CfBlogs
 Data Grids  CF Overflow  Follow Us!  RSS

ColdFusion Posts Around the World.
Win a Ticket for ColdFusion Summit 2023
Win a Ticket for ColdFusion Summit 2023
Pete Freitag
The Adobe ColdFusion Summit is coming up in October. I will be speaking at the conference, and my company Foundeo is also one of the conference sponsors. As part of the sponsorship I have an extra entry ticket to CFSummit that I am going to give away to ...
 Posted on: 09/14/2023 12:16:00 AM
Into The Box 2023 Slides
Into The Box 2023 Slides
Pete Freitag
I'm back from Houston Texas after another great Into the Box conference. Slides for my talk Taming the top 25 Most Dangerous Software Weaknesses
 Posted on: 05/24/2023 04:17:00 AM
File Create Time in ColdFusion / CFML
File Create Time in ColdFusion / CFML
Pete Freitag
Today I needed to get the time that a file was created from within some CFML code. I had first thought that cfdirectory or directory...
 Posted on: 03/10/2023 08:43:00 AM
Speaking at ColdFusion Summit Online Next Week
Speaking at ColdFusion Summit Online Next Week
Pete Freitag
I will be giving my talk Taming the Top 25 Most Dangerous Software Weaknesses (for ColdFusion Developers) next Tuesday, December 6th 2022 at 1
 Posted on: 12/02/2022 07:18:00 AM
OpenSSL and ColdFusion / Lucee
OpenSSL and ColdFusion / Lucee
Pete Freitag
I've had a several people asking me about the openssl vulnerabilities that were patched this week: CVE-2022-3602 and CVE-2022-3786 aka Spooky SSL
 Posted on: 11/03/2022 05:53:00 AM
ColdFusion Security Training Class December 2022
ColdFusion Security Training Class December 2022
Pete Freitag
Early bird registration is open for my ColdFusion Security Training deep dive c                                      
 Posted on: 11/02/2022 04:21:00 AM
How Long Has Your ColdFusion Server Been Running?
How Long Has Your ColdFusion Server Been Running?
Pete Freitag
Someone asked on the CFML slack recently how can you find out how long your ColdFusion (or Lucee) server has been running via code. How
 Posted on: 10/25/2022 01:59:00 AM
Adding CloudFlare Turnstile CAPTCHAs to CFML Sites
Adding CloudFlare Turnstile CAPTCHAs to CFML Sites
Pete Freitag
CloudFlare recently released a new CAPTCHA service called Turnstile, which aims to provide a better user experience for CAPTCHA's. At the wors
 Posted on: 10/08/2022 03:13:00 AM
ColdFusion Summit 2022 Slides
ColdFusion Summit 2022 Slides
Pete Freitag
I'm back from another excellent CFSummit. So many great presentations and conversations. This year I gave a presentation on the 25 Most Dangerous S
 Posted on: 10/07/2022 01:46:00 AM
Ways to suppress a finding in Fixinator
Ways to suppress a finding in Fixinator
Pete Freitag
Code is complex, so any static application security testing (SAST) tool will find things that may not be an actual security issue.
 Posted on: 09/09/2022 01:49:00 AM
Simple Parallel Execution in ColdFusion or Lucee
Simple Parallel Execution in ColdFusion or Lucee
Pete Freitag
A really handy feature of the arrayEach() function is the parallel argument. It has been suppor                                      
 Posted on: 09/01/2022 01:07:00 AM
Creating a ColdFusion UUID in MySQL
Creating a ColdFusion UUID in MySQL
Pete Freitag
The uuid() function in MySQL returns a 36 character hex string, formatted as: aa479ea9-1d9d-11ed-ba03-564760fe47b7 ColdFusio
 Posted on: 08/17/2022 06:59:00 AM
Better CFML Code with CI
Better CFML Code with CI
Pete Freitag
I gave a presentation for the Adobe ColdFusion Developer Week Conference today titled: Better CFML Code with CI. You can find the
 Posted on: 07/20/2022 05:16:00 AM
Firefox Hosts File Not Working?
Firefox Hosts File Not Working?
Pete Freitag
I'm probably not the first one to notice this, but if you have a hosts file (eg /ect/hosts or c:\windows\system32\drivers\etc\hosts
 Posted on: 07/14/2022 02:21:00 AM
How to read a ColdFusion Stacktrace
How to read a ColdFusion Stacktrace
Pete Freitag
This question came up recently: How do you read a stack trace? Are there any resources that will educate me? While the
 Posted on: 06/24/2022 03:41:00 AM
How I cut AWS Lambda Java Cold Start Times in Half
How I cut AWS Lambda Java Cold Start Times in Half
Pete Freitag
It is rare that a simple JVM argument change can have a dramatic impact on execution times, but in the case of AWS Lambda adjusting the Tiered Comp
 Posted on: 04/08/2022 01:56:00 AM
Spring4Shell and ColdFusion
Spring4Shell and ColdFusion
Pete Freitag
I've had a bunch of people ask me if ColdFusion / Lucee servers need to worry about the recent Java vulnerability in Spring, nick named Spring4Shel
