[Looking for Charlie's main web site?]

ColdFusion March 2023 emergency update, and what to do about it

If you've not heard, a new update has been released (March 14, 2023) for ColdFusion 2021 and 2018. Despite what you may hear, this is an URGENT (rated "Priority 1" by Adobe) update that everyone should apply ASAP, for reasons I will explain in this post. In fact, Hackernews reported yesterday (Mar 16) that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) had issued an urgent warning about this, giving federal agencies a deadline to apply the update.

TLDR; For some folks, the above may be all you need to hear: you may be dropping your coffee and donuts now to get the update applied. Still others will see this "huge post" and think, "crap, I don't have time for this". For you, skip to the bottom and its "concluding key points". You can then decide what you think you do or don't "need to know" and pick and choose from the sections as you like.

Finally, for those who prefer because of the importance of all this to be led more carefully through understanding things (in a way that's worked for the many people I have helped so far this week, and is far more than either Adobe or Hackernews has shared), please do read on.

[....Continue Reading....]

The 100 most interesting posts on the Adobe ColdFusion blog, the past 3 years

Note: This blog post is from 2017. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
The Adobe ColdFusion team blog often has really some interesting content, but I find that some people are either not aware of the blog or just don't keep up on it, or perhaps they have trouble finding something they saw before or maybe heard was there.

So here I present what I feel are the 100 (technically, 105) most interesting/useful posts made there over the past 3 years (2014-16), offering information about CF and CFML which should be valuable to readers for years to come.

[....Continue Reading....]

The ColdFusion 'metrics log', an oft-missed or misunderstood feature, 'new' since CF10 (Part 1)

Note: This blog post is from 2016. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
I'd like to take a diversion from my recent posts focused on CF2016 and talk about something that applies (and should interest) anyone using CF 10, 11, or 2016.

Have you heard of the new "metrics log" option that was enabled in CF10? If you have not, it's worth knowing about (there's precious little documentation, and I'll point to it, and give you still more info to help you use it). It's a useful, low-impact mechanism to get some high-level metrics logged by CF every 60 seconds (by default), and stored along with other CF logs.

If you did know about it, you've probably had some problems with it. Why does it show "nulls"? What do reported metrics really mean? Why do they not jive with what I'd expect to be the numbers reported?

In this post, and a Part 2 to come, I will introduce the metrics log, pointing out some key things you need to know to have it setup to work at all, and then I'll share my observations of things I've come to understand about the reported metrics.

[....Continue Reading....]

ColdFusion 2016: Changes in the CF Administrator

Note: This blog post is from 2016. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
As folks continue to explore ColdFusion (2016 Release), aka CF2016, regarding what's new or changed, I thought I'd put together a listing of what has changed in the CF Admin specifically. This is another in a series of posts I started last week on CF2016.

[....Continue Reading....]

Released today: CF2016, or 'ColdFusion (2016 release)'. What's new, and more

Note: This blog post is from 2016. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
If you're not following the Adobe CF team blog, you may have missed the announcement there today of the newest version of CF, ColdFusion 2016. More on the name in a moment.

And while that Adobe blog post mentions a few of the main new features, as is nearly always the case it leaves out many other new features which may interest folks. It also doesn't point to resources to learn more. I do those things here in this post.

[....Continue Reading....]

Great set of substantial, practical, but brief videos on IIS

Note: This blog post is from 2016. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
This isn't "new" information, though it was new to me this week. I came across this excellent set of youtube videos, 50 substantial yet brief overviews of key IIS topics from IIS/.NET/Windows guru Scott Forsyth.

I offer the list of topic titles (and links to them) below, and have even created a YouTube playlist with them, but note that the links below go to pages that the author had created where he offered a helpful introduction to each video (more than appears in the Youtube description for each).

I had also wanted to offer here this brief overview of them, to set the context and encourage you to view them, so as not to dismiss them if other tech video series haven't impressed you. Whether you're new to IIS 7 or 8, or an old hat user, there really is something for everyone, including wonderful little tips he shares in passing during most videos (which average about 10-20 minutes each).

[....Continue Reading....]

Monitoring ColdFusion web server connectors, more on Tomcat 'Status Workers'

Note: This blog post is from 2015. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
If you're running CF 10 or above, there was a very interesting post on the Adobe CF blog, from July 19 2015, entitled, Configuring Status Worker in Connectors. The Adobe blog post title may not have caught your attention, but it's about setting up a lightweight and built-in Tomcat monitoring feature for observing the status of the Tomcat web server connector.

You may want to consider enabling it, but I would add some caveats and observations that I share below. Note that it's really quite easy to enable, and DOES NOT require a restart of CF (only of your web server, or technically in IIS, a recycling of the application pool/s--a web site restart is not enough) to take effect.

[....Continue Reading....]

CF911: Help, How do I connect sites to a new instance w/ the ColdFusion 10/11 webserver config tool?

Note: This blog post is from 2015. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
This one causes a lot of heartburn for folks: you add a new instance in CF10 or 11 (in editions other than Standard, which do support adding instances), and you find that you can't seem to have the web server configuration tool (wsconfig) connect sites to that new instance(s). You never see the new instance listed in the UI of the wsconfig tool. What gives?

The solution is relatively easy, and the problem could maybe be fixed (or at least warned about) by Adobe (and I just filed a bug report for it). Until that happens, I wanted to share this. For more, read on.

[....Continue Reading....]

ColdFusion Lockdown/Security guides: there are several, and some you may have missed

Note: This blog post is from 2014. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
While helping people with various problems in my CF server troubleshooting services, I often have the chance to help people identify security vulnerabilities, especially in their configuration of CF and/or their web server, and sometimes related to their code.

I was wanting to point out to someone the various ColdFusion security resources, and while I have a category on them in my CF411 site, I thought this was a list worth pulling out into its own blog entry and expanding a bit.

You may be surprised to find that there are more to CF security guidelines than just the venerable server "lockdown guide" (for those administering and configuring CF, the OS, and the web server, among other things).

Did you know that there have been "developer security guidelines" as well, focused instead on coding? This latter guide has gone through three iterations, including just recently, as I'll discuss along with the lockdown guides, below.

[....Continue Reading....]

An interesting solution to problems with ColdFusion 10 and IIS 404 handlers

Note: This blog post is from 2014. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
There was an interesting solution proposed today on the Adobe forums, to address a problem some folks are having with CF10, where they find problems using an IIS 404 error handlers set to pass to a CF page. I found it helped with one of my consulting clients, so I wanted to share the news with others readers here who may benefit.

[....Continue Reading....]

More Entries

Copyright ©2024 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting