displaying top 100 results
Comment on Link to lockdown guide in installer returns a 404 by Piyush K.
Portal Topic ColdFusion 2018 Lockdown Guide
ColdFusion 2018 Lockdown Guide
Portal Comment Comment on ColdFusion 2018 Lockdown Guide by David Byers
Comment on ColdFusion 2018 Lockdown Guide by David Byers
Tracker Issue Linux Installer points to cf11 lockdown guide
Linux Installer points to cf11 lockdown guide
Portal Comment Comment on ColdFusion 2018 Lockdown Guide by Tony Cap_408
Comment on ColdFusion 2018 Lockdown Guide by Tony Cap_408
Comment on [ANeff] Bug for: CF2018 Lockdown Guide URLs by Vamseekrishna N.
Tracker Issue Link to lockdown guide in installer returns a 404
Link to lockdown guide in installer returns a 404
Tracker Issue In the lockdown guide environment, after uninstalling the CF11 HF7 a manual restart of server is required.
In the lockdown guide environment, after uninstalling the CF11 HF7 a manual restart of server is required.
Tracker Issue [ANeff] Bug for: CF2018 Lockdown Guide URLs
[ANeff] Bug for: CF2018 Lockdown Guide URLs
Tracker Issue [ANeff] Bug for: CF2018 Lockdown Guide URLs
[ANeff] Bug for: CF2018 Lockdown Guide URLs
Tracker Issue [ANeff] Bug for: CF2018 Lockdown Guide URLs
[ANeff] Bug for: CF2018 Lockdown Guide URLs
Tracker Comment Comment on CF2016 sandobx bug? by S P.
2672512 CF-4193907 S P. Hi Jim,
Does this happen to you on CF10/11 lockdown guide setup as well?
Thanks!
2609893 CF-3750729 External U. @Adam, yeah, lol Adobe, just remove the /CFIDE mapping (per lockdown guide) and try running hmm
Comment on [ANeff] Bug for: CF2018 Lockdown Guide URLs by Aaron N.
Portal Comment Comment on ColdFusion 2018 Lockdown Guide by mattInVail
Comment on ColdFusion 2018 Lockdown Guide by mattInVail
Tracker Comment Comment on [ANeff] Bug for: imageWrite applies temp directory permissions in some cases by External U.
2672729 CF-4175138 External U. Hi Preethi!,
Very sorry for the delay. I -think- the issue only arises if Lockdown Guide is applied. In the description, I said it did not matter if Lockdown Guide was applied or not. But, I think I was wrong there. I'll test today and follow-up.
Thanks!,
-Aaorn
Comment on Link to lockdown guide in installer returns a 404 by Piyush K.
Tracker Comment Comment on Coldfusion 11 Update 2 impossible due to error in Coldfusion Administrator by Adobe D.
2609506 CF-3840648 Adobe D. Have you applied any of the steps in the lockdown guide (link given below) before getting update 2 ?
http://www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/cf11/cf11-lockdown-guide.pdf
(Comment added from ex-user id:amkum)
2612264 CF-3533394 External U. according to CF10 lockdown guide, pls add request filtering to block access to /CFIDE
http://www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/cf10/cf10-lockdown-guide.pdf
2673089 CF-4152217 External U. ALSO occurs in CF11 update 8 but NOT in CF10 update 19 (both setup using the lockdown guide as well)
Comment on Linux Installer points to cf11 lockdown guide by CFwatson U.
Tracker Comment Comment on In the lockdown guide environment, after uninstalling the CF11 HF7 a manual restart of server is required. by Awdhesh K.
Comment on In the lockdown guide environment, after uninstalling the CF11 HF7 a manual restart of server is required. by Awdhesh K.
Tracker Comment Comment on Block Download and Install / Install Buttons in Server Update Page on Windows by External U.
2612023 CF-3564422 External U. The updater regularly throws errors about insufficient permissions when running through the CF Administrator. I've seen this on my Windows 2008R2 (64-bit) server on which the Lockdown Guide has been run. I've also had this happen on both of my Windwos 7 64-bit
Tracker Comment Comment on Automatic updates improvements by External U.
2612134 CF-3554978 External U. +1
This recently bit me - when following the Lockdown guide.
Though I think the documentation in the lockdown guide could be altered slightly, too.
