What if you want it back? In this post, I explain what changed, why, and how to get the functionality back--albeit at your own risk. For more, read on.
Read on for more details.
Update Jul 2023: Before considering what I share in this post, note that if you have updated your CF to use the Java update from Jul 2023, the cause of this error may be due to a totally different issue. See my post from July 2023 on that matter.
Update Feb 2023: In mid-February 2023, Adobe did re-sign their jars and placed them on the uploads site so that either the CF Admin update download or anyone performing a manual download after that date WOULD get the newly signed jars, and the problem below then no longer happens. (They are now signed as "SHA256withRSA, 4096-bit key".) I leave the rest here still for those who would want to understand what DID happen and why the update jars that were in place then DID change (slightly) for this reason.
Note: This blog post is from 2022. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.Here's a heads-up that some will want to hear about: there are new JVM updates released today (Jul 19, 2022) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17, as well as the new interim update 18. (Note that prior to Java 9, releases of Java were known technically as 1.x, so 8 is referred to in resources below as 1.8.)
TLDR: The new updates are 1.8.0_341, (aka 8u341), 11.0.16, 17.0.4, and 18.0.1 respectively). And as is generally the case with these Java updates, most of them have the same changes and fixes as each other (though not always).
Oracle calls them "critical patch updates" (yep, CPU), but they are scheduled quarterly updates, so take that "critical" nomenclature for what it is. For more on each of them, including what changed and the several security fixes they each contain (including their CVE scores regarding urgency of concerns), see the Oracle resources I list below. I also a bit more if you may be skipping to this from a JVM update from before Apr 2021, as well as info for Adobe ColdFusion users on where to find the updated Java versions, what JVM versions Adobe CF supports, and more.
For some folks, that's all they need to hear. For others, read on for topics like:
Note: This blog post is from 2022. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.New JVM updates have been released today (Apr 19, 2022) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17, as well as the new interim update 18. (Note that prior to Java 9, releases of Java were known technically as 1.x, to 8 is referred to in resources below as 1.8.)
The new updates are 1.8.0_331, (aka 8u331), 11.0.15, 17.0.3, and 18.0.1 respectively). And as is generally the case with these Java updates, most of them have the same changes and fixes.
For more on them, including changes as well as the security and bug fixes they each contain, see the Oracle resources I list below, as well as some additional info I offer for if you may be skipping to this from a JVM update from before Apr 2021. I also offer info for Adobe ColdFusion users on where to find the updated Java versions, what JVM versions Adobe CF supports, and more.
Note: This blog post is from 2022. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.I had blogged in early November about how FusionReactor 8.7.4 had added at that time a new feature where it lists on request summary pages the DB and API Time of each request, so you could readily tell how much of a request's duration might have been caused by time spent waiting for either of those kinds of resources.
Now in 8.7.7, which was released last week (Mar 1), the benefit of that feature has been extended so that a) the same information is written to both the FusionReactor request logs and b) it's also now available in FR crash protection alert emails. In this post, I'll show you examples of what's changed for each, and I'll note another related changes in the prior FR update, 8.7.6.
Note: This blog post is from 2022. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.New JVM updates have been released last week (Jan 18, 2022) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17. (Note that prior to Java 9, releases of Java were known technically as 1.x, to 8 is referred to in resources below as 1.8.) I'd shared the news in a tweet last week, but was delayed in getting this post out.
The new updates are 1.8.0_321, (aka 8u321), 11.0.14, and 17.0.2, respectively).
For more on them, including information on the security fixes and bug fixes they each contain, see the Oracle resources I list below, as well as some additional info I offer for if you may be skipping to this from a JVM update from before Apr 2021, as well as info for Adobe ColdFusion users on where to find the updated Java versions, what JVM versions Adobe CF supports, and more.
Note: This blog post is from 2021. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.FusionReactor version 8.7.4 was released recently (Oct 28. 2021), and while the release notes list several improvement (and a few bug fixes), I want to highlight in particular a couple of new features.
TLDR; The first improvement is one I've been looking forward to for years: the display of JDBC time spent and time spent calling out to remote services on the pages that list requests, like active/longest/slow requests. This will really speed up assessment of the reason of slowness in listed requests. See the screenshot below, and still more as well as another new feature.
Note: This blog post is from 2021. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.New JVM updates have been released yesterday (Oct 19, 2021) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17. (Note that prior to Java 9, releases of Java were known technically as 1.x, to 8 is referred to in resources below as 1.8.) While the news has been announced by Oracle and shared in the IT press, I know that some of my readers don't necessarily follow those sources closely.
The new updates are 1.8.0_311, (aka 8u311), 11.0.13, and 17.0.1, respectively).
For more on them, including information on the security fixes and bug fixes they each contain, see the Oracle resources I list below, as well as some additional info I offer for if you may be skipping to this from a JVM update from before Apr 2021, as well as info for Adobe ColdFusion users on where to find the updated Java versions, what JVM versions Adobe CF supports, and more.
Note: This blog post is from 2021. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.If you're running CF9 or 8, beware: a recent spate of ransomware attacks have occurred, hitting such old CF servers that were not updated (in ways offered by Adobe in 2010!) This news has been reported in various security industry press, but I want to share here more that they generally did not.
TLDR; A most basic message to hear is "get off of CF9", or any version of CF that is no longer supported. But for the sake of those who wonder, "while I work on that, is my CF 9 really impacted?", I address that, and more. But again updating 9 to just "leave it at that" and get on with your life is NOT the main message to be hearing!
Of course, it's always risky to run old versions of software, and to be clear, CF9 was released in 2009 and CF8 in 2007. Sadly, some shops drag their feet to keep even such old software updated (they each got updates for 5 years after their release). But the problem is really coming home to roost for some.
Who's affected, and who's not? And what can you do, if still on CF9 or 8? And what more is known about the attack?
For more, read on. (BTW, yes I am aware that this is not "new info", as some were sharing it as much as 2 weeks ago. It simply took me time to gather up all the info below, to provide more specifics than those general interest articles were sharing.)
Managed Hosting Services provided by
