displaying top 100 results
Error connecting to Oracle servers using Oracle Advanced Security
Tracker Comment Comment on Error connecting to Oracle servers using Oracle Advanced Security by Vamseekrishna N.
Comment on Error connecting to Oracle servers using Oracle Advanced Security by Vamseekrishna N.
Tracker Comment Comment on Error connecting to Oracle servers using Oracle Advanced Security by CFwatson U.
Comment on Error connecting to Oracle servers using Oracle Advanced Security by CFwatson U.
Tracker Comment Comment on Error connecting to Oracle servers using Oracle Advanced Security by External U.
Comment on Error connecting to Oracle servers using Oracle Advanced Security by External U.
Tracker Comment Comment on Error connecting to Oracle servers using Oracle Advanced Security by External U.
Comment on Error connecting to Oracle servers using Oracle Advanced Security by External U.
Connection String for ColdFusion (using Oracle advanced Security)
2597091 CF-3122082 Adobe D. This error occurred when Oracle databases configured to 'require' Oracle Advanced Security .
Can you check is Oracle Advanced Security is enabled.
There is a similar issue logged for the same.
(Comment added from ex-user id:gtiwari)
Tracker Comment Comment on Macromedia Oracle JDBC Driver fails to connect to Oracle 11g R2 when database encryption is required by Nimit S.
2597024 CF-3187440 Nimit S. This issue is fixed with ColdFusion 11 database drivers and we are supporting Oracle Advanced Security.
Tracker Issue Support for Oracle 19c
7010227 CF-4207763 Database : Oracle Support for Oracle 19c We need to use oracle 19c to comply with our system security plan. Please certify support for Oracle 19c.
Tracker Issue When will CF 9/10 support Oracle 12c?
When will CF 9/10 support Oracle 12c?
Tracker Comment Comment on CFDBINFO type="columns" claims table does not exist in an Oracle 11g db if table name has an underscore in it by Nimit S.
Comment on CFDBINFO type="columns" claims table does not exist in an Oracle 11g db if table name has an underscore in it by Nimit S.
Tracker Issue Calling Oracle Package: [Macromedia][Oracle JDBC Driver]User defined type not found: SYS.DBMS_UTILITY
Packages are identical on all systems.
Steps to Reproduce:
Method 1
[Macromedia][Oracle JDBC Driver]User defined type not found: SYS.DBMS_UTILITY
The error occurred in PAGE.cfm: line 4
2 :
3 :
4 :
5 :
6 :
1) Browser Back -> Submit (again) -> Works
2) Data Sources :: Advanced Settings
Tracker Comment Comment on Unable to initialise Security service, Client Storage service, and WatchService service by ANDREW L.
Comment on Unable to initialise Security service, Client Storage service, and WatchService service by ANDREW L.
to update Java with security fixes and such, will we have to wait for Adobe to provide a Java download for us to use with ColdFusion or can we continue to get the latest Java updates directly from Oracle's website and still be covered to use it?
Tracker Issue WAR / EAR deployment - unable to initialise Security service: java.lang.NullPointerException
WAR / EAR deployment - unable to initialise Security service: java.lang.NullPointerException
Portal Comment Comment on Oracle’s Java policy change by Peter Freitag
Peter Freitag FYI Oracle has released Java Security patches... So Java 10 is now EOL and presumably vulnerable to security issues. This is really the worst for CF2018 customers because it ships with Java 10 and there is no security update for Java 10.
We have heard that there is a CF update
2609620 CF-3819753 External U. I'm having the same issue. I've upgraded to Yosemite and CF11 throws a 500 error. I've tried reinstalling CF, removing and reestablishing web connections, Java 1.6, 1.7 (from both Oracle and Apple) and still get a 500 error. I've attached my log files.
Thanks
Tracker Issue Bug 86494:We had severe problems with sessions after applying the Security HotFix APSB11-04
.Further details that may or may not be relevant:* We use IIS7 with URLRewriting so that framework URLs (Fusebox and FW/1) e.g. "/index.cfm?querystring" may be requested as "/directory/sub-directory/"* We use the latest secure JVM from Sun/Oracle: currently JDK1.6 Update 24* We set our session cookies (to expire
Portal Comment Comment on Oracle’s Java policy change by Gary Fenton
Gary Fenton Thanks Bradley. If Oracle are no longer supporting Java 8 then they won't be issuing new security patches for it, right? That means there will be unpatched issues with CF2016 going forwards while it's still officially supported by Adobe. I hope Adobe have a plan. Perhaps they can issue
Portal Comment Comment on Oracle’s Java policy change by Peter Freitag
Peter Freitag Gary - Oracle is probably selling extended support for Java 8, so they will probably continue to provide security updates to Java 8 customers that purchase Oracle Java Extended Support. They have done that for Java 7 and 6 when they ended core support.
