2013 ColdFusion Security Update Posted
2013 Neglected ColdFusion Servers Invite Hackers
Information Week has published an important article entitled ColdFusion Hacks Point To Unpatched Systems. The basic premise is nothing ColdFusion specific; if you deploy public facing servers and then neglect to patch or update them, well, you're asking for trouble. That said, ColdFusion seems to be particularly vulnerable not because of the software itself, but because ColdFusion servers are often deployed and used by less experienced developers and administrators. (That, and many are considered "legacy" code for "we'll keep using it but will never actually pay attention to it").
If you host public facing servers, then you have a responsibility to manage and maintain them. So, two practical suggestions:
- If you are not using ColdFusion 10, upgrade now! ColdFusion 10 can notify you of available updates, and also simplifies installing them. While I wish ColdFusion would have offered this years ago, it does offer it now, so use it!
- Sign up with HackMyCF, a monitoring service that will probe your ColdFusion servers and will then send you notifications and alerts. It's inexpensive, and will more than pay for itself the first time it alerts you to plug a hole.
2013 cf.Objective() 2014
2013 Now Forming: Team CF Advance
Team CF Advance, an Open Source ColdFusion Development Group, is now forming, as per this post.
2013 Infographic: What You Didn't Know About CFML
Check out this infographic entitled What You Didn't Know About CFML - Common Myths Debunked.
2013 CF Live For Real Time CFML Testing
Russ Michaels has created CF Live, an online tool that lets you enter CFML code for execution on ColdFusion or Railo. If you want to tinker with CFML (albeit with some language restrictions for security's sake), then give it a try.
2013 Weigh In On The Future Of ColdFusion Features
The ColdFusion team is going through the complex process of determining what to do with lesser used or legacy product features. Fill in this Adobe ColdFusion Feature Usage Survey to have your voice heard.
2013 FusionReactor 5 Released
Over the years I have often referred to FusionReactor as a a vital tool in every ColdFusion Administrator's toolbox. Intergral has just announced a major upgrade in FusionReactor 5, which now includes:
2013 Check Out ProfileBox
Using ColdFusion and ColdBox? ProfileBox is a ColdBox module that uses Intergral's FusionReactor server monitor to provide profiling, metrics, CacheBox reports, custom object metrics, exception notifications, LogBox integration, and much more, for any ColdBox 3.5 application.
2013 Adobe ColdFusion Summit 2013 Speaker List
Registration is open for the Adobe ColdFusion Summit 2013 in Las Vegas this October. The agenda is still being finalized, but the speaker list is now up, and an impressive line up it is! Oh, worth noting, registration costs $250, and when you register you get a copy of ColdFusion Builder which costs $299. Nice, huh?