You can find lots of info in the CF and IT worlds about the log4jshell (or log4shell) "pandemic", since the news broke late Dec 9. If you have not found those yet, first here's a post I did on the Adobe CF portal yesterday with my thoughts (and a "mask" to consider, especially while we await a formal update, "the shot", from Adobe):

My lengthier post at the CF Portal: Dealing with the recent log4j vulnerability, before Adobe releases an update

I have more that I offered originally in this post here, on my carehart.org blog, but first I want to track recent updates and news since I first posted these two blog entries on the morning of Dec 14:

[....Continue Reading....]

Update: The session recordings were posted at the Adobe CF portal videos page, and the link to my talk is here: https://video.tv.adobe.com/v/339406.

My talk will be a reprisal and update of my traditional "hidden gems" talk, this one focused especially on things that have changed since the initial release of ColdFusion 2021 (and my talk at last year's Summit):

Hidden gems in CF2021, a year later

It's been a year since the release of CF 2021, and also since Charlie Arehart offered his "hidden gems" talk at last year's CF Summit. Perhaps you caught his talk then, or not, and maybe you've started using the release--or still have not. Either way, there've been a number of updates as well as some changes in features since the release. In this updated talk, Charlie helps both audiences consider aspects of ColdFusion 2021 that they may have missed.

TLDR; The first improvement is one I've been looking forward to for years: the display of JDBC time spent and time spent calling out to remote services on the pages that list requests, like active/longest/slow requests. This will really speed up assessment of the reason of slowness in listed requests. See the screenshot below, and still more as well as another new feature.

[....Continue Reading....]

TLDR; While the original CF AWS Lambda feature (removed shortly after the release) let you CREATE AWS Lambda/serverless packages written in CFML, the feature as "returned" to us now in update 2 only allows you to CALL AWS Lambda functions from within CFML. That's QUITE a difference.

And sure, there's value in being able to call AWS LAMBDAS in cfml, as I'll note. (And yes, it's already possible to execute cfml in AWS Lambdas in Lucee via Fuseless, as I also note later.) I just am really hopeful that at some later point the original capability will be returned.

Below, I share how I came to understand things..including more on what was possible before, what we were even teased by over the summer in the prerelease of CF2021 update 2, and then finally what the current capability allows.

[....Continue Reading....]

The new updates are 1.8.0_311, (aka 8u311), 11.0.13, and 17.0.1, respectively).

For more on them, including information on the security fixes and bug fixes they each contain, see the Oracle resources I list below, as well as some additional info I offer for if you may be skipping to this from a JVM update from before Apr 2021, as well as info for Adobe ColdFusion users on where to find the updated Java versions, what JVM versions Adobe CF supports, and more.

[....Continue Reading....]

TLDR; A most basic message to hear is "get off of CF9", or any version of CF that is no longer supported. But for the sake of those who wonder, "while I work on that, is my CF 9 really impacted?", I address that, and more. But again updating 9 to just "leave it at that" and get on with your life is NOT the main message to be hearing!

Of course, it's always risky to run old versions of software, and to be clear, CF9 was released in 2009 and CF8 in 2007. Sadly, some shops drag their feet to keep even such old software updated (they each got updates for 5 years after their release). But the problem is really coming home to roost for some.

Who's affected, and who's not? And what can you do, if still on CF9 or 8? And what more is known about the attack?

For more, read on. (BTW, yes I am aware that this is not "new info", as some were sharing it as much as 2 weeks ago. It simply took me time to gather up all the info below, to provide more specifics than those general interest articles were sharing.)

[....Continue Reading....]

I've seen the problem raised often enough that when I saw someone raising it this weekend, I decided to solve it by creating a new folder in the cfmlrepo.com site, at least for CF2021 and CF2018 (for now), offering there the initial versions of all the neo-*.xml files for those two editions.

For more information, see what I shared (including more background on the issue, where I got the files, where I put the files, and more) in my reply about all this to the CF Community thread where the user raised the need this weekend.

And for the sake of those who may "just want the files" without any need of explanation or warnings:

• cfmlrepo folder of neo-*.xml files for CF2021
• cfmlrepo folder of neo-*.xml files for CF2018

I welcome thoughts, feedback, or suggestions.

Of course, if you view your FR on-premises user interface, that should inform you when a new version is available (at least since FR versions of the past couple of years). You can also learn of FR updates via the FR downloads page.  As for what the update offers, that's offered in the release notes, whose link is also offered on that downloads page above. 

For the TL;DR crowd, if the brief several words per fix offered in those release notes may be enough for you, you're done. If instead you're left wondering just what they may be referring to, I can elaborate. The changes are things I'm especially glad to see.

[....Continue Reading....]

[....Continue Reading....]

Adobe informed speakers after the session about how their session was rated by attendees. Mine got 4.5 out of 5 for "content quality of the session" and 4.4 out of 5 for "speaker's knowledge of the subject". I hope those folks will help me know where I could improve on those. I got no feedback, though I offer my email and social media handle on the title page and every slide. :-)

I offer a PDF of those slides (as well as a link to the recording and the session description) on my "presentations" page link for the talk.

[....Continue Reading....]