Fixinator fixes unscoped variables

Last week's Adobe ColdFusion security update disabled searchImplicitScopes by default.

From: Pete Freitag's Homepage

ColdFusion searchImplicitScopes and APSB24-14

Adobe has published a ColdFusion Security Hotfix APSB24-14 today which describes "a critical vulnerability that could lead to arbitrary file system read".

From: Pete Freitag's Homepage

DNS over HTTPS is not what I thought

A few months ago I was on a mission to remove some of the old broken links on my blog.

From: Pete Freitag's Homepage

Remove the Server Header in any IIS Version

Removing the Server Header as of IIS 10 (Windows 2022) is now much easier than it had been with prior versions of IIS.

From: Pete Freitag's Homepage

Self Signed Certificates in Edge on Windows 2022

When setting up a server for training purposes I wanted to create a self signed certificate for app1.

From: Pete Freitag's Homepage

Self Signed Certificates in Edge on Windows 2022

When setting up a server for training purposes I wanted to create a self signed certificate for app1.

From: Pete Freitag's Homepage

The newline cat mystery

I ran into a really strange problem today, whenever I would write a file it would show up as empty on my file system.

From: Pete Freitag's Homepage

The newline cat mystery

I ran into a really strange problem today, whenever I would write a file it would show up as empty on my file system.

From: Pete Freitag's Homepage

Ticket to ColdFusion Summit 2023

The Adobe ColdFusion Summit is coming up in October.

From: Pete Freitag's Homepage

Win a Ticket for ColdFusion Summit 2023

The Adobe ColdFusion Summit is coming up in October.

From: Pete Freitag's Homepage

Into The Box 2023 Slides

I'm back from Houston Texas after another great Into the Box conference. Slides for my talk Taming the top 25 Most Dangerous Software Weaknesses can be found here. For code samples I used my Bank of Insecurity repository which is full of security weaknesses.

From: Pete Freitag's Homepage

Into The Box 2023 Slides

I'm back from Houston Texas after another great Into the Box conference. Slides for my talk Taming the top 25 Most Dangerous Software Weaknesses can be found here. For code samples I used my Bank of Insecurity repository which is full of security weaknesses.

From: Pete Freitag's Homepage

File Create Time in ColdFusion / CFML

Today I needed to get the time that a file was created from within some CFML code.

From: Pete Freitag's Homepage

File Created Date Time in ColdFusion / CFML

Today I needed to get the time that a file was created from within some CFML code.

From: Pete Freitag's Homepage

Speaking at ColdFusion Summit Online Next Week

I will be giving my talk Taming the Top 25 Most Dangerous Software Weaknesses (for ColdFusion Developers) next Tuesday, December 6th 2022 at 1pm US Eastern Time.

From: Pete Freitag's Homepage

Speaking at ColdFusion Summit Online Next Week

I will be giving my talk Taming the Top 25 Most Dangerous Software Weaknesses (for ColdFusion Developers) next Tuesday, December 6th 2022 at 1pm US Eastern Time.

From: Pete Freitag's Homepage

OpenSSL and ColdFusion / Lucee / Tomcat

I've had a several people asking me about the openssl vulnerabilities that were patched this week: CVE-2022-3602 and CVE-2022-3786 aka Spooky SSL.

From: Pete Freitag's Homepage

OpenSSL and ColdFusion / Lucee / Tomcat

I've had a several people asking me about the openssl vulnerabilities that were patched this week: CVE-2022-3602 and CVE-2022-3786 aka Spooky SSL.

From: Pete Freitag's Homepage

ColdFusion Security Training Class December 2022

Early bird registration is open for my ColdFusion Security Training deep dive class in December.

From: Pete Freitag's Homepage