2014 ColdFusion Builder Updated
ColdFusion Builder 3 Update 2 has been released. It addresses a series of issues, as defined in this post. The team has also posted some notes on ColdFusion Builder 3 automatic updates notification and installation options.
2014 ColdFusion 11 Now Available
The ColdFusion team has announced the release of the next major version of the product, ColdFusion 11. Here are details on some of the new features, and the updated buying guide highlights edition differences. We've also released a significantly updated ColdFusion Builder 3.
2014 GCN On ColdFusion And The Most Secure Programming Language
GCN has posted a story on the most secure web language based on data from WhiteHat Security in its 2014 Website Security Statistics Report. WhiteHat performed vulnerability assessments of more than 30,000 websites using .NET, Java, ASP, PHP, ColdFusion, and Perl.
2014 Upcoming ColdFusion Seminars
With the next major version of ColdFusion now in public beta, the ColdFusion team is hosting a series of online seminars.
2014 Into The Box 2014
A day before cf.Objective() 2014, the ColdBox team is hosting the one-day Into The Box 2014, featuring sessions on the entire ColdBox family - WireBox, CacheBox, LogBox, TestBox, ProfileBox, and more.
2014 Krebs On Security ColdFusion Story
Krebs on Security has posted a story with the link bait title of The Long Tail of ColdFusion Fail. The title is misleading; the story is not about ColdFusion fails at all, but about IT failing to keep servers up to date to deal with already addressed security holes. But, wrong title aside, the message is one worth repeating.
2014 ColdFusion Splendor And Thunder Public Beta
The next major versions of ColdFusion (codenamed "Splendor") and ColdFusion Builder (codenamed "Thunder") are now available for public beta over on Adobe Labs.
2013 ColdFusion Security Update Posted
2013 Neglected ColdFusion Servers Invite Hackers
Information Week has published an important article entitled ColdFusion Hacks Point To Unpatched Systems. The basic premise is nothing ColdFusion specific; if you deploy public facing servers and then neglect to patch or update them, well, you're asking for trouble. That said, ColdFusion seems to be particularly vulnerable not because of the software itself, but because ColdFusion servers are often deployed and used by less experienced developers and administrators. (That, and many are considered "legacy" code for "we'll keep using it but will never actually pay attention to it").
If you host public facing servers, then you have a responsibility to manage and maintain them. So, two practical suggestions:
- If you are not using ColdFusion 10, upgrade now! ColdFusion 10 can notify you of available updates, and also simplifies installing them. While I wish ColdFusion would have offered this years ago, it does offer it now, so use it!
- Sign up with HackMyCF, a monitoring service that will probe your ColdFusion servers and will then send you notifications and alerts. It's inexpensive, and will more than pay for itself the first time it alerts you to plug a hole.
2013 cf.Objective() 2014