We are pleased to announce that we have released general updates to ColdFusion (2023 release) Update 10 and ColdFusion (2021 release) Update 16. The updates resolve a critical vulnerability that could lead to the deserialization of untrusted data. For more information, view the security bulletin APSB24-71. ColdFusion (2021 release) Update 16 also fixes bug CF-4223435, where the previous installation (2021.15) caused certain packages to be uninstalled. View the tech note of ColdFusion 2021.16 for more details. Where do I download the updates from […]
If you may ever encounter problems trying to use regular expressions in CFML (which are actually PERL regex’s), did you know that you can tell CF to use Java regex’s instead? This has been possible since 2019, but you could have missed when the change was introduced via CF2018 update 5 in Sep 2019–and of course the option is also built into CF 2021. This is one of those settings which can be enabled/controlled at either: the server level: via […]
On the brightly-lit lanes of Las Vegas, inside the bowels of The Mirage, Adobe ColdFusion hosted its tenth Annual ColdFusion Summit on 3-4 October. Shameer Ayyapan hosted the ColdFusion Keynote on Day 1 highlighting the state of Adobe ColdFusion as well as its release plan Joel Cohen, acclaimed writer of The Simpsons was the other highlight speaker amidst a veritable roster of eminent speakers and experts. For over two days, they imparted knowledge and insights to CF fans from across […]
The new security vulnerability Log4j is 10/10 on the “Hacking Richter scale”. How might it be affecting your ColdFusion servers? And what can you do to protect your company? TLDR; This issue affects most servers as Log4j is used by many software tools on modern servers, as well some versions of Adobe ColdFusion. Lucee CFML is not affected. Action: Patch Log4j in all your server software (not just in older versions of CF) Action: Add the JVM arg -Dlog4j2.formatMsgNoLookups=true to […]
Worried about the log4j vuln? What can you do?
Originally posted July 26 2021; updated Aug 5 2021 ColdFusion users should be aware that there were updates released last week (Jul 20) to the long-term support (LTS) versions of Oracle Java, versions 8 and 11. Java 11 is the version currently supported by CF2021 and CF2018. For more on the JVM updates, see the Oracle technotes: Release notes for Java 11.0.12 Release notes for Java 8.0_301 These updates, like most JVM updates, include security-related fixes. Among them are a […]
ColdFusion users should be aware that there were updates released last week (Apr 20) to the long-term support (LTS) versions of Oracle Java, 8 and 11 (the two versions supported currently by CF2021 and CF2018). For more on the updates, see the Oracle technotes: Release notes for java 11.0.11 Release notes for java 8.0_291 For some, that’s all they need to hear. For other folks, you may want to (need to) to know a lot more. For that, see a […]
ColdFusion Developers, do you want a first hand look at publishing APIs securely and at scale? Then mark your calendars for Brian Sappey’s upcoming webinars! This seven-part series will give you a 360 degree view of the API Manager and teach you how to build RESTful APIs with Adobe ColdFusion. Everything from securing, publishing and monitoring APIs, will be covered with hands-on examples, and easy discussions. Register now for the webinar series here. Here are the series topics: Topic: Introduction […]
How to quickly resolve samesite cookie issues, at least until a CF update helps handle it more automatically.
23 Nov
10AM Pacific
Online