentation that discusses such things, read on.

[....Continue Reading....]

The many new and improved features in CF2021

You may have heard that the newest version of CF has been released, ColdFusion 2021. If you've not yet taken a look at what's new, you may be very surprised to find how much there is: from substantial support for several cloud services, to significant changes in CF installation/configuration/deployment, to dozens of new language features, as well as single sign on/SAML support, new kinds of databases supported, several enhancements to the PMT, cf admin-related changes, and more.

As with each CF release, there are features great and small--ones that may "sell" it, and ones that may simply make your life easier.

This is a follow-up to my post from last month, Getting started with "Project Stratus" public beta, aka CF2021. In that I highlighted some key info one would need to get started USING the prerelease, which came out in August, but I only briefly mentioned then some of the key new features. (I also explained why I had referred even then to it being CF2021, given info I'd found in the prerelease.)

In this post, I want to highlight more clearly what those new features are, nearly 60 of them in several categories!--just with a brief mention of the feature and perhaps its sub-features--and most important with a pointer to where to find them discussed in far more detail.

[....Continue Reading....]

New updates released for Java 8 and 11, Oct 2020

For those using the Long-term support (LTS) versions of Oracle Java, 8 and 11, please note that there were new updates released last week (Oct 20), specifically Java 11.0.9 and 8.0_271. For more on each, see the:

For some, that's all they need to hear.

And I could (and probably should) leave it at that. But there are other questions which folks will have, including more on getting those binaries/installers (from Oracle or Adobe), on the difference between those LTS versions and "more recent" Java versions, as well as non-Oracle JVMs, and on licensing matters and more. For those, read on. Perhaps I will split this other stuff out into its own post at some point, so I can just point to it from news of these Java updates.

[....Continue Reading....]

Come see my webinar at 2p ET today, "Differences Between CF Enterprise and Standard", via carahsoft

I'll be presenting my talk, "Differences Between ColdFusion Enterprise and Standard: More than you may think" online today (Oct 21, 2020) at 2pm Eastern. Just thought I'd share a heads-up here about that, which is being offered via Carahsoft's Adobe webinar series.

Sorry that I didn't post this sooner. (I'm just not great at promoting my talks: I forgot to mention here when I gave the talk on the online CFMeetup back in Sept--and this one today will be a slightly updated version.)

Anyone can register to attend the session, and I hope you will. You may be surprised to learn a few things.

Here's the description as offered on that Carahsoft site (and see below that on how "I am not Carahsoft"):

[....Continue Reading....]

Getting started with "Project Stratus" public beta, aka CF2021

Did you know that the public beta for CF2020 (or "CF2021", as I think the name will be) is now open, since August 2020? It's formally known by its code-name, "Project Stratus", or as some call it, "CF Next".

What matters most is that it's one of the boldest new versions of CF in quite some time. In this post, I want to share some tips about getting started with the beta, as I have seen many in the community left wondering about some things.

My focus here is not on "what's new" (I'll offer a brief list here, and more in a later post), but really just "how to get started", especially during the beta (or "prerelease") as some things are not as obvious as they perhaps should be. In fact, I make some pointed suggestions that I hope Adobe will consider, as well as share tips for you in the meantime.

In this post, I cover:

  • How easily anyone can join the public beta (Don't miss all that's on the prerelease front page)
  • Available documentation resources, don't miss them! (The 500-page (!) release notes, and separate system requirements and known issues docs)
  • Getting help with the prerelease, don't go it alone! (Filing bug reports, feature requests for the prerelease; asking for help and learning in the available prerelease forums)
  • The available installers and more
  • A taste of what's new (more to come in a later post)
  • About the use of the codename, Project Stratus

[....Continue Reading....]

It's looking like cf2020 will be cf2021, if I'm reading things right

As much as many have been referring to the new release (known for now as "Project Stratus") as "CF2020", it's looking like it may be instead "CF2021", if I'm reading the tea leaves right. And maybe it's only the name, not the actual release year. Let me explain (Hey, the bright side is that "2020" as a year is one many want to forget.)

