Bug I've reported: Adobe Tracker email notifications seem to have ceased in 2024
https://tracker.adobe.com/#/view/TKR-290
If you have experienced the issue, please add a vote to the ticket.
https://tracker.adobe.com/#/view/TKR-290
If you have experienced the issue, please add a vote to the ticket.
And it seems easily solved: they should just list the installed version on its own line on the page, above the dropdown.
If you agree that this should be addressed, please do add a vote at the tracker ticket I just posted:
https://tracker.adobe.com/#/view/CF-4221716
Sometimes Adobe only implements changes if many ask for it (though sadly, as in this case, some just grumble at an annoyance they may hit only rarely and they move on without ever reporting it. I didn't find anyone else having reported this there, before I created my ticket.)
If you need more info to understand the problem, I'll save you going to look at the ticket by repeating here what I wrote there:
TLDR: The new updates are 1.8.0_411 (aka 8u411), 11.0.23, 17.0.11, 21.0.3, and 22.0.1 respectively). Crazy that there are now 5 current Java releases, I realize. More below, including more on each of them including what changed and the security fixes they each contain (including their CVE scores regarding urgency of concerns), offered in Oracle resources I list below. Oracle calls these updates "critical patch updates" (yep, CPU), but they are in fact scheduled quarterly updates, so that "critical" nomenclature may sometimes be a bit overstated. And as is generally the case with these Java updates, most of them have the same changes and fixes across the four JVM versions, though not always.
For some folks, that's all they need to hear. For others, read on.
And the recordings are all available online, and here's how to find them.
As one of the premier conferences for both Adobe ColdFusion and Lucee, I highly recommend you attend the event if you can. Plus, if you don't live in Europe it's a great excuse to vacation on the continent and be tax-deductible at the same time! :-)
My talk this year (my 8th straight appearance at the event) will be a new one for me. Here are the details:
Anyone can join in live, and the meeting will also be recorded and posted eventually at their Youtube Channel.
Here's the description for my talk, which is also offered on my site's presentations page:
It's very important that people read the technote before "just applying this update". There is a very important (and fundamental) change in how CFML processes variables, with regard to searching for scopes when no scope is indicated on a variable name. It's NOT that you "must scope all your variables", as some are asserting. But it's still almost certainly a BREAKING change in many CF apps, if they use unscoped variables under certain conditions (that I discuss below). The change is for the sake of security, but it's just one aspect of the security fixes in this update.
Anyway, there are 3 things you can consider doing to rectify/work-around this breaking change, as I discuss below (or see the update technote, for this and more). And you may reasonably wonder what the implications would be of using the workarounds. You may also wonder if this scope matter relates to the CVE listed in the APSB (linked to below). That's currently unclear. It does not. As well, note that the Adobe security bulletin (link below) shows the security fix to be only a P3 (priority 3, the lowest severity), not a P1 (priority 1, the highest), though it IS regarded as "critical".1
But then there are still other aspects of the update beyond this scope matter, and you should be aware of those also.
For more, read on.
Description and slide deck/PDF
Recording (see also embedded video below)
Sorry that I didn't get a chance to offer a blog post announcing this talk (or the Online Summit). My wife had some rather significant surgery early last week (planned for, and she's ok), which had me quite busy taking care of her and my work. The announcing of this talk slipped between the cracks (but Adobe had announced it and the Online Summit themselves, of course). I have a few more posts to offer that have been delayed.
My talk will be...