[Looking for Charlie's main web site?]

Delighted to be presenting at CFCamp 2024, on "Using Redis for session storage in ACF and Lucee"

I'm delighted to share the news that I've been selected to be a presenter again at the wonderful CFCamp event, being held again June 13-14 in Munich, Germany. (I got the news last week but have been overwhelmed with recent work, so I've been behind posting such news. I have still more to come.)

As one of the premier conferences for both Adobe ColdFusion and Lucee, I highly recommend you attend the event if you can. Plus, if you don't live in Europe it's a great excuse to vacation on the continent and be tax-deductible at the same time! :-)

My talk this year (my 8th straight appearance at the event) will be a new one for me. Here are the details:

[....Continue Reading....]

Speaking online tonight at MMCFUG, on "What if no one is monitoring your DB server?"

Just wanted to share news for my readers here that tonight (Apr 9 at 7pm US Eastern time) I will be presenting at the online meeting of the Mid-Michigan CFUG, on the topic, "What if no one is monitoring your DB server?".

Anyone can join in live, and the meeting will also be recorded and posted eventually at their Youtube Channel.

Here's the description for my talk, which is also offered on my site's presentations page:

[....Continue Reading....]

Updates released for ColdFusion 2023/2021, Mar 12 2024, possible breaking change, solutions

This is a very important heads-up for my readers: there was an important security update released today by Adobe for ColdFusion 2023 (update 7) and 2021 (update 13). While as always there's much to say about what's changed in this update, I want to make this important clarification:

It's very important that people read the technote before "just applying this update". There is a very important (and fundamental) change in how CFML processes variables, with regard to searching for scopes when no scope is indicated on a variable name. It's NOT that you "must scope all your variables", as some are asserting. But it's still almost certainly a BREAKING change in many CF apps, if they use unscoped variables under certain conditions (that I discuss below). The change is for the sake of security, but it's just one aspect of the security fixes in this update.

Anyway, there are 3 things you can consider doing to rectify/work-around this breaking change, as I discuss below (or see the update technote, for this and more). And you may reasonably wonder what the implications would be of using the workarounds. You may also wonder if this scope matter relates to the CVE listed in the APSB (linked to below). That's currently unclear. It does not. As well, note that the Adobe security bulletin (link below) shows the security fix to be only a P3 (priority 3, the lowest severity), not a P1 (priority 1, the highest), though it IS regarded as "critical".1

But then there are still other aspects of the update beyond this scope matter, and you should be aware of those also.

For more, read on.

[....Continue Reading....]

Recent critical Lucee security vulns: make sure you're protected, finding out more about them

There has been important news released (this week and last week) about a critical Lucee security vuln (an RCS or remote code execution vuln). You'll want to make sure your Lucee instances are protected either by updates or configuration (or both). There are actually 3 matters to beware.

[....Continue Reading....]

Recording posted for my CF Online Summit talk, "Hidden Gems in CF2023"

Last week (Feb 15) I gave the first talk in the annual Adobe ColdFusion Online Summit for CF2024, and the recording of that session has now been posted by the Adobe CF team (as the first of many such recordings to come).

Description and slide deck/PDF

Recording (see also embedded video below)

Sorry that I didn't get a chance to offer a blog post announcing this talk (or the Online Summit). My wife had some rather significant surgery early last week (planned for, and she's ok), which had me quite busy taking care of her and my work. The announcing of this talk slipped between the cracks (but Adobe had announced it and the Online Summit themselves, of course). I have a few more posts to offer that have been delayed.

About the CF Online Summit

[....Continue Reading....]

Delighted to be speaking at Into the Box 2024, coming to DC in May

I'm delighted to announce that I've been selected to speak at Into the Box 2024, in DC, coming up in May. This will be my 5th time presenting at this wonderful event, going back to my first time in 2017.

My talk will be...

[....Continue Reading....]

Recordings and links for my presentations in Jan 2024, Dec 2023

I've done a few online presentations in recent weeks, and while I've done a blog post announcing each when it was upcoming, I was torn about also doing a blog post after each, just to mention their recording URL. I don't want people to feel there are "too many" posts. Also, since I use youtube live for the CFMeetup sessions, technically the url for the meeting is indeed the same one to use to view the recording of it: so if you know one, you know both.

But some people seem to notice when news is shared of a recording being made available, so here you go.:-) These are 4 sessions I've done in Jan 2024 and Dec 2023.

[....Continue Reading....]

Presenting "The Many Capabilities of CF Package Management and cfpm", Thurs Jan 25, Online

Do you feel you understand all there is to know about the CF Package Management feature (and cfpm tool), added by Adobe in CF2021? It has far more capabilities than most may realize.

So I'll be presenting a talk on this topic, online this Thursday, at noon US Eastern, on the CFMeetup youtube livestream (which will be recorded). Folks who are members of the Online ColdFusion Meetup will have already gotten email notification about this, including the meeting URL, but for those who are not members here are the details:

[....Continue Reading....]

Presenting "Updating the Java underlying ColdFusion: considering it, doing it" Thurs Jan 18, Online

As most know, ColdFusion runs atop Java (and has since CF6). Did you know that JVM updates come out quarterly (including one just this week)? While some may find the process of doing them to be "old hat", others are often surprised to discover it's their responsibility to keep that Java updated. And on the surface, "installing Java" is easy--but like so many other things, "the devil is in the details".

So I will be presenting presented a talk on this topic, online this Thursday, at noon US Eastern, on the CFMeetup youtube livestream (which will be was recorded). Folks who are members of the Online ColdFusion Meetup will already have gotten notification about this, but for those who are not, here are the details:

[....Continue Reading....]

Several things to consider when applying updates to Java (aka the JVM, JDK, JRE)

If you learn there's a new Java update available, it may well be relatively simple for you to apply that update, but if you're running important applications that rely on Java, it's in your interest to give some consideration to various matters related to doing such an update.

And as important, if you may have skipped some Java updates before this one, there are some additional points to consider regarding some potentially important changes in updates you may be skipping.

In this post, I cover several topics in both those areas.

[....Continue Reading....]

More Entries

Copyright ©2024 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting