displaying top 100 results
Portal Topic Updating due to security bulletin
ronboy30 Updating due to security bulletin Updating due to security bulletin
The post Updating due to security bulletin appeared first on ColdFusion. Blog,ColdFusion,Question,Updates,11,question,updates
Tracker Issue cfquery sandbox security issue after CF2016 update 4
3185843 CF-4198855 Database Cody W cfquery sandbox security issue after CF2016 update 4 Problem Description:
After applying update 4 to ColdFusion 2016, cfquery requests result in the following.
Access denied ("java.io.FilePermission" "C:\ColdFusion2016\cfusion
Tracker Issue cfhtmltopdf with sandbox security throwing "coldfusion.document.webkit.PDFgRequestUtil"
cfhtmltopdf with sandbox security throwing "coldfusion.document.webkit.PDFgRequestUtil"
Portal Topic ColdFusion (2018 release) Update 1, ColdFusion (2016 release) Update 7, and ColdFusion 11 Update 15 Released
SauravGhosh ColdFusion (2018 release) Update 1, ColdFusion (2016 release) Update 7, and ColdFusion 11 Update 15 Released We are pleased to announce the updates for ColdFusion (2018 release), ColdFusion (2016 release), and ColdFusion 11. These updates address a few security issues, which
ColdFusion Security updates for ColdFusion 2016 and ColdFusion 11
Comment on coldfusion 10 update 14. failed to load pdf document by External U.
Comment on cfquery sandbox security issue after CF2016 update 4 by S P.
2672804 CF-4166822 Security Analyzer Shigeyoshi Muraoka (Update 2) security analyzer does not detect xss and csrf (Japanese Ver.) Problem Description:
After applying ColdFusion Builder update 2, security analyzer does not detect xss and csrf.
The issue occurs only if security analyzer connects
few security bugs and some other bugs, which are mentioned in the tech notes. For more information, see the tech notes below: ColdFusion (2018 release) Update 10 ColdFusion (2016 release) Update 16 These updates fix security vulnerabilities that are mentioned in the security bulletin, APSB20
Comment on ColdFusion 11 - Editing an existing Sandbox box security location does not update the path in the list under Security> Sandbox Security by S V.
ColdFusion 11 - Editing an existing Sandbox box security location does not update the path in the list under Security> Sandbox Security
Portal Comment Comment on coldfusion 10 on Mountain Lion by Charlie Arehart
="nofollow">https://www.carehart.org/blog/client/index.cfm/2014/10/30/finding_coldfusion_installers_and_updates
As for "should you", well, beware that CF10 stopped being updated in 2017. There have been several updates since then (to CF11, CF2016, and CF2018), some of which are very important security updates. Those have NOT been backported to CF10. (And
fixing the security vulnerabilities, we’ve also added SameSite cookie support for cfcookie. For more information, see the tech notes below: ColdFusion (2018 release) Update 9 ColdFusion (2016 release) Update 15 These updates fix security vulnerabilities that are mentioned in the security bulletin
Portal Topic More info on the CF Security Update included in the March 1 CF updates for CF11, 2016, and 2018
for CF11, 2016, and 2018 appeared first on ColdFusion. Blog,Security Update,Updates,blog,ColdFusion,security update,updates
Tracker Issue Can't resize/adjust security repor
2682266 CFB-4130101 Security Code Analyzer Raymond Camden Can't resize/adjust security repor Duplicate ID: 3982669 ColdFusion Builder
The Security Report panel should be resizeable internally. Specifically the left panel which is large and takes a lot of space. Screen shot:
https
to the tech notes for each update: ColdFusion (2018 release) Update 8 ColdFusion (2016 release) Update 14 These updates fix security vulnerabilities that are mentioned in the security bulletin, APSB20-16. The Docker images for these updates are also available. Please update your ColdFusion versions today
Portal Topic ColdFusion (2018 release) Update 7 released
SauravGhosh ColdFusion (2018 release) Update 7 released We are pleased to announce that we have released Update 7 of the 2018 release of ColdFusion. ColdFusion (2018 release) Update 7 addresses vulnerabilities that are mentioned in the security bulletin, APSB19-58. The update includes a fix
Tracker Comment Comment on Scheduler ERROR by External U.
