The real news here is ...
"The ancient applications platform is used by some 30 million websites"
Some people have no fear of anything. Or, more often, do not know enough to fear the thing they see.
Adobe has patched a hole in ColdFusion that could have allowed hackers to gain access to files and passwords stored on servers. The applications platform is used by some 30 million websites. The XML external entities injection vulnerability triggers when XML word documents are processed, Legal Hackers security researcher …
Well, Coldfusion has apparently gone from Version 11 to Version 2016.
That is an immense help when trying to determine version history. When will vendors decide upon a version numbering scheme and bloody stick to it ?
Is that a Marketing idea ? Shoot them, please.
Indeed. I've always very much preferred the X.Y.z versioning scheme.
X is incremented when the product changes enough or introduces enough new functionality to make it a drop-in replacement for the previous version (EG, may need DB schema change or no-longer supports a certain set of Operating Systems). Or at the very least represents a major milestone in development.
Y is incremented when a new feature is implemented that doesn't require any changes to the rest of the system (although may prevent downgrades). Should be compatible with anything else within the 'X' version family.
Z is the patch level the system can be upgraded to a later 'z' version without any changes and a system admin can upgrade without needing any testing. Usually a new version is produced monthly / twice-monthly.
The vast majority of software follows this model, but too many prolific software projects don't (Linux Kernel, OS X, etc.).
I can accept 2016 as a version number if the whole version is based on it like <year>.<month>.<day> and it has a very rapid development cycle (where new versions are built weekly, if not daily). Otherwise, it seems pretty pointless.
Actually adobe DOES use a standard version number, 2016 is just the "major" version. For instance, the current latest version of CF is 2016.0.02.299200 which represents update level 2 and the last bit is the build number. They've always used this-- the major version just had a little "jump" from 11. As far as marketing goes, they only use the major version, which is pretty much standard in a lot of software.
Ancient applications platform?
CF was released in 1995, a year after PHP. And the latest version was released only 7 months ago.
I know you guys don't "get" CF, but it is used by a hell of a lot of very large companies and various government bodies. (yes, I use it and have done for since CF4.5...)
It's not the age of the platform as a whole, but the age of the feature-set. PHP has been updated many times (as is still not considered state of the art), and includes full class support among other things. ColdFusion is very much behind the times feature-wise. I work with a wide variety of programming languages, including ColdFusion and I would not recommend it for future projects. Adobe is just barely keeping the product alive at this point and you can be more productive using other tools.
If you're one of those guys who "only knows ColdFusion", start learning Python, .NET MVC, Node.JS or Ruby on Rails. ColdFusion has passed its best before date at this point.
Please tell me specifically how ColdFusion as a platform is behind? It's a multi-paradigmed modern JVM scripting language with OO and FP constructs, Java/.NET interop, more out-of-the-box integrations than any of the other langs you listed, enterprise modular MVC frameworks, CLI tooling, package management, and free open source engines. I know several languages, and I still choose CF for my everyday job due to it's great productivity. What am I missing by using CF?
This post has been deleted by its author
Your comments are statistically _very_ in accurate. ColdFusion has fewer vulnerabilities every year than PHP, Java, or .NET. In fact, Java and PHP literally have about 6 times more vulns found every year! Where are your stats coming from? Mine are right here:
Biting the hand that feeds IT © 1998–2020