Pete Freitag Pete Freitag

Pete Freitag

Potential gotcha with searchImplicitScopes and cfparam

June 23, 2025
The recent ColdFusion security hotfix that changed searchImplicitScopes defaults has been keeping developers busy fixing unscoped variables....

Simple Load Testing with curl

June 19, 2025
Recently I was testing a client's rate limiting configuration, so I needed to send a bunch of requests to a URL within a short period of time to see if it was working properly....

Fixinator 6.1.0 - Detecting Undefined Remote Arguments

May 29, 2025
Today, I released Fixinator version 6.1.0 which includes several enhancements to the CFML code security scanning to provide more accurate results....

The CWE 25 and ColdFusion - CFSummit East 2025 Slides

March 27, 2025
Returned from another Adobe ColdFusion Summit East conference in Washington DC. This year, I gave a talk titled Securing Adobe ColdFusion Applications: A Walk through the CWE Top 25. You can download the slides here....

Understanding and Checking for Tomcat CVE-2025-24813

March 17, 2025
I've had a few questions lately about the Tomcat vulnerability CVE-2025-24813....

Java 21: Could not find agent library instrument on the library path

March 5, 2025
Today I was trying to load a -javaagent on Java 21 / ColdFusion 2025 on Windows Server 2022, but I was getting the following error:...

Fixinator Version 6 Released

March 4, 2025
I’m extremely pleased to announce the release of Fixinator version 6.0.0!

Last year in 2024, there were 7 releases to the Fixinator scanning engine. Version 6.0....

ColdFusion 2025 Breaking Changes Explained

March 4, 2025
In case you missed it, Adobe released ColdFusion 2025 last week. The ColdFusion 2025 release has removed several deprecated or unsupported features, so it is important to test your code, and scan your code for these issues before updating....

Fixinator's New Compatibility Scanner

October 31, 2024
Upgrading to the latest version of ColdFusion can be stressful. What will break? What might start to act differently? While Adobe generally prioritizes backward compatibility, there are always nuances to consider....

ColdFusion Summit 2024 Slides: 20 ways to secure CF

October 4, 2024
This year at the Adobe ColdFusion summit in Las Vegas I presented on 20 ways to secure ColdFusion. You can download my slides here....

Latest ColdFusion Security Updates - July 2025

September 10, 2024
This page is updated with the latest ColdFusion Security Updates and Hotfixes published by Adobe.

Latest ColdFusion Security Update...

Left and Right Accept Negative Counts

May 2, 2024
Here’s something I learned re-learned recently: you can pass negative values into the left() and right() functions in CFML. Thanks to John Whish for pointing this out in a pull request on cfdocs.org....


Here are some of the most popular entries I've written over the past twenty plus years.

Finding Duplicates with SQL

Howto Create an RSS 2.0 Feed

The 15 Most Useful Linux commands

Parsing, Modifying, and outputting XML Documents with Java

SELECT a random row with SQL

What is the difference between ASCII Chr(10) and Chr(13)

20 ways to Secure Apache Configuration

SQL Pagination with LIMIT and OFFSET

How I cut AWS Lambda Java Cold Start Times in Half

How to read a ColdFusion Stacktrace

More Entries »

CFBreak
The weekly newsletter for the CFML Community