This may not be “news” for everyone but somehow it had slipped by me: the ColdFusion 2021 Lockdown Guide has been available since December 2020 (and was updated slightly in Jan 2021). I find no mention of it here, so I thought it a good post to share.
The 2021 guide is about 9 pages longer than the 2018 version. The new version covers security-related aspects of new features in CF2021, such as CF package management (cfpm), as well as security-related aspects of new features in the CF Administrator, and some modest additions to coverage of security-related aspects in the Performance Monitoring Toolset (PMT) and the CF Api Manager.
As with the CF2018 version of the guide, the 2021 version discusses many things in the context of presuming that you are running the ColdFusion Lockdown Tool that was introduced in CF2018. Some readers find value in reading the CF2016 Lockdown Guide, since it did not presume use of that tool.
As always, thanks to ColdFusion security maven Pete Freitag who has been creating the guide for Adobe for several releases.
For more blog posts from Charlie Arehart, see his posts here as well as his posts at carehart.org. And follow him on Twitter and other social media as carehart.
Wizard
146 posts
I’ve just returned to CF after a 3.5 hiatus. [Last worked with CF11] Glad to see so many improvements as well as traditional best practices still in place during my absence. Thank you, Charlie! I’m excited to start building again. – Kim Dorris
Thanks for the kind regards, and welcome back to the CF fold. People do indeed go and return with surprising frequency in our world. I’m glad to be part of the ongoing support of the community, now approaching 25 years for me. 🙂
You must be logged in to post a comment.
23 Nov
10AM Pacific
Online