Simply, have the DENY rule for / CFIDE/scripts removed prior to the update process - then re-enable it after
Tracker Comment Comment on Can't Add Datasource by External U.
2611127 CF-3639079 External U. I've seen this happen before. I think it was related to IIS restrictions that may get applied when following the ColdFusion Lockdown Guide. I'm going on memory here from something I saw last year. It's worth a check.
Tracker Comment Comment on Automatic updates improvements by External U.
2612134 CF-3554978 External U. This is quite important as the official CF 10 lockdown guide tells you to put request DENY on the CFIDE/scripts directory, which is required to get updates via the automatic updater. If you follow that advice (and you should), updates won't succeed and you'll be left
Comment on [ANeff] Bug for: CF2018 Lockdown Guide URLs by Aaron N.
Comment on [ANeff] Bug for: CF2018 Lockdown Guide URLs by Aaron N.
Comment on [ANeff] Bug for: CF2018 Lockdown Guide URLs by Aaron N.
Tracker Issue [Lockdown] CF Scripts URI Should be Random
4480653 CF-4202953 Security : LockdownGuide [Lockdown] CF Scripts URI Should be Random Problem Description: The lockdown installer remaps the /cf_scripts URI to /cfscripts_2018 - there is no benefit in changing it from one known default to another known default - if it is going to change it
Tracker Issue Installer rolls back if wsconfig is left open
4476634 CF-4202932 Security : LockdownGuide Installer rolls back if wsconfig is left open Problem Description: If you accidentally leave wsconfig running while running the lockdown installer it fails half way through and has to roll back its changes. Ideally it could be checked at installer
Tracker Issue "Download and Install" fails when installing on Update 1
quick hit on the update log revealed permission issues.
Steps to Reproduce:
Install CF2016 and follow the Lockdown guide completely (especially the part about the CFUser)
Actual Result:
The hotfix wasn't applied. Looks like it can't access/delete certain files.
Expected Result:
Hotfix
Tracker Issue [ANeff] Bug for: cfmap requires /CFIDE
2609851 CF-3757675 AJAX : UI Components Aaron Neff [ANeff] Bug for: cfmap requires /CFIDE CF hardcodes /CFIDE in script src path to mapiconmaker.js. This breaks some map functionality when implementing the Lockdown Guide.
Steps to Reproduce:
(this example shows that zoom-to-show-user becomes
Tracker Comment Comment on CF11 update 8 doesn't install properly by External U.
Coldfusion services with dedicated user and not with "Local system" as adviced by "cf11-lockdown-guide"
Regards
Pierre
Tracker Comment Comment on Isolate the /CFIDE/scripts directory from the rest of /CFIDE by External U.
new server is move and lockdown CFIDE and the scripts folder. It's even part of the Lockdown Guide so why not just fix this?
and correct it.
Are there any plans for a CF 2018 lockdown guide? It's a little weird using the one from 2016.
Portal Comment Comment on How to enable SSL for ColdFusion Administrator running on internal ColdFusion port. by Charlie Arehart
Charlie Arehart I agree that the post leaves out a lot of detail, but I can point out for you that since it was written (in 2017), the CF2018 Lockdown Guide came out and that DOES have a section showing how to enable SSL/TLS for the CF Admin (built-in web server).
The guide is here:
.
FWIW, if I need to lockdown a CF server, I use the CF2016 lockdown guide. (The 2018 version of the guide is written to presume you are using the auto lockdown tool. It has some new info, but it also lacks details that are presumed to be handled by the tool, but which ARE covered in the 2016 guide).
