[Looking for Charlie's main web site?]

Urgent CF security update released March 1 2019, for CF11/2016/2018, Part 1

This is an urgent announcement to ColdFusion users: Adobe has released a security update today, March 1 2019, for CF 11 update 18, CF2016 update 10, and 2018 update 3.

All CF shops are urged to install this update immediately, to implement new protections against a known attack happening in the wild. It's identified in the associated Adobe Product Security Bulletin, APSB19-14, as a priority 1 critical vulnerability.

I will add that I can vouch personally for the significance of the vulnerability, as I reported it to the Adobe Product Security Incident Response Team (PSIRT), and I proposed the fix which was implemented. (I also know what was done specifically to perpetrate the attack, and the very negative consequences of what happened once the server of a client of mine was attacked. You don't want this to happen to you.) I plan to share much more in a part 2 post (now posted, but do see below for the context it builds upon).

(In the meantime, I have tweaked this part 1 since originally posting it, to share more here.)

[....Continue Reading....]

"Hidden Gems in ColdFusion 2018", a multi-part series on the Adobe Portal

Over the past few weeks I have been begun posting a multi-part series of blog entries on Hidden Gems in CF2018. This is being posted on the Adobe CF portal, rather than here (by my choice).

It's basically presenting the same info I've been offering in my talk of the same name, such as at conferences like CF Summit and CFCamp last year, and that I will at the CF Summit East 2019 in DC in April. Of course, in blog form I can elaborate things a little more.

So far I have done the following parts:

[....Continue Reading....]

Top 10 CArehart.org blog posts of 2018

Yep, I'm a bit late on this. :-) Here are what I might propose to be the top 10 posts of mine from 2018 (by my own choice, and in reverse chronological order):

[....Continue Reading....]

My 4-part webinar series, "Troubleshooting with FusionReactor", starts Jan 30

Tomorrow (Jan 30, 2019) I am beginning a planned 4-part series of new FusionReactor webinars (to add to the 13 topics I've already done, as listed at the FusionReactor Webinars page).

These all-new ones will focus on Troubleshooting with FusionReactor and are geared toward helping folks new to FR--or perhaps experienced but a bit bemused by its many features--to better understand how to use it to troubleshoot problems in your app server (CF, Lucee, or any Java server).

The parts in the new series (with links here to register directly to attend) will be:

[....Continue Reading....]

I'll be speaking at Adobe CF Summit East in DC, Apr 9-10

I should have posted this a few weeks ago, but I'm delighted to announce that I'll be presenting again this year at Adobe's ColdFusion Summit East in Washington, DC on Apr 9-10, 2019.

As in recent years, this event (presented by Adobe in conjunction with Carahsoft) presents something of a "best of" from talks given at the CF Summit in Vegas this past October. April's a great time to visit DC (where I was born and raised, and lived my first 40 years).

And I'll be offering my Hidden Gems in CF2018 talk I have there (and at CFCamp also in Nov), with some improvements since then of course.

See you there, I hope!

Does Oracle's change regarding Java apply only to "commercial" use, or to ANY production use?

Does Oracle's change regarding Java and limiting who can use what for free apply only to "commercial" users (as in "corporate" or "business" use), or do the limitations apply to ANY production use (including non-"commercial" orgs like non-profits, agencies, schools, etc.)? I offer here my understanding based on research of Oracle's own resources.

Bottom line: these limitations DO apply to ANY PRODUCTION use, not just "commercial" use, definitely regarding Java 11, and seemingly clearly regarding Java 8.

For more clarification, read on.

[....Continue Reading....]

Are you still running CF11? Beware its countdown clock is ticking

For those of you running ColdFusion 11, did you know that the countdown clock is ticking toward its end of support by Adobe?

After April 30, 2019, Adobe will no longer provide any updates for CF11, so there will be no security patches or hot fixes for CF 11 after that. Of course, updates for CF2016 will indeed continue into Feb 2021, while CF2018 updates will continue into July 2023. And we could expect CF2020 (when it comes) to by supported into 2025.

How do I know this? Where does Adobe say it? And can one buy support (yes) to "buy extra time to get such CF11 updates beyond April" (no)? And what about CF11 support for Java 11 (no)? Finally, could you use help in moving off CF11 to CF 2016 or 2018? For more on each of these, read on.

(Update: I should note that Adobe did indeed offer one more update beyond April 2019, in June, when they updated CF2018 and 2016 as well for an important security update. That was a bonus. They have said there really will be no more CF11 updates, as per the original plan.)

[....Continue Reading....]

Considering use of Amazon Corretto, the new openjdk jvm, especially with ColdFusion

As I posted earlier today, there are big changes afoot in the Java world, about production (not just "commercial") use of Java going forward. This is big news, as it is for anyone using Java 8 or 11 for production purposes.

But here's some good news: Amazon has recently released a new free JVM (java virtual machine) implementation based on the OpenJDK specification, called Corretto. In this post, I want to share some news about it. (Off the bat, let me tell my friends on any Linux flavor other than Amazon Linux 2, this is not yet available to you. For now it is only available for Amazon Linux 2 as well as Windows, MacOS, and as a docker image. Other Linux flavors are due in Q1 2019.)

For much more, read on.

[....Continue Reading....]

What's an admin to do: Oracle's changed stance on production use of Java, going forward?

Did you know that Oracle announced in 2018 major changes regarding free production use of Java 8 and 11?
  • Regarding Java 8, did you know that Oracle will no longer offer free updates/security patches for Java 8, if used for production (NOT just "commercial") purposes beyond Jan 2019? After that, you must pay them for support/updates (including security updates). For more on why this is NOT just about "commercial" use, see below.)
  • Regarding Java 11, the next major release, did you know that the Oracle Java 11 JVM cannot be USED at ALL for PRODUCTION purposes, without paying for it?
  • Finally, while Oracle will be offering a free openJDK implementation (which CAN be used for production, for free), did you know they will only be committing to supporting/updating their Oracle Java 11 openjdk for 6 months after release, leaving subsequent updates to the community of contributors?

For more, including why this may have significant impact on your use of Java-based applications, as well as alternatives that may exist for you going forward, read on.

[....Continue Reading....]

How to get the checksum for a file on Windows

If you're running Windows and ever want to know the md5 or sha-1 checksum for a file you have, did you know there's a built-in command to get it? From the Windows command prompt, run this to get the sha-1 checksum:

certutil -hashfile [path\]filename

or to get the md5, just add that as an argument:

certutil -hashfile [path\]filename MD5

The tool is built into Windows 7 and above, and Server 2008 and above (at least). Tools like it are included in other OS's, but I'm sharing the above for Windows users.

Regardless of what OS you use, for more on why knowing the checksum can be useful (and why comparing file sizes instead may not be enough), and especially with regard to some interesting info about installers for CF2016 and CF11, do read on.

[....Continue Reading....]

More Entries

Copyright ©2019 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting