ColdFusion Posts Around the World.

Taking a Look at Pipedream's GitHub Integration
Raymond Camden
It's been a little while since I've blogged about Pipedream. I'm still a very happy user of the service, I just hadn't had anything to write about recently. That changed earlier this month when they
Creating a Master-Detail record Interface the Kendo Grid and Kendo Window
Gregory's Blog
In this article, I will show you how to use the Kendo Grid in tandem with the Kendo Window with ColdFusion to implement a master-detail interface. We have covered both the Kendo Grid and the Kendo Window in previous articles and won't elaborate on all of the implementation details, but instead focus...
Creating a Master-Detail record Interface Using the Kendo Grid and Kendo Window
Gregory's Blog
In this article, I will show you how to use the Kendo Grid in tandem with the Kendo Window with ColdFusion to implement a master-detail interface. We have covered both the Kendo Grid and the Kendo Window in previous articles and won't elaborate on all of the implementation details, but instead focus...
How to Check SSL Certificate using ColdFusion & CURL.exe
James Moberg
A CFML developer in the ColdFusion Programmers Facebook Group referenced my DEV article regarding how to identify the SSL expiration date using ColdFus...
Introducing OpsPilot – The first GenAI observability assistant
FusionReactor
The post Introducing OpsPilot – The first GenAI observability assistant appeared first on FusionReactor....
Guess the (Marvel) Decade
Raymond Camden
Many years ago, I first wrote up my experience working with the Marvel API. I find myself returning to it again and again, and this weekend I...
I'm Heading to Adobe ColdFusion Summit 2023
James Moberg
I'm getting ready to drive 500 miles to attend to the 11th CFSummit taking place in Las Vegas on October 2-3. I'm looking forward to reconnecting with CFML developers that I've communicated & collaborated with online during my past 26 years of developing in CFML. I'll be arriving ear...
Best ColdFusion Hosting Experience Using Media3.net
Gregory's Blog
I've been hosting ColdFusion sites for the last 25 years and I can easily say that I have never had a better hosting experience than using Media3.net. With their Azure cloud server, you're not limited to the options and will have complete control over every detail. Their servers are also fast- all o...
Calculating Differences Between Two Dates with HQL
Gregory's Blog
In this article, I will walk you through how to use the DateDiff function in SQL Server and ColdFusion to calculate differences in dates as well as how to achieve the same results using HQL. Table of Contents Scenario Calculating the Elapsed Number of Months Between Two Dates Using SQL Server Calc...
Testing Out the Alpine.js Intersect Plugin
Raymond Camden
A few weeks ago, I finally got around to looking at the official plugins Alpine.js supports and built a little demo that integrated the Intl spec with the Mask plugin. (You can read the post here:
Testing Out the Alpine.js Intersect Plugin
Raymond Camden
A few weeks ago, I finally got around to looking at the official plugins Alpine.js supports and built a little demo that integrated the Intl spec with the Mask plugin. (You can read the post here:
assertTrue("Test DSLs" == "Legacy")
James Ward
Over decades in programming I’ve had a few moments where I make big paradigm shifts, finding it very hard to go back. One of these moments was with Functional Programming and my latest is the move from Test Assertion DSLs to just using assertTrue with boolean-only tests. Let’s look ...
Filtering Zero-Width SPaces (ZWSPs) using ColdFusion
James Moberg
This is a follow-up to a January 11, 2019 article I wrote on my old Tumber blog. The Hacker News posted an article regarding the ability to bypass Microsoft Office 365's "Safe Links" security feat...
What’s new in FusionReactor
FusionReactor
In this update, we are thrilled to unveil a host of enhancements designed to revolutionize your experience with FusionReactor. The post What’s new in FusionReactor appeared first on
Brian Reilly's site, Hoya Haxa, Has Been Added to the CFBlogs.org site
Gregory's Blog
I have added the Hoya Haxa Security Research Blog to the CfBlogs ColdFusion blog aggregator. Brian has been in the ColdFusion community for over 25 years and has given security-related presentations at ColdFusion conferences. He has many different thoughtful and well-researched ColdFusion-related ar...
Links For You
Raymond Camden
Another weekend and another set of links for yall to enjoy. Yesterday my wife and I drove our eldest to NOLA and the airport there as he begins a ten-month excursion teaching in Germany. I'm so incredibly excited for him and I know he is going to do incredible. Meanw...
Links For You
Raymond Camden
Another weekend and another set of links for yall to enjoy. Yesterday my wife and I drove our eldest to NOLA and the airport there as he begins a ten-month excursion teaching in Germany. I'm so incredibly excited for him and I know he is going to do incredible. Meanw...
Critical Adobe ColdFusion 2023 Related Bugs
Gregory's Blog
I have found two critical bugs related to the upgrade to Adobe ColdFusion 2023. All of these bugs are new to CF2023 and did not exist with CF2016 through CF2021. Both of these bugs are critical, however, with the first bug below, there are some workarounds. Table of Contents Error: java.lang.Clas...
FusionReactor 11 is coming!
FusionReactor
The post FusionReactor 11 is coming! appeared first on FusionReactor. ...
Win a Ticket for ColdFusion Summit 2023
Pete Freitag
The Adobe ColdFusion Summit is coming up in October. I will be speaking at the conference, and my company Foundeo is also one of the conference sponsors. As part of the sponsorship I have an extra entry ticket to CFSummit that I am going to give away to ...
Building a QR Coder Web Component
Raymond Camden
It's been a hot minute or so since I played with web components, mainly because I've been re-evaluating when I think it best makes sense to use them. One idea I've been chewing over lately is that progre...
Using FileReadLine() With Seekable Files In ColdFusion
Ben Nadel
Ben Nadel explores the use of fileReadLine() in conjunction with seekable files in ColdFusion....
Working Code Podcast - Episode 144: The Power Of One
Ben Nadel
Ben Nadel and the crew talk about the "Power of One" - picking a single, small goal that can be accomplished (and celebrated)....
Fun With Front Matter: Part 4 - Featured Posts
Raymond Camden
It's been a few days since my last post in this series. I'd like to blame something in specific but honestly, it's just life. Today's tip will - again - be short and sw...
Exploiting CVE-2017-11286 Six Years Later: XXE in ColdFusion via WDDX Packet
Hoya Haxa: A Security Research Blog
IntroductionSix years ago today, on September 12, 2017, Adobe released
Coming Soon: Feature Flags - From Concept To Cultural Revolution
Ben Nadel
Ben Nadel is going to try his hand at writing a book: Feature Flags - From Concept to Cultural Revolution, an opinionated guide to product development.... ...
Integrating Intl with Alpine.js Mask
Raymond Camden
I've been using Alpine.js for quite a while now (although I still make silly mistakes, see the p.s. at the end) but haven't yet looked at the "official" plugins. Listed in the docs, those plugins include:
Using Labeled Loops In JavaScript
Ben Nadel
Ben Nadel explores labeled loops in JavaScript, exerting control flow on an outer loop from within an inner loop context....
Working Code Podcast - Episode 143: Moving On, Rewriting, And Replatforming
Ben Nadel
Ben Nadel and the crew talk about moving on - from jobs, from relationships, from roles, from tech stacks, etc....
Handling Server-Side Errors with ColdFusion and JSON
Gregory's Blog
This article will show you how to implement extensive server-side error handling with ColdFusion and JSON. Although not necessary, we will leverage the Kendo UI Extended Message Boxes API to provide notifications to the user. In this example, we will use Ajax on the client to invoke a ColdFusion fun...
Links For You
Raymond Camden
Welcome to another collection of links, and for today, a very "component" flavored set of links. I've been really interested in web components the past few months (you can peruse my articles on...
AIOps and Observability – The Future of App Development
ColdFusion
As modern architecture grows more complex and remote work challenges persist, smart tools have become a lifeline worldwide. But for developers specifically, AIOps and observability are the dynamic duo taking this cloud-native, distributed era by storm. So, let's jump in – what are they and ...
Including CSS File Content Using CFInclude In ColdFusion
Ben Nadel
Ben Nadel uses the CFInclude tag to inline a .CSS file into his ColdFusion page in order to reduce network requests and latency....
Using Labeled Loops In ColdFusion
Ben Nadel
Ben Nadel explores the use of loop labels in ColdFusion to control and outer loop from an inner loop....
Join Us at The Undefined Show!
Raymond Camden
On September 11th, Todd Sharp, Scott Stroz, and myself will be launching a new livestream called The Undefined Show. Every Monday at 8 PM...
Using Seekable Read Files In ColdFusion
Ben Nadel
Ben Nadel looks at using fileSeek() to randomly access seekable files in ColdFusion....
Fun With Front Matter: Part 3 - Handling Edits
Raymond Camden
I hope by now that folks are getting that the point of this series isn't so much technical but inspirational. I think a lot of people approaching front matter tend to keep it rather simple - title, date, tags or categories, and when I envisioned this series I really ...
Using CFLoop To Iterate Over A File Line-By-Line In ColdFusion
Ben Nadel
Ben Nadel demonstrates how to read a text file line-by-line using CFLoop in ColdFusion....
Using Feature Flags To Hack Your Own Psychology
Ben Nadel
Ben Nadel discusses the psychological benefits of using feature flags as a way to provide landmarks and a sense of continual progress....
Working Code Podcast - Episode 142: Tangents All The Way Down
Ben Nadel
Ben Nadel and the crew talk all manner of randomness from vendoring files to the trap of innovation....
Technical Details for CVE-2023-29301: Adobe ColdFusion Access Control Bypass for a CFAdmin Authentication Component
Hoya Haxa: A Security Research Blog
Background
Long-Term Funding, Update #4
An Architect's View
In my previous Long-Term Funding update I said I would review/overhaul the "ecosystem" and "tutorials" sections.
On ColdFusion, AES, and Padding Oracle Attacks: Hic Sunt Dracones
Hoya Haxa: A Security Research Blog
TL; DR: If you use AES-CBC (or another block cipher operating in CBC mode) to decrypt user-controlled ciphertext, validate the ciphertext with an HMAC or similar integrity check prior to decryption to avoid Padding Oracle vulnerabilities. All user-contr...
On ColdFusion, XXE, and other XML Attacks
Hoya Haxa: A Security Research Blog
Skip the intro and jump right to how to secure things...An IntroductionThis is the first of what may become a few blog posts based on my
SSRF in ColdFusion/CFML Tags and Functions
Hoya Haxa: A Security Research Blog
TL;DR: Several ColdFusion/CFML tags and functions can process URLs as file path arguments -- including some tags and and functions that you might not expect. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities in your code. Developers should be sure to vali...
Second post - a blog introduction
Hoya Haxa: A Security Research Blog
A new security blog. In 2021. Um...yeah. I've been working in information security for the past 20+ years. These days, most of my focus is on application security, penetration testing, red teaming, and offense — although I have plenty of slowly-aging experience in incident...
Stupid Unix Tricks - Escaping a Restricted Shell
Hoya Haxa: A Security Research Blog
Welcome to the first post of what may become a series - Stupid Unix Tricks.I love stupid Unix tricks. Even better if they can be used for something security-related. This remains one of my favorite security advi...
Bygone Vulnerabilities - Remote Code Execution in Oracle Reports 10g/11g
Hoya Haxa: A Security Research Blog
Looking back at old vulnerabilities can be both fun and useful. Part history, part nostalgia, and still a healthy dose of understanding the technical innerworkings of some software or system. I'm sure that George Santayana would agree. I had planned to go into deta...
Stupid Unix Tricks - Using $IFS in Web Application Command Injection Vulnerabilities for Full RCE
Hoya Haxa: A Security Research Blog
Awhile ago I was testing a web application and found a command injection vulnerability. The payload could be sent via an email address field, so something like:{7*7}@foo.comreturned:
Bygone Vulnerabilities - Remote Code Execution in IBM Lotus SameTime Clients (CVE-2013-0553)
Hoya Haxa: A Security Research Blog
IntroductionIt's time to dive into another old vulnerability. Let's go back to 2013. Argo lit up the silver screen. The dulcet sounds of Daft Punk filled the air. And the kids would tick-tock away the hours online in six-second blocks watching
Two One-liners for Quick ColdFusion Static Analysis Security Testing
Hoya Haxa: A Security Research Blog
I want to find all of the security bugs. I'm sure you do too. (Click here to skip all the background info and just jump to the two one-liners.)
