Pete Freitag's Homepage

I've had a several people asking me about the openssl vulnerabilities that were patched this week: CVE-2022-3602 and CVE-2022-3786 aka Spooky SSL....

Early bird registration is open for my ColdFusion Security Training deep dive class in December. If you've ever attended one of my conference sessions on ColdFusion Security at Adobe ColdFusion Summit or Into The Box (or even cf....

Someone asked on the CFML slack recently how can you find out how long your ColdFusion (or Lucee) server has been running via code.

How long has the server been running?

createObject("java", "java.lang.management....

CloudFlare recently released a new CAPTCHA service called Turnstile, which aims to provide a better user experience for CAPTCHA's. At the worst case the user will have to click a checkbox, rather than train a machine learning model solving a puzzle....

I'm back from another excellent CFSummit. So many great presentations and conversations. This I gave a presentation on the 25 Most Dangerous Software Weaknesses and how they relate to ColdFusion. My company Foundeo Inc....

Code is complex, so any static application security testing (SAST) tool will find things that may not be an actual security issue. Fixinator has a few different ways we can deal with this problem....

A really handy feature of the arrayEach() function is the parallel argument. It has been supported in Lucee since 4.5, but ColdFusion 2021 now supports it as well....

The uuid() function in MySQL returns a 36 character hex string, formatted as:

aa479ea9-1d9d-11ed-ba03-564760fe47b7

ColdFusion's createUUID() function returns a 35 character hex string formatted as:...

I gave a presentation for the Adobe ColdFusion Developer Week Conference today titled: Better CFML Code with CI. You can find the slides for my talk here, and the video here.

Here is a link to the code samples....

I'm probably not the first one to notice this, but if you have a hosts file (eg /ect/hosts or c:\windows\system32\drivers\etc\hosts on windows) you might find that recent versions of Firefox will ignore it....

This question came up recently:

How do you read a stack trace?

Are there any resources that will educate me?...

It is rare that a simple JVM argument change can have a dramatic impact on execution times, but in the case of AWS Lambda adjusting the Tiered Complication settings can have a really big impact on performance in many (but not all) cases....