Week 23, 2024: Here's the latest from the CFML, ColdFusion and Lucee community.
ColdFusion Security Hotfix
This week, if you are using Adobe ColdFusion, don't miss that Adobe has published a security hotfix for ColdFusion 2021, and 2023. This release has a breaking change which changes the default algorithm for Hash(), Encrypt(), and Decrypt() it is no longer CFMX_COMPAT
. You are hopefully avoiding that anyways, but really old code (written before CF7) may not have specified the algorithm since it was not an option back then. Also be sure to read Charlie's post for some more important info.
I hope you enjoy this issue of CFBreak!
Cheers!
-Pete
| Adobe Security Bulletins and Advisories |
| Charlie Arehart |
| Ben Nadel |
| Adobe ColdFusion Blog |
| Nolan Erck |
| Ortus Solutions |
| Robert Zehnder |
| Adobe ColdFusion Forums |
| Lucee Community |
| Ortus Community |
| StackOverflow ColdFusion |
| CFDocs Function of the Week |
| Gets information about free hard disk space or free in-memory VFS space. getFreeSpace(path); → returns numeric cfdocs.org/getfreespace |
| This weekly CFML / ColdFusion newsletter is brought to you by Foundeo Inc. Purveyors of security products and services for CFML developers. Here's this week's featured product:  | FuseGuard - a web application firewall for ColdFusion applications. - ✅ Runs onRequestStart
- ✅ Block or Log Malicious Requests to your CF Applications
- ✅ Configurable, customizable and written in CFML
Give it a spin | |