[Looking for Charlie's main web site?]

My presentation will open CF DevWeek this week: CF, more modern than most realize

Just thought I'd post a reminder for folks that I am giving the opening session for the 2022 CF Dev Week, running July 18-22. Registration is free, of course.

My session will be at 9a 930a Eastern on Monday July 18:

[....Continue Reading....]

Announcing Java updates of Apr 2022 for for Java 8, 11, 17, and 18: resources and thoughts

New JVM updates have been released today (Apr 19, 2022) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17, as well as the new interim update 18. (Note that prior to Java 9, releases of Java were known technically as 1.x, to 8 is referred to in resources below as 1.8.)

The new updates are 1.8.0_331, (aka 8u331), 11.0.15, 17.0.3, and 18.0.1 respectively). And as is generally the case with these Java updates, most of them have the same changes and fixes.

For more on them, including changes as well as the security and bug fixes they each contain, see the Oracle resources I list below, as well as some additional info I offer for if you may be skipping to this from a JVM update from before Apr 2021. I also offer info for Adobe ColdFusion users on where to find the updated Java versions, what JVM versions Adobe CF supports, and more.

[....Continue Reading....]

Announcing Java updates of Jan 2022 for Java 8, 11, and 17: resources and thoughts

New JVM updates have been released last week (Jan 18, 2022) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17. (Note that prior to Java 9, releases of Java were known technically as 1.x, to 8 is referred to in resources below as 1.8.) I'd shared the news in a tweet last week, but was delayed in getting this post out.

The new updates are 1.8.0_321, (aka 8u321), 11.0.14, and 17.0.2, respectively).

For more on them, including information on the security fixes and bug fixes they each contain, see the Oracle resources I list below, as well as some additional info I offer for if you may be skipping to this from a JVM update from before Apr 2021, as well as info for Adobe ColdFusion users on where to find the updated Java versions, what JVM versions Adobe CF supports, and more.

[....Continue Reading....]

Announcing Java updates of Oct 2021 for 8, 11, and 17: resources and thoughts

New JVM updates have been released yesterday (Oct 19, 2021) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17. (Note that prior to Java 9, releases of Java were known technically as 1.x, to 8 is referred to in resources below as 1.8.) While the news has been announced by Oracle and shared in the IT press, I know that some of my readers don't necessarily follow those sources closely.

The new updates are 1.8.0_311, (aka 8u311), 11.0.13, and 17.0.1, respectively).

For more on them, including information on the security fixes and bug fixes they each contain, see the Oracle resources I list below, as well as some additional info I offer for if you may be skipping to this from a JVM update from before Apr 2021, as well as info for Adobe ColdFusion users on where to find the updated Java versions, what JVM versions Adobe CF supports, and more.

[....Continue Reading....]

My upcoming talk, "ColdFusion at 25: not the kid most have stuck in their minds"

Note: This blog post is from 2021. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
As you may have heard by now, the free Adobe CF Developer Week 2021 will be held June 22-24. My session will be on June 22 at 4p Central in Track 2. While currently the DevWeek site only offers session titles and speakers (descriptions were added after I posted this: click the + sign to the right of each talk), here is mine, from the "presentations" page here on my site:

ColdFusion at 25: not the kid most have stuck in their minds

As ColdFusion turns 26 next month, many seem stuck remembering it only as the "teen" they knew or even the "child", when instead it's grown up to be a capable "adult", impressive in many ways, and even more so recently. In this session, we'll look back at how CF has indeed evolved into a very capable platform, with quite modern features that seem to surprise many--including people working with it currently. If you struggle "finding CF people" or "getting buy-in", perhaps these observations could help you with both challenges. If nothing else, they're things designed simply to help you get your job done, while keeping up with modern practices.

We'll start with many modern coding techniques--which will be familiar to those using more "modern" languages but that many don't realize CF supports, and may have for years. We'll then look at ways that things such as CF installation/deployment, configuration/administration, monitoring, security, and more have improved over the years. And we'll look not only at CF itself but the community surrounding it, ranging from resources for help and learning to tools and services that others have created, making CF a far more complete ecosystem than most give it credit. Put another way: it's not your father's CF!

I look forward to presenting this topic and hope you'll come check it out.

Announcing Java updates of Apr 2021 for 8 and 11: resources and thoughts

Note: This blog post is from 2021. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
For those using the Long-term Support (LTS) versions of Oracle Java, 8 and 11, please note `there were new updates released last week (Apr 20), specifically Java 11.0.11 and 8.0_291. For some, that's all they need to hear. They will take that ball and run with it.

For most, you should read on, especially about an important change regarding TLS support (and calling out to servers not yet running TLS 1.2 or above). I cover that and other important topics:

  • What's in the JVM update, do you need to update to it?
  • A key change in this Java update: calls out to TLS 1.1 or 1.0 no longer allowed, by default
  • Re-enabling support for calling out to old TLS versions
  • Groundhog day: you'll need do make this java.security file change on any later JVM updates
  • Should you update to the new JVM version?
  • The importance of testing such updates/changes
  • More questions you may surely have, and finding answers to them
  • Obtaining the updated Java installers

[....Continue Reading....]

Confirming ColdFusion's Java version, via admin, vars, or code

Note: This blog post is from 2021. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
Have you ever wished you could confirm with 100% certainty what Java version is in use by the CF instance you are running? Or where the JVM's location is (in case you are told to modify files related to it)?

Some good news is that ColdFusion offers simple ways/variables that can show you each of these, via the admin or via CFML code. In this post, I discuss both approaches, including a simple single variable which works in CF2018 and above, a variation for those on CF2016 and earlier, as well as variations for Lucee.

[....Continue Reading....]

Be aware that updates to ColdFusion 2016 will end Feb 2021

Note: This blog post is from 2020. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
Are you still running ColdFusion 2016? Did you know that its "core" support (meaning, public updates from Adobe) will end in just a couple of months, Feb 21 2021? Same for CFBuilder 2016.

The recent release of CF2021 is a great sign for the continued vitality of CF, but this looming deadline is a reminder that as the years roll on, we not only get new versions but we say good-bye to old ones.

Wondering what you can do? or when CF2018 or CF2021 support ends? And what's the difference between "core" and paid Adobe support plans? For more on these, as well as official Adobe documentation that discusses such things, read on.

[Update: CF2016 users got a "reprieve" of sorts, when Adobe released updates to CF2021 and 2018 in March 2021, and they also offered the final update to CF2016, update 17, especially because it address a security vulnerability. Sadly, some of the changes in the update--not related to the security fix--were "breaking" changes. For more on that update, see the Adobe blog post from March 2021.)

[....Continue Reading....]

Why should one be careful about securing ColdFusion ARchive (CAR) files?

Note: This blog post is from 2020. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
You may hear (starting today) about a new admonition (a "strong recommendation") from Adobe that one should be careful to "delete CAR files once they are used". What's that about? And why is it a concern? (And is it ever NOT a concern?) Indeed why is it a new admonition? (To be clear: the recommendation should be heeded even by those using CF versions BEFORE this update and older versions like 11, 10, and so on.)

[....Continue Reading....]

How and why your sites may break, and what to do, after applying March 2020 update to CF2018 or 2016

Note: This blog post is from 2020. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
This is a critical warning to anyone who may apply the recent CF2018 Update 8 or CF2016 Update 14, released Tuesday of this week (on Mar 20, 2020). And readers in the future should note it will apply if and as you may update CF from any update BEFORE this one to any update AFTER this one.

To be clear, I do not mean with this warning to suggest that you should NOT apply the update! It implements an important security fix.

Instead, it's that after applying it, your CF web sites served via IIS or Apache WILL likely break initially, until you take one at least and perhaps two extra steps. The good news is that these steps are both easy and documented by Adobe in the update technotes, but they do require that someone do them, if needed. Let me explain.

[Update: I did an abbreviated version of this post on the Adobe CF portal: Three reasons your sites may break, and how to fix them, after applying March 2020 update to CF2018 or 2016. Note I also titled it differently. Just trying many ways to get people's attention. That post may interest some, either to read first (but my TLDR below also tries to abbreviate things also), or especially if you may prefer to give others a link to a post on this matter that is not as "dense" as this one. :-) I do point to this post from there, of course, for the many additional details that some may appreciate.]

Sadly, because many people don't bother to read the CF update technotes (linked to below), and they just apply the CF updates, they are not noticing this issue until they or their users start screaming because their sites are down. There's also a fair bit of "screaming" in the CF community, and folks responding may not know the info that I (or Adobe) have shared, to get things "working again", so I hope this helps bring some calm, and most important the clear solution/s needed.

[....Continue Reading....]

More Entries

Copyright ©2024 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting