Recent critical Lucee security vulns: make sure you're protected, finding out more about them
But some people seem to notice when news is shared of a recording being made available, so here you go.:-) These are 4 sessions I've done in Jan 2024 and Dec 2023.
So I will be presenting presented a talk on this topic, online this Thursday, at noon US Eastern, on the CFMeetup youtube livestream (which will be was recorded). Folks who are members of the Online ColdFusion Meetup will already have gotten notification about this, but for those who are not, here are the details:
And as important, if you may have skipped some Java updates before this one, there are some additional points to consider regarding some potentially important changes in updates you may be skipping.
In this post, I cover several topics in both those areas.
It's been on my site as my "CFUpdate" page (linked to from my old-school top-level nav bar), and I've kept the page updated. [Hey, updating my meta resource on updates. That's SO meta!]
But I suspect a lot of people may never find it for one reason or another, so I wanted to offer a link to it here.
Check it out, and I welcome comments or feedback here.
You can learn more (in brief) about what's new in the bullets for 9.2.0 offered at the release notes page.
TLDR: For some folks, news of the new version is all the need to hear. For those who may like to hear a bit more about the update, read on.
Update 9/1/22: the recording was posted. I'll link to it in the discussion about getting access to those (not free, for now).
The preconference sessions (like the full conference sessions next week) are NOT free, but they ARE available to anyone who signs up for the conference, which is just $99 (until midnight Sep 6) for a virtual pass, giving you access to over 30 sessions on all kinds of content related to CF, CFML, Lucee, and web technology. More in a moment about finding more on those sessions and accessing recordings, which ARE included in that virtual event ticket.
First, as for my talk, it will be:
Some good news is that ColdFusion offers simple ways/variables that can show you each of these, via the admin or via CFML code. In this post, I discuss both approaches, including a simple single variable which works in CF2018 and above, a variation for those on CF2016 and earlier, as well as variations for Lucee.
Note: This blog post is from 2020. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.This is a hidden gem that I never saw documented anywhere: CF2018 now imports environment variables into the CF "server" scope, specifically:
and java system properties into:
(Thanks to Sean C for catching a mistake in the initial post.)
I learned of it last year when Pete F tweeted about it, and I assumed someone else would do a post about it, but the topic came up in a discussion today and I was surprised to not be able to find any mention of it, other than that and his mention of it in his cfdocs.org site.
And yes, Lucee had it first (as proposed initially in 2015). :-)
The feature can be useful, whether you're setting such vars when running a (Docker) container, or via JVM args, etc., and you want to be able to access them within CFML.
Note: This blog post is from 2019. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.If your server is behind a load balancer or other sort of proxy, you may have noticed that when you view information about requests in FusionReactor, they all have the same (or nearly the same) IP address. This can be easily fixed, and I show you how in this post.