[Looking for Charlie's main web site?]

New updates released for Java 8, 11, 17, 21, and 22 as of Apr 16 2024: resources and thoughts

It's that time again: there are new JVM updates released today (Apr 16, 2024) for the current long-term support (LTS) releases of Oracle Java, 8, 11, 17, and 21, as well as the new short-term release 22.

TLDR: The new updates are 1.8.0_411 (aka 8u411), 11.0.23, 17.0.11, 21.0.3, and 22.0.1 respectively). Crazy that there are now 5 current Java releases, I realize. More below, including more on each of them including what changed and the security fixes they each contain (including their CVE scores regarding urgency of concerns), offered in Oracle resources I list below. Oracle calls these updates "critical patch updates" (yep, CPU), but they are in fact scheduled quarterly updates, so that "critical" nomenclature may sometimes be a bit overstated. And as is generally the case with these Java updates, most of them have the same changes and fixes across the four JVM versions, though not always.

For some folks, that's all they need to hear. For others, read on.

[....Continue Reading....]

Recordings available for the recent 17-session Adobe ColdFusion Summit Online 2024

If you may have missed the news, Adobe recently held an online event over several weeks (Mid-Feb to Mid-March) where they had most of the presenters from the Adobe CF Summit 2023 in Vegas give repeats of their talks. Of course, it's a great way for those who can't attend the event to see the talks--and for the presenters it can be a great chance to tweak their talks since giving them a few months before.

And the recordings are all available online, and here's how to find them.

[....Continue Reading....]

Delighted to be presenting at CFCamp 2024, on "Using Redis for session storage in ACF and Lucee"

I'm delighted to share the news that I've been selected to be a presenter again at the wonderful CFCamp event, being held again June 13-14 in Munich, Germany. (I got the news last week but have been overwhelmed with recent work, so I've been behind posting such news. I have still more to come.)

As one of the premier conferences for both Adobe ColdFusion and Lucee, I highly recommend you attend the event if you can. Plus, if you don't live in Europe it's a great excuse to vacation on the continent and be tax-deductible at the same time! :-)

My talk this year (my 8th straight appearance at the event) will be a new one for me. Here are the details:

[....Continue Reading....]

Speaking online tonight at MMCFUG, on "What if no one is monitoring your DB server?"

Just wanted to share news for my readers here that tonight (Apr 9 at 7pm US Eastern time) I will be presenting at the online meeting of the Mid-Michigan CFUG, on the topic, "What if no one is monitoring your DB server?".

Anyone can join in live, and the meeting will also be recorded and posted eventually at their Youtube Channel.

Here's the description for my talk, which is also offered on my site's presentations page:

[....Continue Reading....]

Updates released for ColdFusion 2023/2021, Mar 12 2024: possible breaking change, solutions

This is a very important heads-up for my readers: there was an important security update released today by Adobe for ColdFusion 2023 (update 7) and 2021 (update 13). While as always there's much to say about what's changed in this update, I want to make this important clarification:

It's very important that people read the technote before "just applying this update". There is a very important (and fundamental) change in how CFML processes variables, with regard to searching for scopes when no scope is indicated on a variable name. It's NOT that you "must scope all your variables", as some are asserting. But it's still almost certainly a BREAKING change in many CF apps, if they use unscoped variables under certain conditions (that I discuss below). The change is for the sake of security, but it's just one aspect of the security fixes in this update.

Anyway, there are 3 things you can consider doing to rectify/work-around this breaking change, as I discuss below (or see the update technote, for this and more). And you may reasonably wonder what the implications would be of using the workarounds. You may also wonder if this scope matter relates to the CVE listed in the APSB (linked to below). That's currently unclear. It does not. As well, note that the Adobe security bulletin (link below) shows the security fix to be only a P3 (priority 3, the lowest severity), not a P1 (priority 1, the highest), though it IS regarded as "critical".1

But then there are still other aspects of the update beyond this scope matter, and you should be aware of those also.

For more, read on.

[....Continue Reading....]

Recent critical Lucee security vulns: make sure you're protected, finding out more about them

There has been important news released (this week and last week) about a critical Lucee security vuln (an RCS or remote code execution vuln). You'll want to make sure your Lucee instances are protected either by updates or configuration (or both). There are actually 3 matters to beware.

[....Continue Reading....]

Recording posted for my CF Online Summit talk, "Hidden Gems in CF2023"

Last week (Feb 15) I gave the first talk in the annual Adobe ColdFusion Online Summit for CF2024, and the recording of that session has now been posted by the Adobe CF team (as the first of many such recordings to come).

Description and slide deck/PDF

Recording (see also embedded video below)

Sorry that I didn't get a chance to offer a blog post announcing this talk (or the Online Summit). My wife had some rather significant surgery early last week (planned for, and she's ok), which had me quite busy taking care of her and my work. The announcing of this talk slipped between the cracks (but Adobe had announced it and the Online Summit themselves, of course). I have a few more posts to offer that have been delayed.

About the CF Online Summit

[....Continue Reading....]

Delighted to be speaking at Into the Box 2024, coming to DC in May

I'm delighted to announce that I've been selected to speak at Into the Box 2024, in DC, coming up in May. This will be my 5th time presenting at this wonderful event, going back to my first time in 2017.

My talk will be...

[....Continue Reading....]

Recordings and links for my presentations in Jan 2024, Dec 2023

I've done a few online presentations in recent weeks, and while I've done a blog post announcing each when it was upcoming, I was torn about also doing a blog post after each, just to mention their recording URL. I don't want people to feel there are "too many" posts. Also, since I use youtube live for the CFMeetup sessions, technically the url for the meeting is indeed the same one to use to view the recording of it: so if you know one, you know both.

But some people seem to notice when news is shared of a recording being made available, so here you go.:-) These are 4 sessions I've done in Jan 2024 and Dec 2023.

[....Continue Reading....]

Presenting "The Many Capabilities of CF Package Management and cfpm", Thurs Jan 25, Online

Do you feel you understand all there is to know about the CF Package Management feature (and cfpm tool), added by Adobe in CF2021? It has far more capabilities than most may realize.

So I'll be presenting a talk on this topic, online this Thursday, at noon US Eastern, on the CFMeetup youtube livestream (which will be recorded). Folks who are members of the Online ColdFusion Meetup will have already gotten email notification about this, including the meeting URL, but for those who are not members here are the details:

[....Continue Reading....]

More Entries

Copyright ©2024 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting