[Looking for Charlie's main web site?]

Recent critical Lucee security vulns: make sure you're protected, finding out more about them

There has been important news released (this week and last week) about a critical Lucee security vuln (an RCS or remote code execution vuln). You'll want to make sure your Lucee instances are protected either by updates or configuration (or both). There are actually 3 matters to beware.

[....Continue Reading....]

Recordings and links for my presentations in Jan 2024, Dec 2023

I've done a few online presentations in recent weeks, and while I've done a blog post announcing each when it was upcoming, I was torn about also doing a blog post after each, just to mention their recording URL. I don't want people to feel there are "too many" posts. Also, since I use youtube live for the CFMeetup sessions, technically the url for the meeting is indeed the same one to use to view the recording of it: so if you know one, you know both.

But some people seem to notice when news is shared of a recording being made available, so here you go.:-) These are 4 sessions I've done in Jan 2024 and Dec 2023.

[....Continue Reading....]

Presenting "Updating the Java underlying ColdFusion: considering it, doing it" Thurs Jan 18, Online

As most know, ColdFusion runs atop Java (and has since CF6). Did you know that JVM updates come out quarterly (including one just this week)? While some may find the process of doing them to be "old hat", others are often surprised to discover it's their responsibility to keep that Java updated. And on the surface, "installing Java" is easy--but like so many other things, "the devil is in the details".

So I will be presenting presented a talk on this topic, online this Thursday, at noon US Eastern, on the CFMeetup youtube livestream (which will be was recorded). Folks who are members of the Online ColdFusion Meetup will already have gotten notification about this, but for those who are not, here are the details:

[....Continue Reading....]

Several things to consider when applying updates to Java (aka the JVM, JDK, JRE)

If you learn there's a new Java update available, it may well be relatively simple for you to apply that update, but if you're running important applications that rely on Java, it's in your interest to give some consideration to various matters related to doing such an update.

And as important, if you may have skipped some Java updates before this one, there are some additional points to consider regarding some potentially important changes in updates you may be skipping.

In this post, I cover several topics in both those areas.

[....Continue Reading....]

My meta resource page about updating CF, the Java underlying it, the wsconfig, and more

With all the recent updates to CF (and the ongoing need to keep up and related things up-to-date), I wanted to share some news: I've long had on my site a meta resource page regarding keeping ColdFusion updated, where I offered both links and tips related to updating CF as well as the JVM underlying CF, the web server connector(wsconfig), the CF PMT, FusionReactor, CF Builder (old Eclipse and new VSCode versions) and even Lucee.

It's been on my site as my "CFUpdate" page (linked to from my old-school top-level nav bar), and I've kept the page updated. [Hey, updating my meta resource on updates. That's SO meta!]

But I suspect a lot of people may never find it for one reason or another, so I wanted to offer a link to it here.

Check it out, and I welcome comments or feedback here.

What's new in FusionReactor 9.2.0, released Jan 18 2023

If you're a user of the wonderful FusionReactor monitoring and observability solution (for ColdFusion, Lucee, Java servers and more), you may delight in hearing news of a new FusionReactor (FR) version. 9.2.0 was released last week, Jan 18, 2023.

You can learn more (in brief) about what's new in the bullets for 9.2.0 offered at the release notes page.

TLDR: For some folks, news of the new version is all the need to hear. For those who may like to hear a bit more about the update, read on.

[....Continue Reading....]

Presenting tomorrow on comparing CF docker images, at IntotheBox Precon

Just a heads-up to my readers that I'll be giving a talk tomorrow (Thurs, Sep 1 at noon Eastern) on "Comparing and contrasting Docker images from Ortus, Adobe, and Lucee", at the Into the Box "pre-conference" event.

Update 9/1/22: the recording was posted. I'll link to it in the discussion about getting access to those (not free, for now).

The preconference sessions (like the full conference sessions next week) are NOT free, but they ARE available to anyone who signs up for the conference, which is just $99 (until midnight Sep 6) for a virtual pass, giving you access to over 30 sessions on all kinds of content related to CF, CFML, Lucee, and web technology. More in a moment about finding more on those sessions and accessing recordings, which ARE included in that virtual event ticket.

First, as for my talk, it will be:

[....Continue Reading....]

Confirming ColdFusion's Java version, via admin, vars, or code

Have you ever wished you could confirm with 100% certainty what Java version is in use by the CF instance you are running? Or where the JVM's location is (in case you are told to modify files related to it)?

Some good news is that ColdFusion offers simple ways/variables that can show you each of these, via the admin or via CFML code. In this post, I discuss both approaches, including a simple single variable which works in CF2018 and above, a variation for those on CF2016 and earlier, as well as variations for Lucee.

[....Continue Reading....]

Did you know that CF2018 imports environment vars into the Server scope?

Note: This blog post is from 2020. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
This is a hidden gem that I never saw documented anywhere: CF2018 now imports environment variables into the CF "server" scope, specifically:

server.system.environment

and java system properties into:

server.system.properties

(Thanks to Sean C for catching a mistake in the initial post.)

I learned of it last year when Pete F tweeted about it, and I assumed someone else would do a post about it, but the topic came up in a discussion today and I was surprised to not be able to find any mention of it, other than that and his mention of it in his cfdocs.org site.

And yes, Lucee had it first (as proposed initially in 2015). :-)

The feature can be useful, whether you're setting such vars when running a (Docker) container, or via JVM args, etc., and you want to be able to access them within CFML.

Configuring FusionReactor to show "real ip address" when behind a load balancer or other proxy

Note: This blog post is from 2019. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
If your server is behind a load balancer or other sort of proxy, you may have noticed that when you view information about requests in FusionReactor, they all have the same (or nearly the same) IP address. This can be easily fixed, and I show you how in this post.

[....Continue Reading....]

More Entries

Copyright ©2024 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting