[Looking for Charlie's main web site?]

A third Priority 1 CF security update has been released, Jul 19 2023

Just days after two P1 CF security updates were released on Jul 11 and 14, Adobe has released yet another on Jul 19.

Yes, this is shocking. Yes, unless there's a good explanation, I can understand how many would feel "someone on the CF team should be flogged". Don't shoot me: I'm just the messenger. I don't work for Adobe.

But I will add that in this post, besides just sharing news about the update (and more than JUST pointing to the update), I also offer an ADDITIONAL "fix" some will want to consider, to go BEYOND what this update addresses. See the discussion on "blocking the _cfclient query string".

Read on for more, where I cover:

  • Finding more info on this update
  • A suggestion on blocking the _cfclient query string
  • News for those doing manual offline installs: this update DOES have a zip
  • As for doing a Java update along with this update
  • CF2018 WAS indeed also updated

[....Continue Reading....]

FusionReactor 10.0.1 update released Jun 22 2023: resources and thoughts

If you're using FusionReactor, note that a 10.0.1 update was released last month, Jun 22, with a few bug fixes/improvements. (Sorry for the delay in reporting this. It's been a busy few weeks.)

For more on the update, as well as help on installing such FR updates, read on.

[....Continue Reading....]

New updates released for Java 8, 11, 17, and 20 as of Jul 18 2023: resources and thoughts

It's that time again: there are new JVM updates released today (Jul 18, 2023) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17, as well as the current interim update 20.

TLDR: The new updates are 1.8.0_381 (aka 8u381), 11.0.20, 17.0.8, and 20.0.2 respectively). For more on each of them, including what changed and the security fixes they each contain (including their CVE scores regarding urgency of concerns), see the Oracle resources I list below. Oracle calls them "critical patch updates" (yep, CPU), but they are in fact scheduled quarterly updates, so that "critical" nomenclature may sometimes be a bit overstated. And as is generally the case with these Java updates, most of them have the same changes and fixes across the 4 JVM versions, though not always.

For some folks, that's all they need to hear. For others, read on.

[....Continue Reading....]

A second priority 1 CF security update in one week, released Jul 14 2023

Just days after a P1 security update released on Jul 11, Adobe has released yet another on Jul 14. (I don't recall such a short gap between updates before, so yes: it's unusual.)

For more on the update, and some additional thoughts, read on.

[....Continue Reading....]

P1 security update released Jul 11 2023 for ColdFusion 2023, 2021, and 2018

Folks using CF2023, 2021, or 2018 will want to know that a Priority 1 security update has been released today affecting all 3 releases, update 1 for CF2023 (its first), update 7 for CF2021, and update 17 for CF2018 (its last). The security bulletin indicates that the updates "resolve critical and important vulnerabilities that could lead to arbitrary code execution and security feature bypass".

Update: 3 days after this update, Adobe released yet another, and then 4 days after that they released yet another, both p1 security updates. While I have posts on each of the two subsequent updates, the one on Jul 14 and then the one on Jul 19, the information below is still important and has details that I do not repeat in the later post.

For more resources as well as some additional thoughts on the updates, read on.

[....Continue Reading....]

Presenting "CF Scheduled Tasks: more than you may know, and should" at Hawaii CF Meetup, Jul 28

On Jul 28 at 6pm US Eastern, I'll be offering this talk (online) on the Hawaii ColdFusion Meetup (hosted by John Barrett). For more on the topic and its motivation, read on.

[....Continue Reading....]

FusionReactor 10 released, May 18 2023: resources and thoughts

If you're using FusionReactor, note that a new version 10 (10.0.0) released yesterday, May 18. While it's a new major release number, most of the items listed as new aren't really things that you will "see" as changed in the interface. I don't quite want to call it just "plumbing"--the folks had their reason to regard the new and changed features as warranting the major version number increase.

For more, read on.

[....Continue Reading....]

ColdFusion 2023 released, May 17 2023: resources and thoughts

ColdFusion 2023 has been released today, May 17 2023. For more on the many features, see the following several Adobe blog posts and substantial documentation resources they released also today, about which I offer some additional comment below.

I also discuss changes in OS support (saving you having to compare the docs discussing that), as well as the change to CF2023 running on Java 17 (which you could miss, as it's not highlighted by Adobe in any of the announcement resources.) I also discuss changes in the licensing document/EULA (again, to save you having to do that comparison), as well as an observation about pricing (it has not changed since CF2021).

I also discuss some migration considerations and close by pointing out the Hidden Gems in CF2023 talk that I did, based on the prerelease. I plan to update that in time based on this final release.

[....Continue Reading....]

FusionReactor 9.2.2 released Mar 1 2023, can track query cache count per app, fixes memory issues

TLDR; In case you missed it, FusionReactor 9.2.2 was released on March 1, 2023, and among its new features it can optionally now track CF query cache counts per app (as I'll show). It also fixes an important issue of CF 2021 or 2018 "suddenly using a lot of heap memory" which was caused by a change introduced in FR 9.2 as released in mid-Jan, and 9.2.2 also adds new JVM args and UI elements to control the features related to that (as I'll show). There are a couple of other bug fixes/changes as are tracked in the FR release notes.

For some, that news is all they need to hear. For others, read on for more details (including why the delay in my announcing this).

[....Continue Reading....]

Delighted to be speaking at CFCamp 2023

I'm delighted to announce that I've been selected to speak at CFCamp 2023, in Munich this June. This will be my 7th year in a row presenting at this wonderful event (not counting when it was skipped in 2020-22), and my 8th year total.

(While I said "thrilled" about my previous two conference announcements, saying "delighted" here is not a downgrade. Just a desire not to sound repetitive!)

My talk will be...

[....Continue Reading....]

More Entries

Copyright ©2024 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting