-
Close Search
after update is it safe to remove/rename older versions of log4j-1.x.x from server?
In the modern world it’s hard to create a good product without integrating it with third party services. One of the most popular services in the business world today is Zoom. I’d like to share some of the experience my team and I have had working with the Zoom API. Hope you enjoy the read and its helpful!
We are pleased to announce that we have released the updates for the following ColdFusion versions: ColdFusion (2021 release) Update 3 ColdFusion (2018 release) Update 13 ColdFusion 2021 Performance Monitoring Toolset Update 3 ColdFusion 2018 Performance Monitoring Toolset Update 4 ColdFusion API Manager updates These updates address vulnerabilities that are mentioned in CVE-2021-44228 and CVE-2021-45046. After applying the update, all Log4j 2.x-related jars will be upgraded to version 2.16.0. Update, Jan 11 2022: After applying the updates here, you can also address the […]
The new security vulnerability Log4j is 10/10 on the “Hacking Richter scale”. How might it be affecting your ColdFusion servers? And what can you do to protect your company? TLDR; This issue affects most servers as Log4j is used by many software tools on modern servers, as well some versions of Adobe ColdFusion. Lucee CFML is not affected. Action: Patch Log4j in all your server software (not just in older versions of CF) Action: Add the JVM arg -Dlog4j2.formatMsgNoLookups=true to […]
Update: the Log4J patch has been uploaded (12/17/2021). More information here: https://coldfusion.adobe.com/2021/12/update-coldfusion-security-updates-log4j-vulnerability/ As most of you are aware, the Log4J (aka “Log4Shell”) vulnerability is currently the hot topic of discussion amongst… well, basically everyone. Adobe engineering & security have been hard at work determining which versions of ColdFusion might be affected and what, if any, workaround/mitigation steps are available. Please head over here: Log4j vulnerability on ColdFusion (adobe.com) and bookmark the page, as it will be updated if/as things change. […]
[Originally posted Dec 14, 2021. Updated Mar 30, 2022] If you would like to view the videos from the Adobe ColdFusion Summit 2021, which happened Dec 7-8, you can view the recordings via the CF Portal “videos“. For a time, you could also find them another way, discussed below, but I am finding on Mar 30 2022 that the other way is failing. Perhaps it’s a temporary problem. Anyway, I have updated the post here to clarify above how you CAN […]
Worried about the log4j vuln? What can you do?
Hello All! I was looking forward to a calm Friday afternoon, reading tech news…and I came across articles talking about a vulnerability in Apache Struts, and how it can be easily exploited. Oh no! There went my calm Friday afternoon! But, I did a lot of searching for a solution aimed at my level of Java users (pretty much zero level). The best I came across was a post by Pete Freitag, which suggested that I add a line to […]
Question on time loop in cfloop
if I was looping 10:00–17:00 range, the 17:00 cann’t be output, but if was looping 08:00–15:00 range, the 15:00 can be output.
Does anyone know if this zero-day exploit affecting the Apache Log4j utility (CVE-2021-44228) affects ColdFusion version 10 & 2018?
I have an older version of API manager that I am looking to migrate to a new VM running the 2021 version of CF’s API manager. Is there a way to import my settings from the existing (2016 version) to the new VM?
I am new to ColdFusion Builder 2018, but I see that it has the ability to track history of file modifications within a workspace. Is there any way that you can check in/out files within CFBuilder 2018 though? It would be nice to know that a file is checked out by someone and needs to be checked in before I work on it. Best I can tell, I double click a file and it asks to take it out of […]