 Posted on: 04/07/2022 07:36:00 AM
Order by NULL Values in MySQL, Postgresql and SQL Server
Order by NULL Values in MySQL, Postgresql and SQL Server
Pete Freitag
If you have a column that may contain NULL values, and you want sort on that column with an ORDER BY clause, which comes firs
 Posted on: 03/11/2022 05:03:00 AM
CloudFlare Authenticated Origin Pulls
CloudFlare Authenticated Origin Pulls
Pete Freitag
If you are using CloudFlare in front of your web server, it is a good idea to setup                                      
 Posted on: 01/28/2022 06:46:00 AM
Log4j 1.x Vulnerability Guide
Log4j 1.x Vulnerability Guide
Pete Freitag
Almost every day I see someone asking what to do about log4j 1.2 / 1.x versions. It can be quite a lot of wrap your head around, and it can't be answer...
 Posted on: 12/24/2021 05:52:00 AM
Log4Shell Vulnerability Timeline
Log4Shell Vulnerability Timeline
Pete Freitag
When I created a blog entry covering Log4Shell log4j on ColdFusion, and said I would update it a                                      
 Posted on: 12/19/2021 03:51:00 AM
How to get Log4j Version at Runtime in Java
How to get Log4j Version at Runtime in Java
Pete Freitag
Here's how you can get the version of Log4j you are using at runtime using Java: Java Code to Get the Log4j Version at Runtime
 Posted on: 12/16/2021 03:07:00 AM
Log4j CVE-2021-44228 Log4Shell Vulnerability
Log4j CVE-2021-44228 Log4Shell Vulnerability
Pete Freitag
There is a critical security vulnerability (CVE-2021-44228 aka Log4Shell) in the java library log4j which is a popular logging library for java applica...
 Posted on: 12/11/2021 06:25:00 AM
Listing loaded OSGI Bundles in Lucee
Listing loaded OSGI Bundles in Lucee
Pete Freitag
Here's a quick code snippet that will output a list of OSGI java bundles and bundle versions that are loaded / installed on Lucee: //CFMLEngi
 Posted on: 09/16/2021 03:14:00 AM
Replacing Twitter Share / Follow Widget Buttons with CSS
Replacing Twitter Share / Follow Widget Buttons with CSS
Pete Freitag
While looking at the PageSpeed Insights for my blog I noticed that the Twitter widgets I was using to display a twitter follow button and a tw
 Posted on: 07/08/2021 01:19:00 AM
Docker for Devs
Docker for Devs
Pete Freitag
A few years ago I gave a presentation to my local CFUG titled Docker for Devs. I recently realized that I never posted the slides or the examp
 Posted on: 06/30/2021 02:26:00 AM
Securing ColdFusion Applications - DevWeek 2021
Securing ColdFusion Applications - DevWeek 2021
Pete Freitag
It was great to be a speaker at the ColdFusion DevWeek event last week. I spoke on the topic Securing ColdFusion Applications. As promi
 Posted on: 06/30/2021 02:17:00 AM
Java versions supporting TLS 1.3
Java versions supporting TLS 1.3
Pete Freitag
What versions of Java support TLSv1.3 / TLS 1.3? Java 8 TLS 1.3 Support If you are on Java 8 (or 1.8 if you prefer) then you need versi
 Posted on: 05/12/2021 01:29:00 AM
URL Safe Base64 Encoding / Decoding in CFML
URL Safe Base64 Encoding / Decoding in CFML
Pete Freitag
ColdFusion / CFML has a builtin function that can convert a string or a binary object to a standard Base64 encoded string:
 Posted on: 04/23/2021 05:50:00 AM
TLSv1 and TLSv1.1 Disabled by Default in Java after April 2021
TLSv1 and TLSv1.1 Disabled by Default in Java after April 2021
Pete Freitag
The OpenJDK Crypto Roadmap states that TLSv1 and TLSv1.1 will be disabled in OpenJDK relea                                      
 Posted on: 04/16/2021 07:10:00 AM
Bash Script to log file modifications with osquery
Bash Script to log file modifications with osquery
Pete Freitag
Here's a bash script that uses osquery to log which files in a specific folder have been modified over a 15 minute period. My use case her
 Posted on: 04/10/2021 05:58:00 AM
Using Hashicorp Vault with ColdFusion
Using Hashicorp Vault with ColdFusion
Pete Freitag
Hashicorp Vault is an open source, enterprise grade security vault. It is designed to grant secure access to the secrets that it stores. It can also act as an encryption as a service API. Vault is very powerful, and there are lots of resources and videos describing how it works. Using Vault is somet...
 Posted on: 01/30/2021 02:41:00 AM
SessionInvalidate for JEE Sessions
SessionInvalidate for JEE Sessions
Pete Freitag
The builtin CFML function sessionInvalidate() works great for invalidating or clearing a ColdFusion session (CFID/CFTOKEN). But it doesn't invalidate the underlying J2EE / JEE session (the JSESSIONID). You can dip down into the underlying JEE API and invoke the invalidate() function on the javax.ser...
 Posted on: 01/23/2021 07:58:00 AM
Is maxlength necessary in cfqueryparam with timestamps?
Is maxlength necessary in cfqueryparam with timestamps?
Pete Freitag
Jakob Ward recently posted an interesting question to the CFML slack channel: Is there a point to setting maxlength for a timestamp value in cfqueryparam? Or can this be ignored safely? My guess was that cfqueryparam would ignore the maxlength attribute when the cfsqltype is timestamp (or cf_sql_t...
 Posted on: 01/21/2021 04:50:00 AM
Java LTS Version Roadmap and Guide
Java LTS Version Roadmap and Guide
Pete Freitag
People often download and install the latest version of Java, rather than the latest LTS version of java. In most cases, especially if it is on a server you probably want to be using the LTS version of java. So what is a Java LTS Version? LTS stands for Long Term Support, this means that the java ve...
 Posted on: 12/09/2020 02:40:00 AM
ColdFusion Summit Fall 2020
ColdFusion Summit Fall 2020
Pete Freitag
Thanks to all who attended my talk today on Securing ColdFusion Applications. You can find the slides here. Many had asked me about the link to ColdFusion Security Training class to be held on Thursday December 10, 2020 @ 11am-2pm & Friday December 11 @ 11am-2pm (Eastern Standard Time, UTC -5). In t...
 Posted on: 11/19/2020 06:59:00 AM
One liner to download a Browser with PowerShell on Windows Server
One liner to download a Browser with PowerShell on Windows Server
Pete Freitag
It would be nice if Windows Server 2019 came with Microsoft Edge Browser, but it still comes with good old IE 11, and on a Windows Server, you have to jump through hoops to let IE download anything due to its default security settings. First I tried downloading Microsoft Edge Browser with IE on Wind...
 Posted on: 10/21/2020 04:28:00 AM
CFML Left and Right Functions can Accept Negative Counts
CFML Left and Right Functions can Accept Negative Counts
Pete Freitag
Here is a handy trick I saw in some code recently. It turns out you can use a negative integer in the count argument of the left() and right() functions in CFML. This works in multiple versions of both Lucee and Adobe ColdFusion! Here's an example: left("Peter", -1) This will trim 1 character off th...
 Posted on: 09/10/2020 06:20:00 AM
Setting Lucee Admin Password with CommandBox
Setting Lucee Admin Password with CommandBox
Pete Freitag
One of the recent changes to Lucee is that no longer allows you to enter an admin password from the web based lucee admin if one had not been set yet. This is a great feature for security, but for local development it makes things a bit more cumbersome. You'll see what I mean when you hit this error...
 Posted on: 09/03/2020 06:04:00 AM
Cleaning up Development Disk Space CommandBox
Cleaning up Development Disk Space CommandBox
Pete Freitag
I've been using CommandBox to startup CF servers on my dev laptop and desktop for several years, maybe even since the first version was released! CommandBox does a great job of hiding its internal magic, and thus the amount of disk space it consumes can creep up on you. To make matters worse it stor...
 Posted on: 08/22/2020 06:13:00 AM
Creating a Symbolic Link with ln -s What Comes First?
Creating a Symbolic Link with ln -s What Comes First?
Pete Freitag
One thing I've had to google more times than I'd like to admit is the path argument order for the ln command. What comes first in the ln -s command on linux or Mac? So I thought I'd write a little blog entry for future me to find. Here's an example: ln -s /real/path /linked/path To answer my own que...
 Posted on: 07/14/2020 04:57:00 AM



Footer Logo

Powered by Galaxy Blog

If you have an ideathat you want to share, please contact us! This community can only thrive if we continue to work together.

Images and Photography:

Gregory Alexander either owns the copyright, or has the rights to use, all images and photographs on the site. If an image is not part of the "Galaxie Blog" open sourced distribution package, and instead is part of a personal blog post or a comment, please contact us and the author of the post or comment to obtain permission if you would like to use a personal image or photograph found on this site.

Credits:

Portions of Galaxie Blog are powered on the server side by BlogCfc, an open source blog developed by Raymond Camden. Revitalizing BlogCfc was a part of my orginal inspiration that prompted me to design this site.

Version:

Galaxie Blog Version 3.0 (Toby's Edition) June 14th 2022 Tropical Wave theme