Careful applying CF11u16, CF2016u8, CF2018u2

coldfusion Update: Adobe has released CF11 Update 17 and ColdFusion 2016 Update 9 to address problems outlined in this blog entry.

Adobe released new security updates and bug fixes for ColdFusion 11, 2016 and 2018 this week.

This entry was:

Upcoming CFML Conferences in April 2017

coldfusion I will be speaking at two conferences this month.

The conference is the Adobe CFSummit East also known as the Adobe ColdFusion Government Summit. It will be held on April 18-19, 2017 in Washington DC.

This entry was:

My CFSummit 2015 Slide Decks

coldfusion I was fortunate enough to be able to do two different talks this year at the Adobe CFSummit 2015 conference.

My first session, was a hands on Pre-Conference workshop taught by David Epler and myself, it was titled: Hack & Fix - Hands on ColdFusion Security Training.

This entry was:

Speaking at ColdFusion Developer Week 2012

coldfusion Couldn't make it to cf.Objective() this year - no worries, Adobe is hosting the second annual ColdFusion Developer Week.

This entry was:

HackMyCF Updated for APSB11-29 Security Hotfix

coldfusion Adobe released a security hotfix APSB11-29 for ColdFusion 8 and 9 on Tuesday, which fixes two XSS (Cross Site Scripting) vulnerabilities (CVE-2011-2463 and CVE-2011-4368). One vulnerability exists in cfform and the other in RDS.

This entry was:

Adobe eSeminar on FuseGuard

coldfusion Adobe has asked me to do an online e-seminar: Protecting ColdFusion Applications with FuseGuard thursday November 3rd at 10am PT / 1pm ET.

If you're curious about FuseGuard and how it works please head over to and register now!

This entry was:

ColdFusion Developer Week at

coldfusion This week (September 12-16 2011) is ColdFusion Developer Week over at Adobe.

This entry was:

Recent ColdFusion Security Hotfix Updated Today

coldfusion Adobe has updated the security hotfix that was released last month (February 2011) APSB11-04. The technote states that all users should re-apply the hotfix:

Adobe has received a few issues with the Security Hot fix released on February 8, 2011.

This entry was:

Path Traversal Vulnerability Security Hotfix for ColdFusion Released

coldfusion Adobe released a security hotfix for a path traversal vulnerability in ColdFusion administrator (CVE-2010-2861, APSB10-18). On the Adobe security bulletin page it lists affected software versions: ColdFusion 8.0, 8.0.1, 9.0, 9.0.1 and earlier versions for Windows, Macintosh and UNIX.

This entry was:

You May Need to Reapply CF Security Hotfix CVE-2009-1877

coldfusion Back in August Adobe released a series of ColdFusion security Hotfixes in security bulletin APSB09-12. One of the vulnerabilities that was supposed to be fixed was a Cross Site Scripting vulnerability that I found and reported to Adobe, known as CVE-2009-1877.

This entry was:

Adobe MAX: Building JEE Portlets with ColdFusion 9

coldfusion Adobe has posted the recording of my Adobe MAX presentation Building JEE Portlets with ColdFusion 9. Overall it was a great conference and I was happy to be a part of it. I was also happy to cover the topic of Portlets in ColdFusion 9, since it hasn't gotten much publicity as a new feature.

This entry was:

Geolocation API for Adobe AIR?

web Mozilla recently announced a new project called Geode - which allows web sites to request your location using JavaScript. I assume this will be built into a future release of Firefox someday, but for now it's a Plugin.

This entry was:

Adobe AIR Tutorial for HTML / JavaScript Developers

web I spent a some time this weekend preparing for the Adobe AIR & Flex 3 Launch Event at my ColdFusion user group. One thing I wanted to show people was how to build a simple Adobe AIR Desktop Application using HTML & JavaScript.

This entry was:

Buy Flex 2 for Less

web I just noticed today that you can buy Adobe Flex from Amazon and save a few bucks. They have Flex Builder 2 with Charting for $715.99 (it cost $749 on, and the standard Flex Builder 2 for $459.99 ($499 on Both will ship for free.

This entry was:

New Icons for Adobe's Next Product Line

coldfusion misc Adobe's new lineup of icons for the upcoming products including ColdFusion 8 (Scorpio), Adobe Photoshop CS3, etc. have been made public by John Nack, and they are generated quite a bit of reaction both good and bad.

Here's the new icon for ColdFusion 8.

This entry was:

Kuler Kolors

web Adobe launched kuler on this morning. It's a tool that lets you create color swatches, and also has some community features that allow you to rate other people's color schemes. You can download the color swatches and import them into Photoshop or illustrator (ase files). Nice work Adobe.

This entry was:

Adobe has the Greenest Office in the US

misc Adobe was in the September 2006 Business 2.0 magazine for having the greenest office in America. Congrats Adobe!

The article shows that Adobe has invested $1.1 million in energy efficiency, and is now saving $1 million annually! That's a great example for other big companies to follow.

This entry was:

Adobe Has a Account

coldfusion Thanks Rich at the basement for pointing out that Adobe has a account.

This entry was:

Interview with Sean Corfield

coldfusion misc web I thought it would be fun, and informative to conduct some interviews with web developers on my blog. I'm starting off with someone that most of my blog readers probably already know, and many have probably even had a beer with - Sean Corfield.

This entry was:

Behind the scenes at Adobe

misc Photoshop news has posted tons of behind the scense photos of the Adobe offices. They look pretty swank!

In the far Southwest corner of the 10th floor is the official Photoshop Lounge.

This entry was:

DOJ taking a closer look at Adobe Macromedia Merger

misc Via arstechnica, The US Department of Justice (DOJ) is taking a closer look at Adobe's acquisition of Macromedia.

This entry was:

Open Source at Adobe

misc I noticed this snip about open source software at Adobe on the O'Reilly Radar:

The Adobe chap had interesting

things to say about their heavily constrained use of open source:

This entry was:

Identity Theft

misc I think I finally put my finger on why hard-core Macromedians are generally un-easy about the pending Macromedia acquisition. Its that everyone hates Adobe.

This entry was:

The Day After the Storm

coldfusion web I refrained from posting about the merger yesterday, though I had some thoughts written up - I never got around to posting them. Lots of people have commented on the topic since, Jason Kottke has a good summary of some of the recent talk about the merger.

This entry was:

Making Acrobat Reader 6 Fast!

misc By removing most of the plugins in the adobe acrobat folder, you can make Acrobat Start up significantly faster on windows. Using these instructions, it seams at least 3 times faster:

From the Start->Run windows menu, Open the "x:\Program Files\Adobe\Acrobat 6.

This entry was:


did you hack my cf?