A recent hotfix was released by Adobe in order to protect ColdFusion users from a number of flaws

Security updates were released to address vulnerabilities in ColdFusion versions 10 and 11. According to the Adobe Security Bulletin the hotfix includes an updated version of BlazeDS and addresses potential data leak (information disclosure) glitches.

Adobe recommends ColdFusion customers to update their systems and provides technotes for each version. Our Technicians would be more than happy to assist you and help you in case you need to apply ColdFusion updates.

Apparently an unrestricted XML parser may allow for external XML entities processing when parsing such document. The flaw may be exploited by unauthenticated remote hackers. The flaw can allow various attacks including: reading arbitrary, listing web/system directories, SSRF attacks / unauthorized access to restricted services running on the localhost as well as within the victim’s server network; SMB relay attacks; and temporary file uploads which may be used by attackers in combination with LFI vulnerabilities to supply malicious code. Attackers can also read critical ColdFusion configuration files such as neo-security.xml, password.properties, and neo-datasource.xml. They can read ColdFusion password hashes including the management console, database credentials, and gain access to a weakly protected ColdFusion system.

Adobe’s ColdFusion is a powerful and very productive language, designed to be a RAD (Rapid Application Development) tool. It is essentially a big Java tag library with success in vertical markets and well accepted by Mid-to-Enterprise level Organizations. Though an excellent and versatile language, licensing costs have sometimes turned owners and developers to other options, especially in the wake of the new wave of open source platforms.

Here comes Lucee, offering an open source solution to the developers’ dreams. Not only is it free, but also it performs well, is stable, and is updated reasonably frequently. Lucee is compatible with contemporary ColdFusion script and tag language variants, also providing configurable support for legacy ColdFusion. The core features of Lucee provide easy to learn tags for everything from database queries to sending dynamic email messages to scripting connections with ftp and Amazon s3 storage. Almost anything you can do with ColdFusion, you can do with Lucee.

Our Team has extensive experience with the platforms, therefore if you need a transition from ColdFusion to Lucee, we are here to help. Just send us a request or call us and our Specialists will assist you!

Adobe has released security hotfixes for ColdFusion versions 10, 11 and the 2016 release. These hotfixes resolve an input validation issue (CVE-2016-1113), a host name verification problem with wild card certificates (CVE-2016-1115) and include an updated version of Apache Commons Collections library to mitigate java deserialization (CVE-2016-1114).

Contact us right away or call us to get this security hotfix for ColdFusion installed and update your System!

Release date: May 10, 2016

Vulnerability identifier: APSB16-16

CVE numbers: CVE-2016-1113, CVE-2016-1114, CVE-2016-1115

ColdFusion 2016 release:

ColdFusion (2016 release) Update 1 (release date May 10, 2016) includes the following changes:

• Tomcat upgrade to 8.0.32.
• Addresses a vulnerability mentioned in the security bulletin
• Several important bug fixes for security, core language features, server, and other areas.

ColdFusion 11:

ColdFusion 10:

Download Safari now from Softonic: 100% safe and virus free. Safari Download Safari for Windows. Version: 5.1.7; Size: 36.7 MB; Filename: SafariSetup.exe. But from the day it was released, Safari set the bar higher for web browsers. … the very top of the browser, opening an even wider window for viewing websites.

ColdFusion 10 Update 19 (release date May 10, 2016) includes the following changes:

• Tomcat upgrade to 7.0.68.
• Addresses a vulnerability mentioned in the security bulletin
• Important bug fixes for security and server.
• This update is cumulative and includes fixes from previous ColdFusion 10 updates.

Adobe recommends that customers apply the appropriate hotfix immediately, therefore you should contact your Administrator, or you can have Our Team at Ecom Solutions help you implement it.

Contact us right away to get this security hotfix for ColdFusion installed and update your System!

The Mobile Reality

Array is an essential tool in any programming language, which makes its implementation crucial for the programming language to be successful. In order to meet their goal of making simple scripting language for rapid and easy web development, Adobe made ColdFusion arrays simple for people who are lacking the proper training and programming experience. Read the rest of this entry »

As the amount of internet traffic served to mobile devices is on the rise, Responsive web design is becoming more and more important. The mobile trend is so popular that Google has started penalizing websites that aren’t mobile-friendly, and will boost the ones that have a Responsive mobile architecture, especially for searches originating on a mobile device. Let’s admit it: people like to be confortable and they are likely to be on the run, favoring the use of mobile devices. Meaning in the near, as well as the far future,  mobile usage (this includes mobile phones and tablets) will surely surpass desktop usage globally. Read the rest of this entry »

Your ColdFusion Website may yield errors related to SSL and the Java Environment, typically returning a 500 – internal server error or re-routing clients to the logon page. They won’t be able to make purchases or transactions.  If your ColdFusion Website has an E-Commerce component, or accepts payments via Merchant Accounts, Gateways, or credit card processing engines such as Authorize.net then you might already be looking for a fix.

This happens because the certificate issuing authority is not registered in the security keystore in the JVM that ColdFusion is running on top of. The problem can be solved by troubleshooting the SSL certificate for the Website or running Service. A ColdFusion programmer with administrative rights on the server can work on the SSL certificate into your ColdFusion Environment and help let your transactions / payments go through again.

You can always Contact or E-mail our ColdFusion and E-Commerce Specialists if you have questions or you need help

How do I know I need help?

• I have ColdFusion and my customers can’t buy my products
• We are getting a ColdFusion 500 internal server error
• I am trying to buy something and I am being re-routed to logon
• I can’t make a transaction or a purchase on a ColdFusion Server
• I am having an SSL error related to Authorize.net

How to build Mobile-Friendly Websites

According to Thomas Petty, President of Bay Area Search Engine Academy, there are three ways to build mobile-friendly websites:

(1)    Using the latest Cascading Style Sheets, a website design that is mobile-responsive can be set up by you. This mobile device display’s optimization method is preferred by Google and allows for the rearranging, displaying or hiding of information across various devices. The devices include smartphones and desktop PCs. Petty claims that the content is simply hidden or rearranged depending on which device, but all content is equally served. Read the rest of this entry »

Get Ready for New Google Algorithm Change: Mobilize or Be Penalized

In today’s market, corporations are well aware of the grave effects algorithm changes of Google can have. 10minutemail alternativeHaving suffered when some such as Demand Media or Ask.com used SEO for bolstering their brand and ignoring the poor content they were publishing is a lesson they will not forget easily. The result of Panda, Google’s 2011 algorithmic change, led the way for the creation of higher quality writing.

Penguin, another of Google’s algorithm changes, targeted sites with poor quality links in 2012. These links led users to poor quality content and their sites were, therefore, severely penalized in ranking by Google. Basically, irrelevant information caused sites to suffer with ranking in Google.

The word is out for Google’s next algorithm change. If your site is not mobile-friendly by April 21st, it will be penalized in its ranking. It may actually be removed from the mobile search index of Google. Maybe your site looks great and works well when a person visits it from a desktop computer, but how does it look and work from a cell phone or tablet? You most definitely should check this out and make necessary changes by April 21st.

What is Google’s reason for this new algorithm change? Since consumers are using mobile devices more and more, Google believes that businesses should get in step with the times. Sites will now be ranked according to the convenience they offer to the mobile-user. The ranking elements Google will be using are listed below.

Sites must:

1. Avoid software such as Flash which is not usable on mobile devices. According to Adobe, “Flash Player for mobile devices is officially dead”.
2. Use readable text without zooming.
3. Size content to allow users to view it on the screen without having to zoom or scroll horizontally.
4. Space links apart far enough to allow the correct link to be easily tapped.

Mobilegeddon Is Here!

When conference speakers at last month’s Search Marketing Expo (SMX) West were asked their main takeaways, one response was definitely a sign of the times. “Mobile, mobile, mobile,” was the answer of the senior manager of content marketing for Kenshoo, Kelly Wrather. “I want to grab every website designer and tell them mobile is the thing! It’s the only thing!”

A frequent discussion topic at previous SMX shows has been mobile-optimized websites’ importance. However, this year a sense of urgency was apparent since “Mobilegeddon,” as it is called by some, was due to arrive anytime.

For the past two years, a search ranking factor has been website mobile-friendliness. According to founder and CEO of AudienceBloom, Jayson DeMers, “Websites that aren’t mobile-friendly will see a more negative impact in search visibility than they may already be seeing, and mobile-optimized sites may be rewarded even greater in search rankings.”

Vidmate is an app that lets you download videos and songs from Vimeo, YouTube, Dailymotion, SoundCloud, Metacafe, and loads of other multimedia sites. FREE Download Vidmate App 3.08 VidMate app is an easy to use and powerful android app to download

Google noted in its June, 2013, Webmaster Central Blog it plans to initiate several ranking changes soon. Google further warned that sites misconfigured for smartphone users will be addressed by these ranking changes.

At the same time, Google pointed out two common mistakes that cause websites to convey poor mobile experiences:

Mistake # 1: Sending smartphone users to a single mobile page due to defective redirects to their site pages listed in search results — For instance, the redirects send users to the home page and not a mobile-optimized version users are seeking.

Mistake #2: Errors of only smartphones – These take place when users of smartphones click Web pages in search results’ listings and receive only error messages.

Read the rest of this entry »

When your website serves both desktop and mobile users, it has to display properly across many devices. Adaptive and responsive designs use different delivery methods to provide this functionality.

Adaptive
Adaptive web design (AWD) uses an approach called progressive enhancement to present your site in a format suitable for each device that visitors use to access it. Starting with HTML templates designed for separate screen sizes, AWD then applies CSS styling and finally device-specific JavaScript to ensure a seamless experience. Only the relevant template is downloaded, which allows any included media to be optimized for mobile visitors. Read the rest of this entry »