Tracker Comment Comment on generatePBKDFKey- PBKDF2WithSHA256 algorithm is not supported by the Security Provider you have chosen. by Chris H.
Comment on generatePBKDFKey- PBKDF2WithSHA256 algorithm is not supported by the Security Provider you have chosen. by Chris H.
Comment on [Macromedia][Oracle JDBC Driver][Oracle]ORA-06502: PL/SQL by External U.
Portal Comment Comment on Oracle’s Java policy change by Gary Fenton
Comment on Oracle’s Java policy change by Gary Fenton
Portal Comment Comment on ColdFusion (2018 release) Update 5 and ColdFusion (2016 release) Update 12 released by TigheLory
TigheLory Will Update 12 update the JDK to resolve the security issues or do I need to download it from Oracle and install separately to patch the vulnerability?
Fusion. Discussion,Lockdown,Security,2018,discussion,licensing,lockdown,Oracle,security
Portal Comment Comment on Oracle’s Java policy change by Bradley Wood
2019.
So, what is the risk to you on Jan 1st 2019? The risk is if a giant, horrible, no good security vuln comes out on Jan 2nd 2019, you would be unable to get the patch for free AND remain on an Adobe-supported version of Oracle JDK. Your
Comment on cfquery sandbox security issue after CF2016 update 4 by Chris D.
Tracker Issue Query of Queries targets wrong type4 jdbc driver
other type4 jdbc driver get 'hijacked by the sparql jdbc driver, resulting in an error.
Steps to Reproduce: Create at least one datasource of type other with the org.lexicon.jdbc4sparql.SPARQLDriver driver. Create at least one datasource of another type, in my case oracle.jdbc.driver.Oracle
Portal Comment Comment on ColdFusion (2018 release) Update 5 and ColdFusion (2016 release) Update 12 released by TigheLory
TigheLory It is unclear if I need to download Java 12 and install it on the server to mitigate Security bulletin security/products/coldfusion/apsb19-47.html" rel="nofollow">APSB19-47. If so does Coldfusion now include licensing for Java SE JDK 12? According
into the code of the js files (cfwebsocketCore.js...) shows ws://mydomain even when running under https instead of wss://mydomain. We accept only https://... for our solutions. Firefox throws securityContect error, Safari and Chrome do nothing... running SSL with websockets from CF 10.
2
to not install the connector. Only an advanced admin would know it was open. I believe the port is only bound to 127.0.0.1 but it could be a security issue as well. Customer might want to reverse proxy to 127.0.0.1:8500 and not use the 8014 AJP port as an example.
- If someone is doing war deploys or doing
Tracker Issue Enabling Roles attribute for CFCOMPONENT
2673584 CF-4126377 Security Sathish Kumar Enabling Roles attribute for CFCOMPONENT Duplicate ID: CF-4126370
Hi Guys,
The roles attribute for coldfusion functions is good at security application functionalities from unauthorised users. It would be great if we can possibly extend this feature
Tracker Issue Enabling Roles attribute for CFCOMPONENT
2673587 CF-4126372 Security Sathish Kumar Enabling Roles attribute for CFCOMPONENT Duplicate ID: CF-4126370
Hi Guys,
The roles attribute for coldfusion functions is good at security application functionalities from unauthorised users. It would be great if we can possibly extend this feature
Tracker Issue Enabling Roles attribute for CFCOMPONENT
2673588 CF-4126370 Security Sathish Kumar Enabling Roles attribute for CFCOMPONENT Hi Guys,
The roles attribute for coldfusion functions is good at security application functionalities from unauthorised users. It would be great if we can possibly extend this feature to the CFCOMPONENT tag as well
Adobe should consider following the Java model for handling CF security fixes
Tracker Issue cfcontent returning only first eight bytes
Config: From the info window in the CFIDE, edited for security:
System Information
Server Details
Server Product ColdFusion
Version 11,0,05,293506
Tomcat Version 7.0.54.0
Edition Enterprise
Operating System Windows Server 2008
OS Version 6.0
Update Level chf11000005.jar
Adobe
Tracker Issue cfcontent returning only first eight bytes
Config: From the info window in the CFIDE, edited for security:
System Information
Server Details
Server Product ColdFusion
Version 11,0,05,293506
Tomcat Version 7.0.54.0
Edition Enterprise
Operating System Windows Server 2008
OS Version 6.0
Update Level chf11000005.jar
Adobe
Tracker Issue cfcontent returning only first eight bytes
Config: From the info window in the CFIDE, edited for security:
System Information
Server Details
Server Product ColdFusion
Version 11,0,05,293506
Tomcat Version 7.0.54.0
Edition Enterprise
Operating System Windows Server 2008
OS Version 6.0
Update Level chf11000005.jar
Adobe
Tracker Issue cfcontent returning only first eight bytes
Config: From the info window in the CFIDE, edited for security:
System Information
Server Details
Server Product ColdFusion
Version 11,0,05,293506
Tomcat Version 7.0.54.0
Edition Enterprise
Operating System Windows Server 2008
OS Version 6.0
Update Level chf11000005.jar
Adobe
Tracker Issue cfcontent returning only first eight bytes
Config: From the info window in the CFIDE, edited for security:
System Information
Server Details
Server Product ColdFusion
Version 11,0,05,293506
Tomcat Version 7.0.54.0
Edition Enterprise
Operating System Windows Server 2008
OS Version 6.0
Update Level chf11000005.jar
Adobe
Tracker Issue cfcontent returning only first eight bytes
Config: From the info window in the CFIDE, edited for security:
System Information
Server Details
Server Product ColdFusion
Version 11,0,05,293506
Tomcat Version 7.0.54.0
Edition Enterprise
Operating System Windows Server 2008
OS Version 6.0
Update Level chf11000005.jar
Adobe
Tracker Issue cfcontent returning only first eight bytes
Config: From the info window in the CFIDE, edited for security:
System Information
Server Details
Server Product ColdFusion
Version 11,0,05,293506
Tomcat Version 7.0.54.0
Edition Enterprise
Operating System Windows Server 2008
OS Version 6.0
Update Level chf11000005.jar
Adobe
Tracker Issue cfcontent returning only first eight bytes
the info window in the CFIDE, edited for security:
System Information
Server Details
Server Product ColdFusion
Version 11,0,05,293506
Tomcat Version 7.0.54.0
Edition Enterprise
Operating System Windows Server 2008
OS Version 6.0
Update Level chf11000005.jar
Adobe Driver Version
Tracker Issue cfcontent returning eight bytes of gibberish
Customer Email:
External Test Config: From the info window in the CFIDE, edited for security:
System Information
Server Details
Server Product ColdFusion
Version 11,0,05,293506
Tomcat Version 7.0.54.0
Edition Enterprise
Operating System Windows Server 2008
OS Version 6.0
Update
Tracker Issue cfcontent returning one byte of gibberish
-----------------------------
Watson Bug ID: 3975336
External Customer Info:
External Company:
External Customer Name: colin
External Customer Email:
External Test Config: From the info window in the CFIDE, edited for security:
System Information
Server Details
Server Product ColdFusion
Version 11,0,05,293506
Tomcat
Tracker Issue cfcontent returning one byte of gibberish
-----------------------------
Watson Bug ID: 3975335
External Customer Info:
External Company:
External Customer Name: colin
External Customer Email:
External Test Config: From the info window in the CFIDE, edited for security:
System Information
Server Details
Server Product ColdFusion
Version 11,0,05,293506
Tomcat
Tracker Issue cfcontent returning one byte of gibberish
-----------------------------
Watson Bug ID: 3975334
External Customer Info:
External Company:
External Customer Name: colin
External Customer Email:
External Test Config: From the info window in the CFIDE, edited for security:
System Information
Server Details
Server Product ColdFusion
Version 11,0,05,293506
Tomcat
Tracker Issue cfcontent returning one byte of gibberish
-----------------------------
Watson Bug ID: 3975327
External Customer Info:
External Company:
External Customer Name: colin
External Customer Email:
External Test Config: From the info window in the CFIDE, edited for security:
System Information
Server Details
Server Product ColdFusion
Version 11,0,05,293506
Tomcat
Tracker Issue cfcontent returning one byte of gibberish
-----------------------------
Watson Bug ID: 3975320
External Customer Info:
External Company:
External Customer Name: colin
External Customer Email:
External Test Config: From the info window in the CFIDE, edited for security:
System Information
Server Details
Server Product ColdFusion
Version 11,0,05,293506
Tomcat
Tracker Issue cfcontent returning one byte of gibberish
-----------------------------
Watson Bug ID: 3975316
External Customer Info:
External Company:
External Customer Name: colin
External Customer Email:
External Test Config: From the info window in the CFIDE, edited for security:
System Information
Server Details
Server Product ColdFusion
Version 11,0,05,293506
Tomcat
Tracker Issue cfcontent returning one byte of gibberish
-----------------------------
Watson Bug ID: 3975313
External Customer Info:
External Company:
External Customer Name: colin
External Customer Email:
External Test Config: From the info window in the CFIDE, edited for security:
System Information
Server Details
Server Product ColdFusion
Version 11,0,05,293506
Tomcat
Tracker Issue cfcontent returning one byte of gibberish
-----------------------------
Watson Bug ID: 3975312
External Customer Info:
External Company:
External Customer Name: colin
External Customer Email:
External Test Config: From the info window in the CFIDE, edited for security:
System Information
Server Details
Server Product ColdFusion
Version 11,0,05,293506
Tomcat
Tracker Issue cfcontent returning one byte of gibberish
-----------------------------
Watson Bug ID: 3975311
External Customer Info:
External Company:
External Customer Name: colin
External Customer Email:
External Test Config: From the info window in the CFIDE, edited for security:
System Information
Server Details
Server Product ColdFusion
Version 11,0,05,293506
Tomcat
Tracker Issue The product of listLast(x) and listFirst(x) changes in the context of cfquery and outside the context of cfquery
'BM'
Inside cfquery:
''I''BM''
''I''BM''
Expected Result:
Outside cfquery:
'I'BM'
'I'BM'
Inside cfquery:
'I'BM'
'I'BM'
Any Workarounds:
Don't use listLast() and listFirst().