[....Continue Reading....]

Come see my online talk, "Migrating or Comparing CF Admin Settings", at noon ET on Aug 13

Just thought I'd share a heads-up here on the blog that I'll be the speaker for the Online ColdFusion Meetup this week, Aug 13, at noon ET, presenting a new talk:

Migrating or Comparing CF Admin Settings, between instances, versions, and engines

You can learn more (including the description, the online meeting URL, where the recording will be posted, and more) at the meetup event page. FWIW, the session name had to be shortened a bit as presented on the meetup site there and even in the title here. :-)

As a bonus for you, my blog readers, I'll note that I'll be covering the CF migration and CAR features, the Commandbox CFConfig tool (which can be used for more than just "box" instances) and the CF2020 cfsetup tool (which has been shown publicly already), and more.

I'll also have a special surprise for people who "just want to compare the Admin settings of two instances without resorting to command-line tools, or hopping back and forth between browser tabs", using a free cross-platform GUI compare tool (and a simple trick in the CF Admin) which has delighted nearly everyone I've ever shown it to. And the tool can benefit you for far more than this one task. :-)

Why should one be careful about securing ColdFusion ARchive (CAR) files?

You may hear (starting today) about a new admonition (a "strong recommendation") from Adobe that one should be careful to "delete CAR files once they are used". What's that about? And why is it a concern? (And is it ever NOT a concern?) Indeed why is it a new admonition? (To be clear: the recommendation should be heeded even by those using CF versions BEFORE this update and older versions like 11, 10, and so on.)

The TLDR is this: If you create (or are given) a CF "CAR" (ColdFusion ARchive) file, you should treat that as a file that contains passwords, as technically it will, if what was exported into it was in fact any CF Admin setting which holds a password (there are several). No, the passwords are not in plain text within the CAR (which is just a zip). But the info needed to decrypt the passwords is in that file, and the CF Admin INTO WHICH such a CAR is imported will now have those passwords enabled within that CF Admin. Perhaps more dismaying, a savvy coder could easily use that info to convert the "encrypted" passwords into plain text in a single line of code. So one SHOULD indeed take care to secure such CAR files (if not delete them after use).

Do I have your attention now? Just a bit more tldr to preface the post...

Is the concern really unique to CAR files alone? And is deleting the CAR files the only way to "secure" them? No, but a difference is that CAR files may be passed around in a way that other "sensitive" CF files would not be. Indeed, what about the process of simply transporting them from one server to another? Should you be as concerned about that? And what if you don't WANT to delete them because they hold the CF Admin settings of record for an old CF instance you are removing? Should you even be concerned that a colleague also accessing your CF Admin might now use the info identified here to try to obtain a CAR file and use it in ways they should not? And what can you do to limit that? Finally, what about other tools that can save/transfer admin settings, like CFConfig in commandbox?

If you're interested in what's up (and if you or anyone on your server uses the CF Archive mechanism at all, you should be), then do read on. Same if you are not aware of what CAR files are used for, as I will explain.

[....Continue Reading....]

How can I keep CF Admin settings in sync between multiple servers or instances?

This question was asked today on the Adobe CF forums. The person had CF instances on multiple servers and lamented having to login to each CF admin to make changes that would apply equally to all instances, in particular creating or changing datasources. They wondered if in fact there was a feature in the CF Admin to "cluster" datasource definitions, like there is (since CF2016) the feature to "cluster" scheduled tasks.

I explained that there was not such a "feature" but that there were at least two options to achieve the goal. The answer was long enough (as is my wont) that I should have probably created a blog post instead. After submitting it, I decided to do just that, here (and I have tweaked here what I said, with some more elaboration and links).

Short answer: there are two tools that can help with this task, the CF Admin API (minimalist and manual), and the CFConfig tool within CommandBox (powerful and automated), as well as some seeming "shortcut" options (copying neo xml files, using symlinks, etc., which I'd advise strong caution against). I also give the CF CAR file feature an honorable mention.

For more on all this, read on.

[....Continue Reading....]

More Entries

Copyright ©2020 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting