[Looking for Charlie's main web site?]

How and why your sites may break, and what to do, after applying March 2020 update to CF2018 or 2016

This is a critical warning to anyone who may apply the recent CF2018 Update 8 or CF2016 Update 14, released Tuesday of this week. To be clear, I do not mean with this warning to suggest that you should NOT apply the update! It implements an important security fix.

Instead, it's that after applying it, your CF web sites served via IIS or Apache WILL likely break initially, until you take one at least and perhaps two extra steps. The good news is that these steps are both easy and documented by Adobe in the update technotes, but they do require that someone do them, if needed. Let me explain.

[Update: I did an abbreviated version of this post on the Adobe CF portal: Three reasons your sites may break, and how to fix them, after applying March 2020 update to CF2018 or 2016. Note I also titled it differently. Just trying many ways to get people's attention. That post may interest some, either to read first (but my TLDR below also tries to abbreviate things also), or especially if you may prefer to give others a link to a post on this matter that is not as "dense" as this one. :-) I do point to this post from there, of course, for the many additional details that some may appreciate.]

Sadly, because many people don't bother to read the CF update technotes (linked to below), and they just apply the CF updates, they are not noticing this issue until they or their users start screaming because their sites are down. There's also a fair bit of "screaming" in the CF community, and folks responding may not know the info that I (or Adobe) have shared, to get things "working again", so I hope this helps bring some calm, and most important the clear solution/s needed.

[....Continue Reading....]

Did you know that CF2018 imports environment vars into the Server scope?

This is a hidden gem that I never saw documented anywhere: CF2018 now imports environment variables into the CF "server" scope, specifically:

server.system.environment

and java system properties into:

server.system.properties

(Thanks to Sean C for catching a mistake in the initial post.)

I learned of it last year when Pete F tweeted about it, and I assumed someone else would do a post about it, but the topic came up in a discussion today and I was surprised to not be able to find any mention of it, other than that and his mention of it in his cfdocs.org site.

And yes, Lucee had it first (as proposed initially in 2015). :-)

The feature can be useful, whether you're setting such vars when running a (Docker) container, or via JVM args, etc., and you want to be able to access them within CFML.

When and how to upgrade CF web server connector, easier since CF2016

Did you know that when you update ColdFusion, there is often a need to also update the web server connector (for IIS and/or Apache)? In this post, I discuss how you can know when to do it (Adobe makes that easier since CF2016), as well as how to do it (also easier since CF2016), and why it's important.

[....Continue Reading....]

Preview available for new ColdFusion updates for CF2016 and 2018

Update (Nov 20, 2019): Adobe announced today that they'd come out with the "final" versions of this pair of "preview" updates. If you already applied either one, you don't need to do the update, as they are unchanged from the preview. But do note that if you changed your CF Admin update "settings" feature to point to the new "preview" feed url, you should use the button there to revert back to the default update feed url.

Adobe has announced today (Nov 13, 2019) new preview updates for ColdFusion 2016 (preview update 13) and 2018 (preview update 6).

https://coldfusion.adobe.com/2019/11/preview-builds-coldfusion-2018-release-update-6-and-coldfusion-2016-release-update-13-released

These updates address issues reported with the Sept 2019 updates (which I was tracking and warned about when the update was released). If you experienced any of those or other issues discussed in Adobe's post, you should try out the new updates while they are in this preview mode (to share with Adobe any remaining concerns) over the next couple of weeks.

Notice also my initial comment in that Adobe post, with a couple of potentially important reminders regarding the preview, as well as a reminder of my plea for a new approach to updates that would allow one to select to get only the latest security updates of a new update (deferring any bug fixes or new features to the next update), which could have helped many in the case of the Sept updates, that had so many issues seemingly caused by new features and bug fixes.

Folks may want to hold off on the Sep 24 2019 CF updates

Update (Nov 20, 2019): Adobe announced today that they'd come out with a new set of updates to fix the problems in the Sep 24 updates. Today's updates address the various issues reported below about the Sept update. It's important to proceed with performing the updates, for the benefit of the security updates as I discussed below back in Sept.

I shared here Tuesday the news that Adobe had announced there were new updates for CF2018 and 2016, released that day.

But as has happened every few releases, a lot of folks are reporting various problems, enough for me to say that folks may want to hold off on applying these updates, which I realize is a risky proposition since the update includes security fixes. More on that below.

--
Update Nov 13: Adobe has released a preview of new updates, meant to address the issues in these Sep 2019 updates. For more, see my post: https://www.carehart.org/blog/client/index.cfm/2019/11/13/preview_available_for_new_coldfusion_updates//

Update Sep 27: Adobe has commented below (Sep 27) saying that there are now fixes available for the bugs reported (but that you must request each directly from them, and that an update refresh is not planned). See Vamsee's comment below, and my reply to that (asking for a bit more detail). For now, I have added any links I've seen to fixes for any of these.
--

Of course, if you need something in the update and want to try it, just be sure to do ample testing, and check out some of the problems people are reporting below. And beware that some issues may only happen under load, so you may not find them in your own testing.

Otherwise, let's see if Adobe may either "refresh" the update or may well "pull" it, as they did with the Feb 2019 updates for CF 2016 and 11, when they replaced those with another a week later (see the "Note" about it at the top of that page).

For more, read on.

[....Continue Reading....]

Sep 2019 updates released for CF2018 and CF2016, with a strange twist

Adobe has announced today Sep 24 2019 that there are new updates for CF2018 (update 5) and CF2016 (update 12).

As an update to this post, I have offered a new post, pointing out that many people are having problems with this set of updates here. So I would recommend folks hold off on applying it for now. I will update this (and that) if we hear new info from Adobe.

Beyond adding important security and bug fixes as seems typical, this update offers several new or changed features, as well as updated support for things (such as Java 12), as is also often the case.

Uniquely, though, this update is the first ever to require that you must first have updated to the PREVIOUS update before applying this new one. So those on CF2018 must first be on update 4 before going to this new update 5, while those on CF2016 must be first on update 11 before going to this new update 12.

As always, I share a bit more here, for my readers.

[....Continue Reading....]

Configuring FusionReactor to show "real ip address" when behind a load balancer or other proxy

If your server is behind a load balancer or other sort of proxy, you may have noticed that when you view information about requests in FusionReactor, they all have the same (or nearly the same) IP address. This can be easily fixed, and I show you how in this post.

[....Continue Reading....]

Speaking at CFCamp 2019, for the 10th time!

Following on my recent announcement about speaking at CF Summit 2019, I am delighted to announce also that I've been selected to speak at CFCamp 2019, in Munich this October.

This will be my sixth year in a row presenting at this wonderful event, and my seventh year total. It will also be my 10th presentation there. (You can see all my past presentations, including when and where offered, at carehart.org/presentations.)

FWIW, half of those talks have been "sponsor" presentations on behalf of Intergral, the makers of FusionReactor, while the rest were not. And despite the title of my talk this year, "Comparing Monitoring Solutions for CF and Lucee", it is NOT an FR-sponsored talk. See the description below, for more.

[....Continue Reading....]

CF2020 to offer still-better deployment on Docker, cloud

There's great news coming regarding Adobe ColdFusion 2020, with regard to deployment of CF via Docker images and/or in the cloud.

Adobe's Director of Engineering for CF, Ashish Garg, recently held a wide-ranging interview with Michaela Light (on the CF Alive podcast) about the CF2020 roadmap. Ashish shared news of some substantial changes planned in the next release regarding modularity in the engine, the size of installers/containers, and their startup time, as well as matters like licensing of containers, logging within them, monitoring of them, and more.

[....Continue Reading....]

Come learn about getting started with CF Docker images at CF Summit 2019

Docker imageI'm terribly behind in announcing it, but I'm thrilled that I've been selected to speak again at Adobe CF Summit 2019, to be held in Vegas Oct 1 and 2 (with the pre-con on Sep 30). Both topics are on using Adobe's ColdFusion Docker images, and are designed for people who have not yet gotten into Docker at all, or for those familiar with Docker but not the Adobe CF images.

After sharing the talk titles and descriptions, first for the hour-long session and then for the day-long pre-conference session, I'll share a couple more thoughts, especially for those considering going to the conference, which I highly recommend.

[....Continue Reading....]

More Entries

Copyright ©2020 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting