Pete FreitagPete Freitag's Homepage
Java 21: Could not find agent library instrument on the library path
March 5, 2025
Today I was trying to load a -javaagent on Java 21 / ColdFusion 2025 on Windows Server 2022, but I was getting the following error:...
Fixinator Version 6 Released
March 4, 2025
I’m extremely pleased to announce the release of Fixinator version 6.0.0!
Last year in 2024, there were 7 releases to the Fixinator scanning engine. Version 6.0....
Last year in 2024, there were 7 releases to the Fixinator scanning engine. Version 6.0....
ColdFusion 2025 Breaking Changes Explained
March 4, 2025
In case you missed it, Adobe released ColdFusion 2025 last week. The ColdFusion 2025 release has removed several deprecated or unsupported features, so it is important to test your code, and scan your code for these issues before updating....
Fixinator's New Compatibility Scanner
October 31, 2024
Upgrading to the latest version of ColdFusion can be stressful. What will break? What might start to act differently? While Adobe generally prioritizes backward compatibility, there are always nuances to consider....
ColdFusion Summit 2024 Slides: 20 ways to secure CF
October 4, 2024
This year at the Adobe ColdFusion summit in Las Vegas I presented on 20 ways to secure ColdFusion. You can download my slides here....
Latest ColdFusion Security Updates - December 2024
September 10, 2024
I am going to attempt to keep this page updated with the latest ColdFusion Security Updates and Hotfixes published by Adobe. This will allow me to update this page as more info becomes available about updates....
Left and Right Accept Negative Counts
May 2, 2024
Here’s something I learned re-learned recently: you can pass negative values into the left() and right() functions in CFML. Thanks to John Whish for pointing this out in a pull request on cfdocs.org....
Fixinator fixes unscoped variables
March 21, 2024
Last week's Adobe ColdFusion security update disabled searchImplicitScopes by default. Prior to that update, and for the past twenty five years, ColdFusion would search through the all the possible scopes until it found a matching variable....
ColdFusion searchImplicitScopes and APSB24-14
March 12, 2024
Adobe has published a ColdFusion Security Hotfix APSB24-14 today which describes "a critical vulnerability that could lead to arbitrary file system read"....
Lucee RCE Vulnerabilities February 2024
February 22, 2024
Last week security researchers from Project Discovery published details on three Lucee vulnerabilities:...
DNS over HTTPS is not what I thought
January 30, 2024
A few months ago I was on a mission to remove some of the old broken links on my blog. I started blogging back in 2002, so many of the sites that I linked to twenty years ago were no longer active, or no longer under the same ownership....
Remove the Server Header in any IIS Version
December 5, 2023
Removing the Server Header as of IIS 10 (the version of IIS installed by default on Windows Server 2016, 2019 or 2022) is now much easier than it had been with prior versions of IIS....
Here are some of the most popular entries I've written over the past twenty plus years.