Portal Topic Server Auto-Lockdown
kailash bihani Server Auto-Lockdown Introduction With the 2018 release of ColdFusion, we have introduced the support for Server Auto-Lockdown. Before going into the details, let’s understand what is Server Auto-Lockdown. What is Server Auto-Lockdown? Server Auto-Lockdown is based on the Lockdown
Portal Topic How to install ColdFusion updates manually
RAHUL UPADHYAY How to install ColdFusion updates manually Sometimes, CF administrator UI update installation could fail due to permissions, lockdown guide, network restrictions etc. You can follow below instructions to apply updates manually. Navigate to https
Benjamin Reid I am not saying anyone running cf2018 would encounter this issue.I am experiencing it though.I really just wanted some help to figure out my issue.I have applied a lockdown, in accordance with the official 2018 lockdown guide from Pete Freitag, although I am not expecting
Portal Comment Comment on ColdFusion (2018 release) Update 5 and ColdFusion (2016 release) Update 12 released by bihani
bihani Hi Rebecca,
From ColdFusion 2016 onwards, we don't recommend accessing the ColdFusion Administrator using the webserver. The same is specified in the Lockdown Guide too
Are you facing the issue only while accessing a particular page of the Administrator, or is it happening randomly
Portal Comment Comment on ColdFusion (2018 release) Update 5 and ColdFusion (2016 release) Update 12 released by bihani
bihani Hi Rebecca,
From ColdFusion 2016 onwards, we don't recommend using the ColdFusion Administrator via the webserver. The same is specified in the Lockdown Guide too.
Are you facing the error when you try to access a particular page of ColdFusion Administrator? Or is it happening for all
Tracker Issue Default user in Windows
2612295 CF-3529336 Installation/Config David Epler Default user in Windows The installer for Windows should allow for specifying the user that ColdFusion should run as and not rely on the administrator to come back and change it by following the lockdown guide. The Linux and Solaris installers have
Tracker Comment Comment on ColdFusion 11 Updates do NOT install when ColdFusion is running as local user account by External U.
2608127 CF-4185383 External U. I'm running ColdFusion 11 Standard 64-bit on Windows 2012R2 server. I have the Lockdown Guide applied, but am using a Windows Active Directory domain account for the ColdFusion service.
I have consistently had this problem on not only this server (and with each
Tracker Comment Comment on ColdFusion 11 Updates do NOT install when ColdFusion is running as local user account by S P.
2608127 CF-4185383 S P. Hi,
http://blogs.coldfusion.com/post.cfm/not-able-to-apply-hotfix-from-coldfusion-10-administrator-on-windows-with-lockdown-guide-imposed-on-server-how-to-set-it-up-to-make-it-work
Please go to the above mentioned link, which gives detailed steps for giving permissions
2673089 CF-4152217 External U. Hello Preethi,
Yes both services are marked "Log On As" using a custom username like "./MyCFUserName". Those two services are
- ColdFusion 2016 Application Server
- ColdFusion 2016 Add-on Services
I should note that I followed every single step of the lockdown
might have to follow the instructions as per the blog article below, which is about giving permission to the non-admin user to run the services as that user:
http://blogs.coldfusion.com/post.cfm/not-able-to-apply-hotfix-from-coldfusion-10-administrator-on-windows-with-lockdown-guide
Tracker Comment Comment on cf_scripts/scripts Virtual Directory Breaks Administrator by Dattanand M.
4869295 CF-4203348 Dattanand M. @Ruby please refer to the latest down guide.
link - [http://wwwimages.adobe.com/content/dam/acom/en/products/coldfusion/pdfs/coldfusion-2016-lockdown-guide.pdf]
Page# 52 under "To Create a new Alias for /cf_script/scripts in the built in web server".
Since Cold
Portal Comment Comment on ColdFusion (2018 release) Update 5 and ColdFusion (2016 release) Update 12 released by Rebecca P
the recommended configuration in the Lockdown Guide for 2016 (although it is still covered there as an option). I got started with CF9 when it was recommended by the Lockdown Guide for Windows installations, and still prefer to use IIS as we can leverage Windows authentication to control access to the CF Admin
Tracker Issue CF2016 sandobx bug?
2672512 CF-4193907 Security Jim Frankowski CF2016 sandobx bug? Problem Description: working thru 2016 lockdown guide. Sent to work with sandbox security. Allowed some tags/functions/ others disallowed; folder with cfm files has read/execute permissions restart coldfusion, IIS-public mapped site
many applications are being built, or will be built, with the "Type 2" model during the timeframe that CF11 is supported'. Reason I say that is: CF11 is a supported version and one of its flagship features has a very broken feature here (if Adobe is recommending the Lockdown Guide). I don't think
Tracker Comment Comment on Block Download and Install / Install Buttons in Server Update Page on Windows by External U.
structure on my development computers and per the Lockdown Guide on my Windows production server).
