Skip to main content
Derivative Genius
Derivative Genius
Participant
December 6, 2023
Question

anyone interested in working on playlist "Getting Started with Adobe ColdFusion (2016 release)" ?

  • December 6, 2023
  • 2 replies
  • 612 views

It's broken in spots I've run across like use of  ...

CKEditor 4 download

CKEditor 4 is now end-of-life software. Security patches are only released for CKEditor 4 LTS, which is available exclusively in our Extended Support Model Package.

and likely others.

It's incredibly valuable ... Shouldn't we keep it as relevant as possible ?

    This topic has been closed for replies.

    2 replies

    James Moberg
    James Moberg
    Inspiring
    December 6, 2023

    Where is this CF2016 playlist? (ie, URL)

    I'm not familiar with Adobe's video, but we integrated CKEditor4 on our own.  We wrote a CFTag to make it easier to integrate into existing CFML projects, but CKEditor can be added to any project by including their libraries and using vanilla javascript.

    The real danger is when using any filemanager-related script to upload files.  I believe that a recent CVE-2023-26360 exploit used Adobe's implementation of a filemanager script located at "/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc", so I wouldn't recommend blindly enabling this. For more information on this exploit, check out this advisory from 12/5 (same day as your post):
    https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a

    NOTE: If you are still using CF2016, it's unsupported and all CFCs are susceptible to XML code execution vulnerabilities even if your publicly accessible CFC is empty and does absolutely nothing.  We've avoided using CFUI tags because Adobe's implementation resulted in invalid HTML (which invalidates HTML & passing accessibility tests) and technical debt due to the included third-party static resources (ie, JS) that weren't properly maintained & updated. We've also always blocked access to "cf_scripts" at the WAF or web server levels. For more info on this, check out this blog post entitled "Exploiting CVE-2017-11286 Six Years Later: XXE in ColdFusion via WDDX Packet" by Brian Reilly:
    https://www.hoyahaxa.com/2023/09/exploiting-cve-2017-11286.html

    Charlie Arehart
    Community Expert
    Charlie ArehartCommunity Expert
    Community Expert
    December 6, 2023

    James, it's a YouTube playlist on Adobe's cf channel:

    https://youtube.com/playlist?list=PL3iywAijqFoUD31CQBLsHvJn4WAonNA7r&si=v49ymPsyzC8k6fuG

     

    All that you offer are valid points, but I suspect the op here is not USING cf2016. He was merely pointing out his own shared concerns of the YouTube playlist being about such an old version. Of course, there are far older playlists/videos on YouTube. It's the nature of the beast that old videos remain available. And while Adobe could technically "pull it down", they currently have not updated the video.

     

    That's why I offered my first answer here, at least for the sake of one seeking modern cf training from Adobe. 

    /Charlie (troubleshooter, carehart. org)
    Charlie Arehart
    Community Expert
    Charlie ArehartCommunity Expert
    Community Expert
    December 6, 2023

    So you're not asking about "working on the playlist" (as you put it) but updating the videos, right? And if so, that's certainly a fair point (for many reasons).

     

    As for "more modern CF training", Adobe does in fact offer it--to those who register for the CF certification and its included online training. It's not free, but not expensive (as certs AND training go), at only US$149.  Of course, many would prefer to see free training online, and perhaps someday Adobe may move that training to be on youtube, or maybe they will have Damien update that training there on Youtube. 

     

    Until then, I hope the info above helps you or others who find this thread.

    /Charlie (troubleshooter, carehart. org)
      Derivative Genius
      Derivative GeniusAuthor
      Participant
      December 7, 2023

      Charlie,

       

      Thanks for that clear and meaningful response. I'm new around here and when I was an active developer, I worked for a company, Internetbrands, that owned a lot of web properties written in Coldfusion, in 2012 through 2014, we kinda made fun of it, those of us that fixed bugs and worked with the dev teams,  as opposed to "serious" web development in C++/PHP/Java/JavaScript/Perl ... etc, etc.

       

      Well, the jokes on me, because now, I need gainful employment again, I'm 10 years older and I want the certainty/security of a large community and corporate support of my tools, so I'm going to be a CF Maxi ... 

      Now, I know where to go to get relevant training, so I can get a "Real" Job.

      Cheers !!

       

      Charlie Arehart
      Community Expert
      Charlie ArehartCommunity Expert
      Community Expert
      December 7, 2023

      Welcome, and thanks. I think you'll find that Adobe cf cert training to be a great boon to your plans.

       

      Looking forward to perhaps seeing you hear more often, whether seeking help or helping. 

      /Charlie (troubleshooter, carehart. org)
      Terms & ConditionsAccessibility statement
      Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices