Pete Freitag's Blog

Latest Blog Entries

Generate 6 Digit Security Codes in Java or CFML

— Shows how to use java SecureRandom to generate a six digit security code.

ColdFusion Developer Week 2025 Slides and Video

— Slides and video links for my presentation at ColdFusion Developer Week 2025

Potential gotcha with searchImplicitScopes and cfparam

— Be careful when using cfparam to deal with searchImplicitScopes.

Simple Load Testing with curl

— How to use curl for a simple HTTP load test.

Fixinator 6.1.0 - Detecting Undefined Remote Arguments

— The release of Fixinator 6.1.0 and its features.

The CWE 25 and ColdFusion - CFSummit East 2025 Slides

— Slides for my talk at the 2025 Adobe ColdFusion Summit East Conference in Washington DC

Understanding and Checking for Tomcat CVE-2025-24813

— Writes are disabled by default in Tomcat's DefaultServlet, here's how to check your server.

Java 21: Could not find agent library instrument on the library path

— Debugging the error: Could not find agent library instrument on the library path

Fixinator Version 6 Released

— Version 6 of Fixinator a CFML code scanning tool has been released.

ColdFusion 2025 Breaking Changes Explained

— List of breaking changes in CF2025 and how to use Fixinator to spot them.

Fixinator's New Compatibility Scanner

— Fixinator's New Compatibility Scanner: Upgrade to the latest ColdFusion version with confidence. Identify compatibility issues, deprecated features, and removed tags/functions.

ColdFusion Summit 2024 Slides: 20 ways to secure CF

— My slides and an outline of my CF Summit 2024 talk in Las Vegas

Latest ColdFusion Security Updates - July 2025

— A list of the latest ColdFusion Security Updates

Left and Right Accept Negative Counts

— You can pass a negative value into CFML left or right functions.

Fixinator fixes unscoped variables

— Fixinator now finds and fixes unscoped variables relating to searchImplicitScopes

ColdFusion searchImplicitScopes and APSB24-14

— Learn about the searchImplicitScopes change in APSB24-14.

Lucee RCE Vulnerabilities February 2024

— Lucee RCE vulnerabilities in February 2024, affecting remote code execution and client variables. How to fix isDefined calls, CF_CLIENT cookie values, and REST CFC requests.

DNS over HTTPS is not what I thought

— You might be surprised to see how DNS over HTTPS actually works.

Remove the Server Header in any IIS Version

— How to remove the Server header in any version of IIS.

Self Signed Certificates in Edge on Windows

— How to generate a self signed cert on windows with Powershell

Popular Entries

Here are some entries that have been popular over the years:

You can find the full entry archive here.