Coldfusion/Lucee

Bypassing Imperva SecureSphere WAF (CVE-2023-50969)

Background Imperva SecureSphere Web Application Firewall (WAF) is an on-premise security solution to inspect, monitor and block traffic to web applications.

From: Hoya Haxa - A Security Research Blog

3/27/24, 9:00 AM Coldfusion/Lucee

Speaking at CF Summit East 2024

The kind folks at Adobe have invited me back to speak at CF Summit East 2024 in Washington DC.

From: South of Shasta: Software Development, Web Design, Training

3/26/24, 7:00 AM Coldfusion/Lucee

Magic Life-Cycle Test In Alpine.js

Ben Nadel explores the life-cycle of a custom magic in Alpine.js....

From: Ben Nadel

3/25/24, 5:31 PM Coldfusion/Lucee

Defending Against CVE-2024-20767 (ColdFusion Arbitrary File System Read)

Technical details for CVE-2024-20767 (ColdFusion Arbitrary File System Read) from APSB24-14 have now been publicly disclosed by the researcher who reported it to Adobe PSIRT:  https://jeva.

From: Hoya Haxa - A Security Research Blog

3/25/24, 2:45 PM Coldfusion/Lucee

Code Kata: Parsing Time Spans In ColdFusion

Ben Nadel demonstrates how to parse a time span back into days, hours, minutes, and seconds in ColdFusion....

From: Ben Nadel

3/24/24, 4:10 PM Coldfusion/Lucee

Code Kata: Alpine.js Calendar Component

Ben Nadel tries to build a calendar component in Alpine.js....

From: Ben Nadel

3/23/24, 7:56 PM Coldfusion/Lucee

HTML Templates Can Be Mutated Just Like Any Other DOM

Ben Nadel demonstrates that an HTML template can be mutated just like any other DOM mutation in JavaScript....

From: Ben Nadel

3/22/24, 6:30 PM Coldfusion/Lucee

CSS Enter Animations Follow The 80/20 Rule

Ben Nadel demonstrates that CSS enter animations gives us 80% of the user experience value with only 20% of the work (if that)....

From: Ben Nadel

3/22/24, 5:03 PM Coldfusion/Lucee

Fixinator fixes unscoped variables

Last week's Adobe ColdFusion security update disabled searchImplicitScopes by default.

From: Pete Freitag's Homepage

3/21/24, 9:39 PM Coldfusion/Lucee

Reading Element Attributes Collection In JavaScript

Ben Nadel demonstrates how to read the collection of HTML attributes out of the DOM in JavaScript....

From: Ben Nadel

3/21/24, 5:18 PM Coldfusion/Lucee

If You're Running an Intranet Connections Lucee Instance, Ensure That You've Change the Default Lucee Admin Password

Last week, researchers at Sprocket Security wrote about post-exploitation in Lucee via malicious extensions.

From: Hoya Haxa - A Security Research Blog

3/21/24, 2:50 PM Coldfusion/Lucee

Working Code Podcast - Episode 170: Product Design With Thelma Van

Ben Nadel and the crew talk to Thelma Van about product design thinking....

From: Ben Nadel

3/20/24, 4:09 PM Coldfusion/Lucee

Working Code Podcast - Episode 169: Earning Potential Of Spaces

Ben Nadel and the crew talk survey results that show a higher salary for developers who indent code with spaces....

From: Ben Nadel

3/18/24, 5:26 PM Coldfusion/Lucee

Adding One-Click Unsubscribe SMTP Headers To My Comment Emails In ColdFusion

Ben Nadel demonstrates how to add One-Click easy unsubscribe functionality for ColdFusion emails....

From: Ben Nadel

3/18/24, 12:32 AM Coldfusion/Lucee

I Broke The Comment Subscription System For The Last Year

Ben Nadel identifies and fixes a comment subscription issue....

From: Ben Nadel

3/17/24, 5:58 PM Coldfusion/Lucee

Using The Angular.js Parser To Comply With CSP In Alpine.js 3.13.5

Ben Nadel uses the Angular.js expression parser to create a robust and CSP-compliant Alpine.js application....

From: Ben Nadel

3/15/24, 8:07 PM Coldfusion/Lucee

ColdFusion searchImplicitScopes and APSB24-14

Adobe has published a ColdFusion Security Hotfix APSB24-14 today which describes "a critical vulnerability that could lead to arbitrary file system read".

From: Pete Freitag's Homepage

3/13/24, 12:39 AM Coldfusion/Lucee

Updates released for ColdFusion 2023/2021, Mar 12 2024: possible breaking change, solutions

This is a very important heads-up for my readers: there was an important security update released today by Adobe for ColdFusion 2023 (update 7) and 2021 (update 13).

From: Charlie Arehart - Server Troubleshooting

3/12/24, 11:26 PM Coldfusion/Lucee

Recursive JSON Explorer In Alpine.js 3.13.5

Ben Nadel creates a recursive JSON data structuring rendering with Alpine.js 3.13.5....

From: Ben Nadel

3/12/24, 6:10 PM Coldfusion/Lucee

Using Alpine.js To AJAX'ify HTML Fragments Served From ColdFusion

Ben Nadel explores the use of Alpine.js to progressively enhance (AJAX'ify) part of a ColdFusion-rendered page....

From: Ben Nadel

3/12/24, 2:25 AM Coldfusion/Lucee

Feeds