ColdFusion 11 Update 6 and ColdFusion 10 Update 17 Now Available

From the ColdFusion Blog: The following ColdFusion updates are now available for download. These updates address a common XXE vulnerability in BlazeDS. For details refer the security bulletin hyperlinks in the sections below. Users who are using LCDS with ColdFusion, should refer this technote, for updating their LCDS installation. ColdFusion 11 Update 6 This Update addresses…

Details

CertMan Modification

I am a big fan of the CertMan extension for the ColdFusion administrator.  It is a great tool, but I think it could use a few tweaks and I have started to look at what other features should be added.  My first update was to add a condition that would show me certificates that would…

Details

CF Related Help Resources

Adam Cameron posted a good article this morning about the numerous ways to get CFML related help.  I will not plagiarize the entire article, but just provide the consolidate list of those resources he listed.  If you have more recommendations you can add them to the comments here, Adam’s post, or on the Slack Channel.…

Details

An Interesting False Positive or a Bug

Our security group was scanning a new application and complained that /CFIDE/main/ide.cfm was vulnerable to a cross site scripting (XSS) error.  Since the CFIDE folder that is mapped to our websites only includes the ORM and scripts folder, and the hardening guide is followed, I knew something was amiss. After doing some research, I found that…

Details

Lucee Logo

As most in the CF community have heard, there is a new CFML engine in town and the community is abuzz. I really like the logo they put together, but it is currently not in the available logos, so I put this together until it is officially released.

Details

ZingChart Update

ZingChart, the charting library that is part of ColdFusion 10 and 11, was recently updated.  Unfortunately, like other 3rd party add-ons, ColdFusion is nowhere near the current version.  As I mentioned in a earlier post, there is a way to take advantage of the updated library if you are willing to relinquish the use of cfchart…

Details

CF Notifications Update

This morning I added a feature that will now send out Twitter messages when new CF bugs are added.  I am hoping this will get more people involved when new bugs are discovered. If you are wondering why the Twitter updates seem to come in bunches, it is because currently, the Twitter messages are sent…

Details

ColdFusion Builder Update

In what is by far the most secretive update thus far, there is a new update to ColdFusion Builder 3.  Unfortunately, this cannot be obtained through the updater (not sure if that is going to change), but requires the user to download a new copy from the Adobe website.  Not only does this require you…

Details