< jclausen> thanks for putting the Adobe updates on forgebox cfml #docker-commandbox

<@U071QGDLH> thanks for putting the Adobe updates ...

dougcain

07/12/2023, 11:41 AM

@jclausen thanks for putting the Adobe updates on forgebox so quickly - from the security bulletin (https://helpx.adobe.com/coldfusion/kb/coldfusion-2018-update-17.html) it says it needs some JVM options for the security patch: For Application Servers

On JEE installations, set the following JVM flag, "-Djdk.serialFilter= !org.mozilla.**;!com.sun.syndication.**;!org.apache.commons.beanutils.**; !org.jgroups.**", in the respective startup file depending on the type of Application Server being used.

Is this something that should go into the base commandbox? I have added to my server.json for the moment but wondered if there is a better way of making sure the default commandbox already has them?

👍 3

jclausen

07/12/2023, 11:56 AM

@dougcain I will add this to the Java tool options we already use and rebuild the images

dougcain

07/12/2023, 11:58 AM

cool thanks 🙂

dougcain

07/12/2023, 11:59 AM

will it overwrite the existing ones? If so how will I know they are rebuilt?

jclausen

07/12/2023, 12:31 PM

I will ping you here

👍 1

bdw429s

07/12/2023, 12:48 PM

I've considered adding these by default in CommandBox when starting an Adobe server, but I've never gotten around to it.

bdw429s

07/12/2023, 12:49 PM

Right now, you'd need to provide that JVM arg, unless of course, Jon adds something to the base image to add it

jclausen

07/12/2023, 12:58 PM

@dougcain I’ve added them a

JAVA_TOOL_OPTIONS

so as not to conflict with user-provided JVM args. A new patch version is building now.

jclausen

07/12/2023, 2:14 PM

Build is finishing now: https://github.com/Ortus-Solutions/docker-commandbox/actions/runs/5532088809

dougcain

07/12/2023, 2:25 PM

gotta luv a bit of automation ⚙️⚙️

dougcain

07/12/2023, 2:47 PM

seems like the builds have completed - how long does it generally take for forge box to notice (current publish date / time hasn’t changed from this morning)

bdw429s

07/12/2023, 2:59 PM

Jon didn't update the ForgeBox CF engines, just the docker images

dougcain

07/12/2023, 3:00 PM

ahh, that would be it - not thinking clearly!

dougcain

07/12/2023, 3:02 PM

3.7.8 here we come

dougcain

07/12/2023, 3:23 PM

can’t see the new JVM args showing up in either the commandbox console log or “ps -ef | grep java” - am I looking in the wrong place? Not sure where JAVA_TOOL_OPTIONS would be seen

dougcain

07/12/2023, 3:23 PM

will go with server.json for the moment until I get to grips with it more

bdw429s

07/12/2023, 3:25 PM

JAVA_TOOL_OPTIONS

That's just an environment variable

bdw429s

07/12/2023, 3:26 PM

Check

server.system.environment

from your CF code and see if it's there

bdw429s

07/12/2023, 3:26 PM

The JVM should also have some output saying it picked that up too on startup

dougcain

07/12/2023, 3:26 PM

I did look in the docker image ran “set” and didn;t see anything there

jclausen

07/12/2023, 3:56 PM

They show up the first time anything “java” executes - so they would be right at the beginning of the container output.

Open in Slack

Previous Next