Pete Freitag's Homepage

If you are using CloudFlare in front of your web server, it is a good idea to setup CloudFlare Authenticated Origin Pulls. When this is enabled and properly configured only CloudFlare will be able to connect to your origin web server directly....

Almost every day I see someone asking what to do about log4j 1.2 / 1.x versions. It can be quite a lot of wrap your head around, and it can't be answered easily in a sentence or two....

When I created a blog entry covering Log4Shell log4j on ColdFusion, and said I would update it as new information comes in, I didn't realize I would be updating it several times a day for the past week....

Here's how you can get the version of Log4j you are using at runtime using Java:

Java Code to Get the Log4j Version at Runtime

org.apache.logging.log4j.util.PropertiesUtil.class.getPackage()....

There is a critical security vulnerability (CVE-2021-44228 aka Log4Shell) in the java library log4j which is a popular logging library for java applications. It is included in both Adobe ColdFusion and Lucee for example....

Here's a quick code snippet that will output a list of OSGI java bundles and bundle versions that are loaded / installed on Lucee:

//CFMLEngine

engine = getPageContext().getCFMLFactory().getEngine();

//org.osgi....

While looking at the PageSpeed Insights for my blog I noticed that the Twitter widgets I was using to display a twitter follow button and a tweet / share button were causing some page speed issues....

A few years ago I gave a presentation to my local CFUG titled Docker for Devs. I recently realized that I never posted the slides or the examples. So while the version numbers may be a bit outdated, I thought it may be useful to post it....

It was great to be a speaker at the ColdFusion DevWeek event last week. I spoke on the topic Securing ColdFusion Applications.

As promised here are the slides, and the example code I used can be found here....

What versions of Java support TLSv1.3 / TLS 1.3?

Java 8 TLS 1.3 Support

If you are on Java 8 (or 1.8 if you prefer) then you need version 8u261 b12 or greater. This version was released on July 14, 2020....

ColdFusion / CFML has a builtin function that can convert a string or a binary object to a standard Base64 encoded string: toBase64 and you can decode back to a string using toBinary() and toString() or the binaryDecode() function....

The OpenJDK Crypto Roadmap states that TLSv1 and TLSv1.1 will be disabled by default in OpenJDK versions released after April 20, 2021. This change also applies to Oracle, and all the JVMs that are derived from OpenJDK....