portal entry

Just installed the hotfix 7 for CF 2016. We are currently unable to access the out sites over https. Anyone facing similar issues? Insight for the fix? All of out cipher suites are up to date.

Comment by Ryan McGuirk

Hi Ryan, Can you tell us on which platform did you install, was the update installation successful? Are you using connector? Can you elaborate what is the exact issue (We are currently unable to access the out sites over https.)?

Comment by Harikrishna-Adobe

Ryan, did you mean "out sites" or "our sites"? If the former, do you mean by way of cfhttp or CF scheduled tasks, perhaps? There would seem nothing about hotfix 7 that would seem related to that. Can you clarify what you were on before hotfix 7? Also, have you checked the update's log (the long-named one in the folder for the update under your CF hf-updates folder)? For more, see my blog post on this: https://www.carehart.org/blog/client/index.cfm/2016/9/6/solve_common_problems_with_CF_updates_in_10_and_above Also, are you sure you didn't do something else? It could be that since CF was restarted as a part of the update, perhaps some other change was made (in CF or its jvm config) that didn't take effect until the CF restart. In that case, the update itself may have nothing to do with the problem.

Comment by Charlie Arehart

Ryan?Do you have any thoughts on the suggestions/questions that Harikrishna and I had offered?

Comment by Charlie Arehart

Anyone else have an issue with CF 11 updates between 14 and 15?    I can see all 15 updates - but the normally expandable accordions where you usually see the update details - none of those will expand, so I can't update anything.

Comment by Jim Priest

Jim, I'd bet that's because of a configuration problem with CF. See if you or someone changed the "settings" page value for "default script src".  If so, the problem is that the built-in web server you're using for CF does not know about that change. You could change it back (to the default in CF2016 of cf_scripts), and then the update feature will work. It's leveraging one of those CF UI tags that creates the accordion. But then if someone had also changed your external web server (IIS or Apache) to use that differently named scriptsrc value, then your own code using such UI tags would fail until you changed back the CF admin. Obviously getting the built-in web server to use whatever value you have set for the scriptsrc would be best, but that's not easily communicated here. (I need to do a blog post on this mess, and understanding and resolving it.) Certainly if the box you're working on is not prod, just change the default scriptsrc value back to cf_scripts, run the update, and then set it back. Or you could download the update (google coldfusion 2016 updates to get the page that lists the updates), and download the jar you want, and then run the update from the command line rather than from the CF Admin. The Adobe docs talk about how to run the jar from the command line, or I have a blog post with details on that. Let us know if this gets you going. And Adobe, if you see this, please have CF better handle changes to the default scriptsrc by having it setup the built-in web server to know about it, for use by the CF Admin update feature.

Comment by Charlie Arehart

Hi Saurav Ghosh, For each of the successive releases ColdFusion 11 Update 15, ColdFusion (2016 release) Update 7 and ColdFusion (2018 release) Update 1, you write, “upgraded OpenSSL to 1.0.2p”. This is confusing, because the version number stays the same. Just to be clear, has there been an upgrade of OpenSSL, say, to 1.1.1?

Comment by BKBK