Updating Java on ColdFusion or Lucee

coldfusion As a ColdFusion user you are probably aware that your CFML is compiled into Java byte code and executed by the Java Virtual Machine (JVM). Just like your Operating System or ColdFusion server needs to be patched for security issues, so does your JVM.


This entry was:

Tomcat Java 10 on Windows CreateJavaVM Failed

java I ran into some issues getting the Lucee Tomcat 8.5 service to start on with Java 10.0.2 on a Windows 2016 Server. I was getting errors in the commons-daemon log file like: CreateJavaVM Failed CreateJavaVM Failed The system cannot find the file specified.


This entry was:

Disable Flash Remoting on ColdFusion Servers

coldfusion Due to the recent security vulnerability ABSP15-20 / APSB15-21 in BlazeDS there has been increased interest in disabling flash remoting when not needed -- if you followed the lockdown guide for CF9, CF10, or CF11 you should already have it disabled.


This entry was:

Scope Injection in CFML

coldfusion Here is an interesting vulnerability that I have come across several times in real CFML code during code reviews, I have spoken about it at conferences but have never written about it. Since it doesn't really have a name, I call it Scope Injection, you'll see why in a minute.


This entry was:

foundeo


did you hack my cf?