Slides from ColdFusion Summit 2022 - "Below the Surface: Web Vulnerabilities Hiding in your Applications"
Hoya Haxa: A Security Research Blog

Authentication Bypass Vulnerability in Mura CMS and Masa CMS (CVE-2022-47003 and CVE-2022-47002)
Hoya Haxa: A Security Research Blog

Preliminary Security Advisory - Authentication Bypass Vulnerability in Mura CMS and Masa CMS (CVE-2022-47003 and CVE-2022-47002)
Hoya Haxa: A Security Research Blog
Update March 6, 2023 - the full security advisory has been posted here: https://hoyahaxa.blogspot.com/2023/03/authentication-bypass-mura-masa.html
Slides from ColdFusion Summit East 2023 - "Codes, Ciphers, and ColdFusion: What They Don't Want You To Know"
Hoya Haxa: A Security Research Blog

Why You Don't Want To Use CFMX_COMPAT Encryption
Hoya Haxa: A Security Research Blog
This is the first of what may be a couple of posts about my presentation from ColdFusion Summit East 2023, which was held in April in Washington, DC.Let's talk about ColdFusion ...
Fun With Front Matter: Part 2 - Follow-ups
Raymond Camden
Today I'm following up (heh, get it) on the series I started yesterday on interesting use cases for your Jamstack site's front matter. In yesterday's post, I described ho...
ColdFusion Summit 2023: A Convergence of Innovation
FusionReactor
The post ColdFusion Summit 2023: A Convergence of Innovation appeared first on FusionReactor. ...
Fun With Front Matter: Part 1 - Related Posts
Raymond Camden
I'm kicking off a little series of tips today that's been sitting in my "Blog Ideas" queue for some time. The idea, "Fun with Front Matter", was based on the idea of taking a look at some of the fun/interesting/hopefully useful things you could in...
Wireframing For Everyone By Michael Angeles, Leon Barnard, And Billy Carlson
Ben Nadel
Ben Nadel reviews Wireframing For Everyone, an A Book Apart release by Michael Angeles, Leon Barnard, and Billy Carlson. An excellent read, this book is a value-add for anyone involved in software design and development.... ...
Working with the Storage API
Raymond Camden
Earlier this year at WWDC, Apple announced a whole set of new features coming to Safari in version 17. While that is not out yet, it's still a pretty large set of updates....
Notes on PostgreSQL Explain Analyze
TIL
One thing you'll want to learn if you use PostgreSQL for any length of time is how to use EXPLAIN. At my job at Vendr, like my previous roles, we are no exception. The good and bad thing is that in many cases you can go pretty far before y...
Installing Coldfusion 2023 with Apache 2.4
ColdFusion
Used old versions of Coldfusion, CF 10, when installing Coldfusion 2023 it doesn’t ask for the server configuration tool and installs the local server. I run the web server tool for Apache and config it. Restarted services, even restarted machine, but all I get is the error belo...
Working Code Podcast - Episode 141: Building Stuff So You Can Build Stuff
Ben Nadel
Ben Nadel and the crew talk about "dog fooding", and the importance of becoming our own customers when building a product offering....
Using Position: Sticky With Multi-Sided Anchoring In CSS
Ben Nadel
Ben Nadel demonstrates that position: sticky can be anchored on multiple sides at once in CSS....
Whats new in FusionReactor – Part 2
FusionReactor
The post Whats new in FusionReactor – Part 2 appeared first on FusionReactor. ...
Debugging Cloudflare Workers with Logs
Raymond Camden
As with some of my previous Cloudflare posts, I've got a video version of this content so if you would rather watch that than read, just jump to the bottom. For the rest of you, here's a look at how to do so...
6 Years and 180 (Virtual) Events Later...
Remote Synthesis
Six years ago this week, I almost accidentally started a community around virtual events for developers.