The only way I've been able to get the updates to install properly from the CF Administrator is as follows:
1. Change the ColdFusion service account to run as the local Administrator account.
2. Stop
for this seems to have first started. In the old lockdown guides for CF10 and CF 11, the reference for editing server.xml was limited to Linux installations (apparently CF Admin took care of this under the hood in Windows in that case).
As it is I'm heavily inclined to leave my workaround in place
Tracker Comment Comment on Sporadic StackOverflowError involving coldfusion.security.BasicPolicy since CF2016HF12 by Chris D.
6439313 CF-4205821 Chris D. We can't reproduce it on demand either. These stack overflow errors started after applying Update 12 in October and has gotten much worse in the last six weeks since installing Update 13.
Our CF2016 Update 13 servers are locked down per the CF lockdown guide. Windows
Portal Comment Comment on ColdFusion 2018 / Web Services / Java 10 / JDK tools.jar by Charlie Arehart
as to the urgency/importance/value.)
As for you saying you applied lockdown, well, do you mean that you ran the CF2018 autolockdown tool (which the 2018 version of the lockdown guide now has you do)? If so, that may well be the cause of your issue (and why others may not be seeing it). That lockdown tool does
\hf-updates\updates.xml. This file is nothing more than an XML file that contains a list of applied updates.
Adobe issues a Lockdown Guide that HIGHLY recommends that ColdFusion be run under a local user account with limited permissions. This prevents ColdFusion Updates from being installed even when the above file or even
Tracker Issue Database driver memory leak
-database-drivers-leaking-memory
Steps to Reproduce: Install ColdFusion 10 or 11 x64 on Microsoft Windows 2008 R2 x64. Follow ColdFusion-lockdown guides. Setup multiple websites and multiple datasources, all on Microsoft SQL Server. Let websites run over time with 4096MB heap size.
Actual Result: Over time, java
Tracker Issue Server Update Area and ScriptSrc Mapping
in the lockdown guide)
2. Access CF Administrator via tomcat, eg http://localhost:8080/CFIDE/administrator/
3. Attempt to download an update
Actual Result:
Update area display is not styled correctly. Pressing "Download update" results in nothing happening
Expected Result:
Update should commence download
issues and the web application doesn't experience any issues. But the mod_jk.log is flooded with this entry.
It would be great, if someone could assist on this please. We didn't face this issue before.
But the issue was solved by granting 660 as opposed to 540, recommended in CF2018 lockdown guide
Portal Comment Comment on ColdFusion (2018 release) Update 8 and ColdFusion (2016 release) Update 14 released by Charlie Arehart
technotes, it CAN'T be referring to the "auto lockdown tool", as that's only in CF2018. And therefore it must mean people who have "locked down a server themselves", perhaps implying "if you have followed all the steps in the lockdown guide".
But second, not everyone DOES follow ALL the steps
Enterprise Final, CF2016 Enterprise Update 1 and CF2016 Enterprise Update 2 with and without Lockdown Guide steps applied.
Unable to reproduce the issue on Windows 10. Tried on two Windows 10 machines w/ CF2016 Developer Edition Update 1 and Update 2 and always got expected results.
index
to the lockdown guide:
Download and Install Windows tool named SubInACL.exe from
http://www.microsoft.com/en-us/download/confirmation.aspx?id=23510
Then, run the following to give stop/start permissions to the new secure user:
"C:\Program Files (x86)\Windows Resource Kits\Tools\subinacl.exe" /service "\\\Cold
Vincent Krist I am unable to install Update 8 on our CF 2016 server. The server is running CF 2016 Update 7 on Windows Server 2008 R2. Coldfusion 2016 was originally installed using Pete Freitag's lockdown guide and we have never had any problems installing the previous updates. The Coldfusion
Tracker Comment Comment on [ANeff] Bug for: imageWrite applies temp directory permissions in some cases by Aaron N.
}\cfusion\tmpCache\CFFileServlet\_cf_image (instead of from destination directory).
Repro case (get exiftool.exe from http://www.sno.phy.queensu.ca/~phil/exiftool/):
1) On Windows, apply Lockdown Guide and have CF and IIS run as dedicated users.
2) Create a folder and give IIS Application Pool and Anonymous Authentication accounts read
Comment on Linux Installer points to cf11 lockdown guide by CFwatson U.