[Looking for Charlie's main web site?]

My upcoming talk, "ColdFusion at 25: not the kid most have stuck in their minds"

As you may have heard by now, the free Adobe CF Developer Week 2021 will be held June 22-24. My session will be on June 22 at 4p Central in Track 2. While currently the DevWeek site only offers session titles and speakers (descriptions were added after I posted this: click the + sign to the right of each talk), here is mine, from the "presentations" page here on my site:

ColdFusion at 25: not the kid most have stuck in their minds

As ColdFusion turns 26 next month, many seem stuck remembering it only as the "teen" they knew or even the "child", when instead it's grown up to be a capable "adult", impressive in many ways, and even more so recently. In this session, we'll look back at how CF has indeed evolved into a very capable platform, with quite modern features that seem to surprise many--including people working with it currently. If you struggle "finding CF people" or "getting buy-in", perhaps these observations could help you with both challenges. If nothing else, they're things designed simply to help you get your job done, while keeping up with modern practices.

We'll start with many modern coding techniques--which will be familiar to those using more "modern" languages but that many don't realize CF supports, and may have for years. We'll then look at ways that things such as CF installation/deployment, configuration/administration, monitoring, security, and more have improved over the years. And we'll look not only at CF itself but the community surrounding it, ranging from resources for help and learning to tools and services that others have created, making CF a far more complete ecosystem than most give it credit. Put another way: it's not your father's CF!

I look forward to presenting this topic and hope you'll come check it out.

New updates released for Java 8 and 11, April 20 2021

For those using the Long-term support (LTS) versions of Oracle Java, 8 and 11, please note that there were new updates released last week (Apr 20), specifically Java 11.0.11 and 8.0_291. For more on each, see the:

For some, that's all they need to hear. For others, read on.

[....Continue Reading....]

Confirming ColdFusion's Java version via CFML code

Have you ever wished you could confirm with 100% certainty what Java version is in use by the CF instance you are running? Or where the JVM's location is (in case you are told to modify files related to it)?

Some good news is that ColdFusion offers simple ways/variables that can show you each of these, via CFML code. In this post, I share that. I share first a simple single variable which works in CF2018 and above, then I offer a variation for those on CF2016 and earlier, as well as variations for Lucee.

[....Continue Reading....]

Be aware that updates to ColdFusion 2016 will end Feb 2021

Are you still running ColdFusion 2016? Did you know that its "core" support (meaning, public updates from Adobe) will end in just a couple of months, Feb 21 2021? Same for CFBuilder 2016.

The recent release of CF2021 is a great sign for the continued vitality of CF, but this looming deadline is a reminder that as the years roll on, we not only get new versions but we say good-bye to old ones.

Wondering what you can do? or when CF2018 or CF2021 support ends? And what's the difference between "core" and paid Adobe support plans? For more on these, as well as official Adobe documentation that discusses such things, read on.

[....Continue Reading....]

Why should one be careful about securing ColdFusion ARchive (CAR) files?

You may hear (starting today) about a new admonition (a "strong recommendation") from Adobe that one should be careful to "delete CAR files once they are used". What's that about? And why is it a concern? (And is it ever NOT a concern?) Indeed why is it a new admonition? (To be clear: the recommendation should be heeded even by those using CF versions BEFORE this update and older versions like 11, 10, and so on.)

The TLDR is this: If you create (or are given) a CF "CAR" (ColdFusion ARchive) file, you should treat that as a file that contains passwords, as technically it will, if what was exported into it was in fact any CF Admin setting which holds a password (there are several). No, the passwords are not in plain text within the CAR (which is just a zip). But the info needed to decrypt the passwords is in that file, and the CF Admin INTO WHICH such a CAR is imported will now have those passwords enabled within that CF Admin. Perhaps more dismaying, a savvy coder could easily use that info to convert the "encrypted" passwords into plain text in a single line of code. So one SHOULD indeed take care to secure such CAR files (if not delete them after use).

Do I have your attention now? Just a bit more tldr to preface the post...

Is the concern really unique to CAR files alone? And is deleting the CAR files the only way to "secure" them? No, but a difference is that CAR files may be passed around in a way that other "sensitive" CF files would not be. Indeed, what about the process of simply transporting them from one server to another? Should you be as concerned about that? And what if you don't WANT to delete them because they hold the CF Admin settings of record for an old CF instance you are removing? Should you even be concerned that a colleague also accessing your CF Admin might now use the info identified here to try to obtain a CAR file and use it in ways they should not? And what can you do to limit that? Finally, what about other tools that can save/transfer admin settings, like CFConfig in commandbox?

If you're interested in what's up (and if you or anyone on your server uses the CF Archive mechanism at all, you should be), then do read on. Same if you are not aware of what CAR files are used for, as I will explain.

[....Continue Reading....]

How to solve failing "api" URLs, in CF2016 and 11 (not a problem in CF2018)

If you're trying to run a request against CF 2016 (or perhaps 11), and the URL you're using has a path which starts with /api, you may find that the request fails to run (it may give a blank page). What gives? (It was related to the CF2016 API Manager, not CF's REST services feature.)

And what can you do about it, if you are on CF2016 or 11, and you want to use /api for your URLs? There are are two choices, depending on your needs: in brief, you can either:

  • change your /api folder to a new name (which I realize may not appeal to all to some)
  • or change the CF configuration, to STOP it treating /api specially for the API Manager's use. You would do this by editing two CF config files, urlworkermap.properties and web.xml (but this will break the ability of the API Manager to introspect REST services in CF2016 or CF11, though not CF2018)

TLDR; if you're bold and a risk taker, you can jump to the bottom to see my list of changes to make for that second option. As is often the case, there is risk in making changes in a cavalier fashion. There are various things to consider, and I warn of them below--but the good news is that this is a change that may take only minutes to do, once you've been careful to read about how to do it effectively.

Read on for more, including pros and cons of each choice, what to change and where, why this problem NO LONGER happens from CF2018 onward, and more.

(And if you are not familiar with the CF Enterprise API Manager, which is installed separately from CF, you can read about it here.)

[....Continue Reading....]

When and how to upgrade CF web server connector, easier since CF2016

Did you know that when you update ColdFusion, there is often a need to also update the web server connector (for IIS and/or Apache)? In this post, I discuss how you can know when to do it (Adobe makes that easier since CF2016), as well as how to do it (also easier since CF2016), and why it's important.

[....Continue Reading....]

Configuring FusionReactor to show "real ip address" when behind a load balancer or other proxy

If your server is behind a load balancer or other sort of proxy, you may have noticed that when you view information about requests in FusionReactor, they all have the same (or nearly the same) IP address. This can be easily fixed, and I show you how in this post.

[....Continue Reading....]

Updates released today for CF2018, CF2016, and CF11

While word has been shared elsewhere about this today already, I wanted to share here also that there were updates released today for CF2018, CF2016, and CF11.

And I share a bit more here, for my readers.

[....Continue Reading....]

CF updates temporarily missing. Get them here

If you've tried to get the update files for cf 2018, 2016, 11, or 10 in recent days, whether from the CF Admin "updates" page or the update technote pages, you've found the update jar files are missing and unavailable, due to a temporary problem. Here's how to get them in the meantime.

[....Continue Reading....]

More Entries

Copyright ©2021 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting