[Looking for Charlie's main web site?]

New Oracle JVM update released, July 16 2019

Just a heads-up for folks using CF, Lucee, and other Java-based apps and app servers: Oracle has released today a new JVM update, for Java 8 and 11. It's update 221 for Java 8 (1.8.0_221), and update 4 for Java 11 (11.0.4).

I've discussed the matter of JVM updates relative to CF--and several important things to consider--in another post I did for the last update (in April), on the Adobe CF portal: https://coldfusion.adobe.com/2019/04/updates-available-java-8-11-apr-16-2019/. In that, I cover topics such as:

  • Which Java can I use with the version of CF I have installed?
  • Am I really able to use Java 11 (and Java 8 updates after 202) in production?
  • Where can I download the Java updates?
  • How do I update the Java that CF is running?
  • What if I have problems updating the Java that CF uses?
  • What if I have problems applying the CF update (so that I can run Java 11)?

All my answers there are as relevant now as they were then. (That said, whereas that update offered two variants for Java 8, as 211 and 212, this update has only the one, 221.)

Finally, note that as of this writing (5p Central on the 19th), the JVM installers and files are NOT available on the Adobe CF downloads page, section on JVM files. If past experience is a guide, it may not appear for several days. (See my comments on whether that should "matter" for you, in the aforementioned blog post.)

And as I explain in the post, I have other past blog posts that can help if you will be trying the JVM update yourself, or I can help through my troubleshooting consulting.

Updates released today for CF2018, CF2016, and CF11

While word has been shared elsewhere about this today already, I wanted to share here also that there were updates released today for CF2018, CF2016, and CF11.

And I share a bit more here, for my readers.

[....Continue Reading....]

When you know you're doing the right thing: some representative comments from clients

For years I've had a "references" page on my site, where I'd post comments folks have shared in their emails back to me after our consulting engagements. I get their permission before posting, of course.

Well, I got a really nice one today, and I thought I'd share it here also, as it really does capture well what I strive to do in my work:

[....Continue Reading....]

CF updates temporarily missing. Get them here

If you've tried to get the update files for cf 2018, 2016, 11, or 10 in recent days, whether from the CF Admin "updates" page or the update technote pages, you've found the update jar files are missing and unavailable, due to a temporary problem. Here's how to get them in the meantime.

[....Continue Reading....]

"Charlie, we'd like to buy CF. Are you an Adobe reseller?"

I've had clients ask the above question over the years, including today. The short answer is "no", but I do have a recommendation of who you should consider buying CF from, at a discount, and with other benefits.

[....Continue Reading....]

CF security update (March 1 2019), part 2: further details, prevention, and more

This is my part 2 post which follows onto the Part 1, released the night of March 1, when the new CF updates were released as an emergency update. If you've not yet read that, do that first, to get some basic info and needed context for what follows.

And if you HAVE already read part 1, if it was before Saturday morning, do go back and reread it. I had added some important info that I thought shouldn't wait to Part 2, which I knew could take me a while. See especially the sections there, "A brief introduction to the vulnerability and the fix", "Should you be worried?", and "What if you can't apply the update immediately, and can't wait for part 2?".

And my apologies for the delay in getting part 2 out. For various reasons, including related to additional research work I'm doing on this exploit beyond CF, I was unable to post this then. Better late than never, I hope. Indeed, I had listed quite a lot in Part 1 that I hoped to cover in a part 2. I don't want to delay getting this out any later, so I will get done today what I can and post that, and carry over into a part 3 (or beyond) whatever remains. There are some natural breaks, fortunately. Thanks for your patience.

Following are what I cover here in Part 2:

  • More detail about the vulnerability and what was "fixed"
  • Wouldn't an antivirus package on the server detect this sort of trojan?
  • How to add further protection from it (especially if you may be unable to implement the update for some reason)
  • Considering running a security scan of your CFML code
  • Consider implementing a web application firewall
  • How to prevent execution of the files used in the attack, if they may already be on your server
  • Another benefit of applying the latest updates
  • What about Lucee?

[....Continue Reading....]

Urgent CF security update released March 1 2019, for CF11/2016/2018, Part 1

This is an urgent announcement to ColdFusion users: Adobe has released a security update today, March 1 2019, for CF 11 update 18, CF2016 update 10, and 2018 update 3.

All CF shops are urged to install this update immediately, to implement new protections against a known attack happening in the wild. It's identified in the associated Adobe Product Security Bulletin, APSB19-14, as a priority 1 critical vulnerability.

I will add that I can vouch personally for the significance of the vulnerability, as I reported it to the Adobe Product Security Incident Response Team (PSIRT), and I proposed the fix which was implemented. (I also know what was done specifically to perpetrate the attack, and the very negative consequences of what happened once the server of a client of mine was attacked. You don't want this to happen to you.) I plan to share much more in a part 2 post (now posted, but do see below for the context it builds upon).

(In the meantime, I have tweaked this part 1 since originally posting it, to share more here.)

[....Continue Reading....]

"Hidden Gems in ColdFusion 2018", a multi-part series on the Adobe Portal

Over the past few weeks I have been begun posting a multi-part series of blog entries on Hidden Gems in CF2018. This is being posted on the Adobe CF portal, rather than here (by my choice).

It's basically presenting the same info I've been offering in my talk of the same name, such as at conferences like CF Summit and CFCamp last year, and that I will at the CF Summit East 2019 in DC in April. Of course, in blog form I can elaborate things a little more.

So far I have done the following parts:

[....Continue Reading....]

Top 10 CArehart.org blog posts of 2018

Yep, I'm a bit late on this. :-) Here are what I might propose to be the top 10 posts of mine from 2018 (by my own choice, and in reverse chronological order):

[....Continue Reading....]

My 4-part webinar series, "Troubleshooting with FusionReactor", starts Jan 30

Tomorrow (Jan 30, 2019) I am beginning a planned 4-part series of new FusionReactor webinars (to add to the 13 topics I've already done, as listed at the FusionReactor Webinars page).

These all-new ones will focus on Troubleshooting with FusionReactor and are geared toward helping folks new to FR--or perhaps experienced but a bit bemused by its many features--to better understand how to use it to troubleshoot problems in your app server (CF, Lucee, or any Java server).

The parts in the new series (with links here to register directly to attend) will be:

[....Continue Reading....]

More Entries

Copyright ©2019 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting