Unable to update Jetty jars in ColdFusion 11 server.
Presently using jetty-server-9.0.7.v20131107.jar. Security scans have identified this jetty jar and a few other jetty jars to be a vulnerable.
I tried to change the host setting from 0.0.0.0 to 127.0.0.1 within jetty.xml. I was thinking this maybe the issue within in the jetty jars the scan is having a problem with….
After the change, the jar failed the scan again.
I’ve tried replacing jetty-server-9.0.7.v20131107.jar and it’s dependencies with 9.4.11.v2018xxxx, 9.4.12.v2018xxxx, 9.4.13.v2018xxxx, and 9.4.14.v2018xxxx with no luck.
When trying to update the jar and it’s dependencies, ColdFusion 11 Server stops working. I’m unable to reach the CF admin UI. I see errors stating “Unable to initialize Monitoring service”.
Is there no way to update the jetty jars within ColdFusion 11 without the system not working?
Newbie
1 posts
According to Rakshith it is due before end of February 2019.
https://coldfusion.adobe.com/2019/01/oracle-java-support-adobe-coldfusion/
I was informed by Support that Adobe was working on an update to CF 11 to address the jetty issue. They didn’t give me an ETA on Update 16.
I’ll reach out to them to see what suggestions they have.
Thanks
I would be contacting CF Support on this one – CFsup@adobe.com
You must be logged in to post a comment.
23 Nov
10AM Pacific
Online