Stephen Johnson
Adobe Advanced ColdFusion Certified Developer (ADB184437)
Mentor Graphics Inc
Portal Comment Comment on ColdFusion (2018 release) Update 5 and ColdFusion (2016 release) Update 12 released by Vamsee
Vamsee The version of Java that is bundled with the CF2018 installation should suffice for the security fixes to take effect. BTW, we always certify with Oracle Java.
The latest Java installers can always be picked from the below location in case you want to move to a later version:
Tracker Comment Comment on New settings which is added in ColdFusion 11 are not coming in the Settings summary. by Rupesh K.
2609992 CF-3738801 Rupesh K. From Uday's mail :
I browsed few pages and have already found tons of settings which are not there in settings summary :
Here are few examples :
1. cfwebsocket - full feature
2. remote inspection - full feature
3. Scheduler - all advanced features added in cf10
Tracker Issue Try to update DSN but got an error
2596840 CF-3587181 Administrator Jerome Lepage Try to update DSN but got an error Problem Description:
From a fresh new install on a CF9.0.2 with cumulativ hotfix 1 and Security hotfix APSB13-13;
I create a Oracle DSN with a wrong password (bad typing).
Then I try to correct it, but I got an error
on the folder go to the security tab and then Advanced - I would click Disable Inheritance (to create a new root of inheritance for the parent folder, I want everything under it to actually inherit from this) and then check the checkbox that says "Replace all child object permission entries with inheritable
Portal Comment Comment on ColdFusion (2018 release) Update 5 and ColdFusion (2016 release) Update 12 released by Charlie Arehart
Charlie Arehart I realize you will want to hear from Adobe, but until then let me offer these thoughts if they may be helpful to anyone.
First, as for your question about Java and that APSB, I suspect your referring to this: "The security updates referenced in the above Tech Notes require JDK 8u
Tracker Issue [Sandbox]:DB related exception on a sandbox setup
3946579 CF-4201015 Security [Sandbox]:DB related exception on a sandbox setup Problem:
DB related exception on a sandbox setup
Method:
We see the following exceptions on running any query in a sandboxed environment for the following DBs:
1.Oracle:
access denied ("java.io.FilePermission" "C
2609716 CF-3795112 External U. FYI There were changes made to java default socket permissions in Java 1.7u51, listed here: http://www.oracle.com/technetwork/java/javase/7u51-relnotes-2085002.html
The default socket permissions assigned to all code including untrusted code have been changed
Tracker Issue Relative to CF8, CF9.01 consumes heap space at an alarming rate leading to performance degradation and Out of Memory errors.
to false. Both of these things can lead to memory leaks. In sandboxing the problem, I’ve taken two identical VMs, one running CF8 and the other CF9.01 Hotfix 2. In both cases, I’ve switched out the JVM with Oracle JRockit so that I can get real time visibility into JVM memory usage via JRockit Mission
Benjamin Reid SOLVED - use the "Server JRE" instead of the JRE or JDK to update the ColdFusion JVM.
It is important from a security perspective to keep the ColdFusion JVM up-to-date. However, I had traditionally been downloading, installing and using the Java SE Runtime Environment JRE installer
Tracker Issue CFML and GCM/CCM cipher block mode transformations
2672797 CF-4168837 Security Denard Springle CFML and GCM/CCM cipher block mode transformations Problem Description:
GCM cipher block mode (in v7/v8 of Java) nor CCM cipher block mode (v8 of Java) seem to be implemented (or instructions on it's use are not well defined). Since most other chain
Tracker Issue CGI server_port not correct
that you see a dump of the CGI scope, with server_port = 81
STEP 6 - Verify that you can NOT access the site with the following URL: http:///index.cfm (note that the port has been removed)
STEP 7 - Download the NetworkActiv advanced port forwarding application from the following site: http
dab04d85220f04cbca474e
Content-Type: message/rfc822; charset=UTF-8
Content-Disposition: attachment
Content-Transfer-Encoding: base64
X-Attachment-Id: 777fe6a5abfcc3e5_0.2
This issue is discussed here as well:
http://www.oracle.com/technetwork/java/javamail/faq/index.html#imapserverbug
http