Bug I've reported: CF Admin update page mistakenly lists current version in "Available Versions"

If you use the ColdFusion Admin to perform CF updates (vs updating via the command line), has it ever confused or annoyed you that the CF admin update page lists the currently installed version as the first value in "available versions"? That's illogical and confusing.

From: Charlie Arehart - Server Troubleshooting

Bug I've reported: CF Admin update page mistakenly lists current version in "Available Versions"

If you use the ColdFusion Admin to perform CF updates (vs updating via the command line), has it ever confused or annoyed you that the CF admin update page lists the currently installed version as the first value in "available versions"? That's illogical and confusing.

From: Charlie Arehart - Server Troubleshooting

Lighthouse Scores of Blog Sites Driven by ColdFusion

According to DebugBear.com, the industry-standard lighthouse scores for major blog platforms like WordPress and Wix are disappointing. In this article, we will analyze popular ColdFusion Blog sites and see how they compare.

From: Gregory's Blog

New updates released for Java 8, 11, 17, 21, and 22 as of Apr 16 2024: resources and thoughts

It's that time again: there are new JVM updates released today (Apr 16, 2024) for the current long-term support (LTS) releases of Oracle Java, 8, 11, 17, and 21, as well as the new short-term release 22.

From: Charlie Arehart - Server Troubleshooting

Announcing Java updates of Apr 2024 for 8, 11, 17, 21, and 22: resources and thoughts

It's that time again: there are new JVM updates released today (Apr 16, 2024) for the current long-term support (LTS) releases of Oracle Java, 8, 11, 17, and 21, as well as the new short-term release 22.

From: Charlie Arehart - Server Troubleshooting

Building Image Sliders with Stunning Transitions Using Swiper

In this article, I will show you how to implement sliders and carousels with stunning transition effects using Swiper.

From: Gregory's Blog

Recordings available for the recent 17-session Adobe ColdFusion Online Summit 2024

If you may have missed the news, Adobe recently held an online event over several weeks (Mid-Feb to Mid-March) where they had most of the presenters from the Adobe CF Summit 2023 in Vegas give repeats of their talks.

From: Charlie Arehart - Server Troubleshooting

Recordings available for the recent 17-session Adobe ColdFusion Online Summit 2024

If you may have missed the news, Adobe recently held an online event over several weeks (Mid-Feb to Mid-March) where they had most of the presenters from the Adobe CF Summit 2023 in Vegas give repeats of their talks.

From: Charlie Arehart - Server Troubleshooting

Delighted to be presenting at CFCamp 2024, on "Using Redis for session storage in ACF and Lucee"

I'm delighted to share the news that I've been selected to be a presenter again at the wonderful CFCamp event, being held again June 13-14 in Munich, Germany.

From: Charlie Arehart - Server Troubleshooting

Delighted to be presenting at CFCamp 2024, on "Using Redis for session storage in ACF and Lucee"

I'm delighted to share the news that I've been selected to be a presenter again at the wonderful CFCamp event, being held again June 13-14 in Munich, Germany.

From: Charlie Arehart - Server Troubleshooting

Speaking online tonight at MMCFUG, on "What if no one is monitoring your DB server?"

Just wanted to share news for my readers here that tonight (Apr 9 at 7pm US Eastern time) I will be presenting at the online meeting of the Mid-Michigan CFUG, on the topic, "What if no one is monitoring your DB server?".

From: Charlie Arehart - Server Troubleshooting

Speaking online tonight at MMCFUG, on "What if no one is monitoring your DB server?"

Just wanted to share news for my readers here that tonight (Apr 9 at 7pm US Eastern time) I will be presenting at the online meeting of the Mid-Michigan CFUG, on the topic, "What if no one is monitoring your DB server?".

From: Charlie Arehart - Server Troubleshooting

Predicting solar eclipses with Python

As I am en route to see my first total solar eclipse, I was curious how hard it would be to compute eclipses in Python. It turns out, ignoring some minor coordinate system head-banging, I was able to get something half-decent working in a couple of hours.

From: Erik Bernhardsson

Promise.withResolvers in JavaScript

Let me know if you've heard this one before.

From: Michael Walter Van Der Velden

Creating Image Galleries with FancyBox

Image Galleries can be an effective way to tell a story in a visually appealing way. In this article, I will show you how to use FancyBox to create web-based galleries.

From: Gregory's Blog

Bypassing Imperva SecureSphere WAF (CVE-2023-50969)

Background Imperva SecureSphere Web Application Firewall (WAF) is an on-premise security solution to inspect, monitor and block traffic to web applications.

From: Hoya Haxa - A Security Research Blog

Speaking at CF Summit East 2024

The kind folks at Adobe have invited me back to speak at CF Summit East 2024 in Washington DC.

From: South of Shasta: Software Development, Web Design, Training

Defending Against CVE-2024-20767 (ColdFusion Arbitrary File System Read)

Technical details for CVE-2024-20767 (ColdFusion Arbitrary File System Read) from APSB24-14 have now been publicly disclosed by the researcher who reported it to Adobe PSIRT:  https://jeva.

From: Hoya Haxa - A Security Research Blog

Ensuring Sequential Uppy Uploads Using the Bundled XHR Option

We will discuss how to force Uppy to upload images sequentially using Uppy's Bundled setting with XHR uploads

From: Gregory's Blog

Fixinator fixes unscoped variables

Last week's Adobe ColdFusion security update disabled searchImplicitScopes by default.

From: Pete Freitag's Homepage

If You're Running an Intranet Connections Lucee Instance, Ensure That You've Change the Default Lucee Admin Password

Last week, researchers at Sprocket Security wrote about post-exploitation in Lucee via malicious extensions.

From: Hoya Haxa - A Security Research Blog

Daily Group Code Reviews - Increasing Efficiency

While many junior Devs struggle with code reviews, both when performing and receiving them, I've found that even the more senior team members sometimes struggle with comments left on their code.

From: Michael Walter Van Der Velden

ColdFusion searchImplicitScopes and APSB24-14

Adobe has published a ColdFusion Security Hotfix APSB24-14 today which describes "a critical vulnerability that could lead to arbitrary file system read".

From: Pete Freitag's Homepage