2609447 CF-3846716 External U. The error occure when update Coldfusion 11 patch 2,
and this update make coldfusion internal error.
I fixed by uninstall coldfusion 11 and reinstall without update security patch 2.
notes for each […]
The post ColdFusion (2018 release) Update 5 and ColdFusion (2016 release) Update 12 released appeared first on ColdFusion. Adobe ColdFusion 2016,Adobe ColdFusion 2018,Blog,coldfusiom language updates,coldfusion 2016 update 12,coldfusion 2018 update 5,ColdFusion security updates
Portal Topic coldfusion 2016 Rhel7
saturnxviii coldfusion 2016 Rhel7 I 'm trying to figure out how to get this to start when the servers recycle. what am I missing?
The post coldfusion 2016 Rhel7 appeared first on ColdFusion. CF2016 Updates,ColdFusion 2016,Question,2016,cf2016 updates,coldfusion 2016,question
Tracker Comment Comment on deserializeJSON() invokes java.lang.System.getProperty() which is slow with sandbox security enabled by Nimit S.
2608167 CF-4173670 Nimit S. This issue is fixed now. The fix for this issue will be available as part of an upcoming update of ColdFusion.
Portal Topic ColdFusion (2018 release) Update 4, ColdFusion (2016 release) Update 11, and ColdFusion 11 Update 19 released
11 Update 19 The following are links to the tech notes for each update: ColdFusion (2018 release) Update 4 ColdFusion (2016 release) Update 11 ColdFusion 11 Update 19 The releases address security vulnerabilities, which are documented in the bulletin APSB19-27. We have made the following updates
Tracker Issue NULL NULL errors after the last coldfusion update
NULL NULL errors after the last coldfusion update
Tracker Issue coldfusion 10 update 14. failed to load pdf document
coldfusion 10 update 14. failed to load pdf document
Portal Topic ColdFusion (2018 release) Update 3, ColdFusion (2016 release) Update 10, and ColdFusion 11 Update 18 released
11 Update 18 The following are links to the tech notes for each update: ColdFusion (2018 release) Update 3 ColdFusion (2016 release) Update 10 ColdFusion 11 Update 18 The releases address security vulnerabilities, which are documented in the bulletin APSB19-14. In these updates, we have also
Tracker Issue Spring integration, spring security and jsp tags
2613604 CF-3206530 Language : Java Integration Michael Nimer Spring integration, spring security and jsp tags Problem Description:
If I configure Spring to run inside of the ColdFusion class loader, so I can use CFCPROXY when I try to use Spring JSP tags or Spring security I get errors
Steps
Tracker Comment Comment on SELinux issues with ColdFusion 10 update 18 connector (10,0,18,296330) by External U.
should be installed within 30 days of release because it is priority 2.
https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html
https://helpx.adobe.com/security/severity-ratings.html
This needs to be resolved so we can install this update by Dec 17-18 , 2015.
Thanks,
Boris.
Builder items and click Next.
6. Accept the license agreement and click Finish.
7. If you see a Security Warning message, click OK to continue installing the update.
8. To restart ColdFusion Builder, click Yes.
Thanks,
Mukesh
Tracker Comment Comment on HTML security header "X-Content-Type-Options: nosniff" breaks various '.gif' icons in CF admin w/ IE11 by Chris D.
3809137 CF-4200425 Chris D. Hi Preethi,
Coldfusion 2016 Update 5. Also see it in our CF 11 Update 13 we're migrating away from.
Yes, I'm using the connector for IIS in a dedicated site for CF Admin (had issues with Error Handler mappings not working with builtin webserver) but locked down
Portal Topic OSGi Support is Needed to Assure Secure Code
faster (on compile) and more secure. Is there any forward looking plans to support OSGi (and Maven).
The post OSGi Support is Needed to Assure Secure Code appeared first on ColdFusion. Discussion,Updates,ColdFusion,discussion,security,updates
Portal Topic coldfusion 10 on Mountain Lion
G/a coldfusion 10 on Mountain Lion Is there anywhere to download the developer load of Coldfusion 10 for Mountain Lion? (MAC OSX 10.8).
The post coldfusion 10 on Mountain Lion appeared first on ColdFusion. Blog,ColdFusion,Development Services,Question,development services,question,update
Tracker Issue cflogin authentication issue
Manager.java:3380)
at coldfusion.tagext.security.AuthenticateTag.parseAuthUpdate(AuthenticateTag.java:397)
at coldfusion.tagext.security.AuthenticateTag.doStartTag(AuthenticateTag.java:358)
"Error","ajp-nio-8018-exec-3","12/06/18","06:03:54","CLIENT","Authentication has failed.Please check the logs for more
Comment on cfquery sandbox security issue after CF2016 update 4 by Chris D.
Comment on cfquery sandbox security issue after CF2016 update 4 by Chris D.
Comment on cfquery sandbox security issue after CF2016 update 4 by S P.
stuck in the past.
The benefits of modernizing your ColdFusion.
The post Upgrade Your ColdFusion Today (Security, Performance and Cost) appeared first on ColdFusion. Blog,CF2018 Updates,Updates,2018,blog,cf2018 updates,coldfusion 2018,updates
ColdFusion (2016 release) Update 9 and ColdFusion 11 Update 17 released
Portal Topic Modernization of Adobe ColdFusion Helped Improving Security, Deployment and Other Important Aspects
Modernization of Adobe ColdFusion Helped Improving Security, Deployment and Other Important Aspects appeared first on ColdFusion. CF2018 Updates,ColdFusion 2018,Question,2018,cf2018 updates,coldfusion 2018,question
Portal Topic ColdFusion 2018 Lockdown Guide
Peter Freitag ColdFusion 2018 Lockdown Guide Looking for the ColdFusion 2018 Lockdown guide?
The post ColdFusion 2018 Lockdown Guide appeared first on ColdFusion. Blog,CF2018 Updates,ColdFusion 2018,2018,blog,cf2018 updates,coldfusion 2018,installation,security
first on ColdFusion. Blog,Lockdown,Security,blog,lockdown,security,updates
2682180 CFB-4166790 Security Code Analyzer Muraoka Shigeyoshi (Update 2) charts are not displayed in Security Analyzer Report (Japanese Ver.) Problem Description:
After applying CFBuilder Update 2, charts are not displayed in Security Analyzer Report.
The issue occurs only in Japanese ColdFusion
Solved with Adobe ColdFusion 2018 appeared first on ColdFusion. CF2018 Updates,ColdFusion 2018,Question,cf2018 updates,coldfusion 2018,question,security
Tracker Comment Comment on CFINDEX and Sandbox security by S V.
Comment on CFINDEX and Sandbox security by S V.
Shreya Sinha Continuous security for your CFML code with Fixinator Join us for Adobe ColdFusion webinar on May 29, 2019 at 10 am PT.
The post Continuous security for your CFML code with Fixinator appeared first on ColdFusion. ColdFusion Webinar,Event,Webinars,CFML,coldfusion webinar,event,webinars
Portal Topic ColdFusion (2018 release) Update 2, ColdFusion (2016 release) Update 8, and ColdFusion 11 Update 16 released
,Performance Monitoring Toolset,ColdFusion (2016 release) Update 8,ColdFusion (2018 release) Update 2,ColdFusion 11 Update 16,ColdFusion 11 updates,ColdFusion 2016 updates,ColdFusion 2018 updates,coldfusion builder updates,ColdFusion security updates,ColdFusion updates,Performance Monitoring Toolset updates,Server Auto
Tracker Issue cfquery's coldfusion.tagext.sql.QueryTag.maskDateTimeColumns() is slow with sandbox security enabled
cfquery's coldfusion.tagext.sql.QueryTag.maskDateTimeColumns() is slow with sandbox security enabled
Tracker Comment Comment on cfstoredproc - Last OUTPUT parameter - ColdFusion 11 Update 5 by Nimit S.
2608884 CF-3971083 Nimit S. Hi Byron,
Sorry for the inconvenience.
This fix is not included in ColdFusion 11 Update 6, because it was only a security hotfix.
However, this issue is fixed in ColdFusion 11 Update 7 which is available on pre-release.
For more details, please refer the article
4191828 CF-4201953 Installation/Config : JEE Deployment Tomcat install of cfusion.war with security manager turned on Need to install ColdFusion 2016 JEE cfusion.war file with Apache/Tomcat security manager active 'catalina.sh start -security'
requires setting permissions for the cfusion.war app
Comment on coldfusion 10 update 14. failed to load pdf document by CFwatson U.
Comment on NULL NULL errors after the last coldfusion update by External U.
Comment on NULL NULL errors after the last coldfusion update by External U.
Comment on coldfusion 10 update 14. failed to load pdf document by External U.
Tracker Comment Comment on AJAX XHR Upload (application/octet-stream) after update from coldfusion 9 to 10 by External U.
Comment on AJAX XHR Upload (application/octet-stream) after update from coldfusion 9 to 10 by External U.
Tracker Comment Comment on AJAX XHR Upload (application/octet-stream) after update from coldfusion 9 to 10 by External U.
Comment on AJAX XHR Upload (application/octet-stream) after update from coldfusion 9 to 10 by External U.
Tracker Comment Comment on AJAX XHR Upload (application/octet-stream) after update from coldfusion 9 to 10 by External U.
Comment on AJAX XHR Upload (application/octet-stream) after update from coldfusion 9 to 10 by External U.
Tracker Comment Comment on AJAX XHR Upload (application/octet-stream) after update from coldfusion 9 to 10 by External U.
Comment on AJAX XHR Upload (application/octet-stream) after update from coldfusion 9 to 10 by External U.
Comment on coldfusion 10 update 14. failed to load pdf document by External U.
Comment on coldfusion 10 update 14. failed to load pdf document by External U.
Comment on coldfusion 10 update 14. failed to load pdf document by External U.
Comment on coldfusion 10 update 14. failed to load pdf document by External U.
Comment on NULL NULL errors after the last coldfusion update by Adobe D.
Tracker Comment Comment on AJAX XHR Upload (application/octet-stream) after update from coldfusion 9 to 10 by External U.
Comment on AJAX XHR Upload (application/octet-stream) after update from coldfusion 9 to 10 by External U.
Tracker Comment Comment on AJAX XHR Upload (application/octet-stream) after update from coldfusion 9 to 10 by External U.
Comment on AJAX XHR Upload (application/octet-stream) after update from coldfusion 9 to 10 by External U.
Tracker Comment Comment on AJAX XHR Upload (application/octet-stream) after update from coldfusion 9 to 10 by External U.
Comment on AJAX XHR Upload (application/octet-stream) after update from coldfusion 9 to 10 by External U.
Tracker Comment Comment on AJAX XHR Upload (application/octet-stream) after update from coldfusion 9 to 10 by External U.
Comment on AJAX XHR Upload (application/octet-stream) after update from coldfusion 9 to 10 by External U.
Tracker Comment Comment on AJAX XHR Upload (application/octet-stream) after update from coldfusion 9 to 10 by External U.
Comment on AJAX XHR Upload (application/octet-stream) after update from coldfusion 9 to 10 by External U.
Comment on coldfusion 10 update 14. failed to load pdf document by External U.
Comment on coldfusion 10 update 14. failed to load pdf document by External U.
AJAX XHR Upload (application/octet-stream) after update from coldfusion 9 to 10
Comment on coldfusion 10 update 14. failed to load pdf document by External U.
Comment on coldfusion 10 update 14. failed to load pdf document by External U.
Comment on coldfusion 10 update 14. failed to load pdf document by External U.
Tracker Issue deserializeJSON() invokes java.lang.System.getProperty() which is slow with sandbox security enabled
2608167 CF-4173670 Performance Henry Ho deserializeJSON() invokes java.lang.System.getProperty() which is slow with sandbox security enabled Problem Description:
When a cfm/cfc invokes deserializeJSON(), coldfusion.runtime.JSONUtils.parseNumber() invokes java.lang.System.getProperty() with sandbox
Tracker Comment Comment on Coldfusion 11 update 8 breaks left and right sql sever functions by External U.
Comment on Coldfusion 11 update 8 breaks left and right sql sever functions by External U.
Tracker Comment Comment on Port number disappears from scheduled task when server is rebooted by External U.
2613170 CF-3341809 External U. @sebumd, I've verified this issue (#CF-3295644) is fixed in CF10 Update 1: http://helpx.adobe.com/coldfusion/kb/coldfusion10-update-01.html
Note: You may wish to just install Update 2 (it includes Update 1) which is available here: http://blogs.coldfusion.com/post.cfm/security-hot-fix-for-coldfusion
Miguel Fernandez coldfusion.adobe.com/profile/SauravGhosh">SauravGhosh – when you guys add security features like this in an update are you also updating the Server Auto-Lockdown installer to include them? (I realize this only applies to ColdFusion 2018)
2598106 CF-3041732 Flex/Flash : AIR Integration peter Bierman Bug 83490:(Watson Migration Closure)Problem occurs wtih the coldfusion Problem:
Problem occurs wtih the coldfusion.air.SyncManager class.Setting the secureHttp property to 'true' does not work.http requests are still submitted over http
2609493 CF-3842815 Piyush K. wittsiepe,
The cfgrid binding related bugs are not fixed in Update 2. They are are due in the next update, to be made available very soon.
Update 2 fixed security related issues only (for details on update 2 please ref. http://helpx.adobe.com/coldfusion/kb/coldfusion-11
.io.FileOutputStream.[fileoutputstream.java:213]
3: ........java.io.FileWriter.[filewriter.java:107]
4: ........coldfusion.server.ServiceBase.doSerialize[servicebase.java:247]
5: ........coldfusion.server.ServiceBase.access$100[servicebase.java:37]
6: ........coldfusion.server.ServiceBase$2.run[servicebase.java:204]
7: ........java.security
Tracker Issue CF902 on Java JDK 7 update 17 - cfhttp tag fails to return status codes when posting data to a web service
to be used within our ColdFusion application for saving the user data. This worked flawlessly when
Java 6 update 29 was running ColdFusion. Once we applied the security patch for Cumulative Hot Fix 1 and
upgraded the Java to JDK 7 update 17, this tag stopped returning response codes from the cfhttp call
Comment on expandPath() returns coldfusion bin directory by Aaron N.
– Security, Performance, and the PMT appeared first on ColdFusion. Blog,CF2018 Updates,ColdFusion 2018,blog,cf2018 updates,ColdFusion,coldfusion 2018,question
6271442 CF-4205334 Installation/Config Adobe should consider following the Java model for handling CF security fixes I would like to publicly propose a new model that Adobe should consider following for handling CF updates, specifically allowing for one to implement security fixes as soon
Tracker Issue [ANeff] Doc Bug for: Two SerializeJSON doc bugs
CustomSerializer]). Missing some square brackets.
Suggested changes:
1) Remove this: "ColdFusion (2016 release) Update 3: Added the parameter useSecureJSONPrefix."
2) Change "ColdFusion 11: Added the attribute. useCustomSerializer." to "ColdFusion 11: Added new attributes: useSecureJSONPrefix and useCustomSerializer."
3
Tracker Comment Comment on Rest service converts "Yes" "No" string to "True" "False" by HariKrishna K.
2608206 CF-4163450 HariKrishna K. Hi Chia, ColdFusion 11 Update 10, was a security only release, which will not have feature bug fixes.
We will evaluate to see if this can be provided as a patch and get back to you.
2597106 CF-3114286 Text Search : Solr Travis Walters Bug 87285:-(Watson Migration Closure)SOLR with coldfusion comes with version 1 Problem:
SOLR with coldfusion comes with version 1.4 of SOLR yet version 3.5 is out and ready to go with massive updates from SOLR. Can you upgrade the version
Test Config: My Hardware and Environment details:
Server Product ColdFusion
Version ColdFusion 10,282462
Edition Developer
Operating System Windows 7
OS Version 6.1
Update Level /C:/ColdFusion10/cfusion/lib/updates/chf10000002.jar
Adobe Driver Version 4.1 (Build 0001
Bug 83539:(Watson Migration Closure)Use of Locales with security sandboxing enabled throws sandbox security error, requires explicitly declared sandbox path access to C:\Inetpub\wwwroot\CFIDE\scripts\ folder
Manager.java:2679) at coldfusion.tagext.security.AuthenticateTag.parseAuthUpdate(AuthenticateTag.java:358) at coldfusion.tagext.security.AuthenticateTag.doStartTag(AuthenticateTag.java:329) at cflogin2ecfm1969475137.runPage(C:\inetpub\portal.xact-data.com\login.cfm:91) at coldfusion
Tracker Comment Comment on Sporadic StackOverflowError involving coldfusion.security.BasicPolicy since CF2016HF12 by dakota c.
6439313 CF-4205821 dakota c. Is this issue present in ColdFusion 2018 update 5 as well? We've noticed similar behavior that results in a memory leak for Java heap space which has many references to 'coldfusion.security.BasicPolicy'. The threads in where these leaks occur are also hanging on
Tracker Comment Comment on cfquery's coldfusion.tagext.sql.QueryTag.maskDateTimeColumns() is slow with sandbox security enabled by Nimit S.
Comment on cfquery's coldfusion.tagext.sql.QueryTag.maskDateTimeColumns() is slow with sandbox security enabled by Nimit S.
4191828 CF-4201953 john t. yes, can run ColdFusion cfusion.war with catalina.sh but
when I run as catalina.sh -security i get permission issues
Working through the catalina.policy file to add permissions one by one but hoping there was a document in place since I can not be the first one that has
Tracker Issue HTML security header "X-Content-Type-Options: nosniff" breaks various '.gif' icons in CF admin w/ IE11
in the Coldfusion Administrator.
Evidently, these icons are of type "PNG" but have been renamed and referenced as type "GIF".
Example file: /CFIDE/administrator/images/idelete.gif when attempted to save image shows up as idelete_gif.png
Steps to Reproduce:
1. Add security header: "X
Tracker Comment Comment on deserializeJSON() invokes java.lang.System.getProperty() which is slow with sandbox security enabled by External U.
Manager.java:1294)
at java.lang.System.getProperty(System.java:753)
at coldfusion.runtime.JSONUtils.parseNumber(JSONUtils.java:1892) ...
"ajp-bio-8014-exec-4" - Thread t@269
java.lang.Thread.State: BLOCKED
at java.security.Policy.implies(Policy.java:713)
- waiting to lock (a java.util.WeakHashMap) owned
(memory,requests data)
portlet.log - Portlet logs
probes.log -System probes logs that help in evaluating the status of your ColdFusion application
security.log - Security related logs
update.log - Logs that pccur while applying the updates
webservice.log - Webservice invoke call logs
websocket.log -Websocket call logs
Tracker Comment Comment on Issue with the XMLParse() function after update to Java 8.241 (possibly introduced in 8.231) by Justin H.
6809611 CF-4207236 Justin H. Very similar issue with ColdFusion 2016, when sandbox security is enabled. We're also using Java 241 as well.
https://tracker.adobe.com/#/view/CF-4206929
6774822 CF-4206998 Security Apache Commons Beanutils needs updating to address CVE-2019-10086 Problem Description:
Security vulderablity with common-beanutils
Per CVE- In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker
Tracker Comment Comment on (Update 2) security analyzer does not detect xss and csrf (Japanese Ver.) by Arpit G.
Comment on (Update 2) security analyzer does not detect xss and csrf (Japanese Ver.) by Arpit G.
Comment on Tomcat install of cfusion.war with security manager turned on by john t.
Tracker Issue Can not update
2682325 CFB-4119441 General - IDE Christopher Tierney Can not update Problem Description:
No repository for update found
Steps to Reproduce:
Help > Check for updates
Actual Result:
'Contacting Software Sites' has encountered a problem. No repository found at http://download.adobe.com/pub/adobe/coldfusion