ColdFusion updates for CF2023 and CF2021 released Aug 17 2023: resources and thoughts
Charlie Arehart - Server Troubleshooting
Adobe has released today an important security update for each of ColdFusion 2023 and 2021. (Since CF2018 is end of life since July, there is no update for that version.) Note that while the technotes for the updates don't mention/link to any Adobe ... [More] ...
Upgrade JDK version ColdFusion Server Updated
ColdFusion
Upgrade JDK version ColdFusion Server Updated The post Upgrade JDK version ColdFusion Server Updated appeared first on Cold...
RELEASED- ColdFusion 2023, 2021 and 2018 August 16th, 2023 Updates
ColdFusion
We are pleased to announce the availability of ColdFusion (2023 release) Update 4 and ColdFusion (2021 release) Update 10. These updates introduce the C...
RELEASED- ColdFusion 2023, 2021 and 2018 August 17th, 2023 Updates
ColdFusion
We are pleased to announce the availability of ColdFusion (2023 release) Update 4 and ColdFusion (2021 release) Update 10. These updates introduce the C...
RELEASED- ColdFusion 2023 and 2021 August 17th, 2023 Updates
ColdFusion
We are pleased to announce the availability of ColdFusion (2023 release) Update 4 and ColdFusion (2021 release) Update 10. These updates introduce the C...
showcasing the best of Adobe ColdFusion projects
ColdFusion
When it comes to showcasing the best of Adobe ColdFusion projects, there are several remarkable examples that highlight the versatility and power of thi...
CommandBox 5.9.1 Released!
ContentBox
We are pleased to announce the general availability of CommandBox 5.9.1. This is a very small release with two changes. Update to Lucee 5.4.3.2 Updat...
macOS support for Cold Fusion
ColdFusion
Hello. Is Cold Fusion supported on macOS Monterey and Ventura, or is it only supported on Big Sur and earlier? Thanks. The post
Working Code Podcast - Episode 140: Fraud, What Is It Good For?
Ben Nadel
Ben Nadel and the crew talk detecting, preventing, and dealing with the aftermath of fraud within our web applications....
FusionReactor’s game-changing new Oracle Database integration
FusionReactor
Introducing the latest advancement in monitoring capabilities — FusionReactor's cutting-edge integration with Oracle Database which uses metrics y...
Our Into the Box 2024 Venue and Dates are Set!
ContentBox
We've eagerly awaited sharing this news with you; the moment has finally arrived! The venue for our upcoming Into the Box 2024 is now confirmed and will se...
Adding a Mailing List Subscription with Mailjet and Netlify Functions
Remote Synthesis
Mailing lists are expensive! Let's get set up on a cheaper option using Mailjet and a serverless function.
Error "Type" Isn't Always A String In Adobe ColdFusion
Ben Nadel
Ben Nadel demonstrates that the error "type" in Adobe ColdFusion isn't always a String....
Sanity Check: Using Overflow Scrolling On CSS Flexbox Panels
Ben Nadel
Ben Nadel demonstrates that CSS Flexbox panels with overflow:auto work exactly as he hoped they would work....
Moving CF site to a new server – not working
ColdFusion
We are moving all our CF sites from one server to a new one. I am not a CF developer at all. Once we move the site to the new server, the pa...
Working Code Podcast - Episode 139: New Tables vs New Columns
Ben Nadel
Ben Nadel and the crew talk database schema design; and how many, smaller tables might be beneficial when compared to fewer, wider tables....
Quick and Easy JSDoc
Blog – ckh|Consulting
With AI-tools becoming increasingly available, writing JSDoc comments, or rather generating them, has never been easier. To start, let's look at w...
Lifting Off with Astro ??
Remote Synthesis
Let's take a look at how Astro can help you build apps with less JavaScript and better performance.
ColdBox 7.1.0 Released
ContentBox
ColdBox, the popular ColdFusion (CFML) development platform, has released version 7.1, bringing exciting new features, bug fixes, and improvements to furth...
Pair program effectively with GitHub Copilot and CFML
ColdFusion
How to use CMFL with GitHub Copilot The post