June 14, 2016
Updates for ColdFusion 2016, ColdFusion Builder 2016, ColdFusion 11 and ColdFusion 10 released
Comments
(20)
June 14, 2016
Updates for ColdFusion 2016, ColdFusion Builder 2016, ColdFusion 11 and ColdFusion 10 released
Senior Lead Software Engineer
Staff 4 posts
Followers: 4 people
(20)

This article announces the release of updates for ColdFusion 2016, ColdFusion Builder 2016, ColdFusion 11 and ColdFusion 10.

These updates address a common vulnerability mentioned in security bulletin APSB16-22.

ColdFusion 2016 Update 2

ColdFusion 2016 Update 2 fixes an important security issue. It also includes some other important fixes related to Language, Security Analyzer, AJAX, document management, SharePoint, CLI, API Manager and a few other areas.

For details, refer this technote.

ColdFusion Builder 2016 Update 2

ColdFusion Builder 2016 Update 2 (standalone) has been upgraded from Kepler to Mars. It includes important updates to Security Analyzer, a few bug fixes related to performance and other bug fixes. PhoneGap has been upgraded to 5.2.

For details, refer this technote.

ColdFusion 11 Update 9

ColdFusion 11 Update 9 fixes an important vulnerability mentioned in the security bulletin APSB16-22. It also includes a few other fixes.

For details, refer this technote.

ColdFusion 10 Update 20

ColdFusion 10 Update 20 fixes an important vulnerability mentioned in the security bulletin APSB16-22. It also includes a few other fixes

For details, refer this technote.

 

20 Comments
2016-07-26 15:58:48
2016-07-26 15:58:48

[sub]

Like
2016-07-05 11:01:25
2016-07-05 11:01:25

Guys
by the way my scheduled tasks have no password. I was thinking that i could go into each one and set the password to some value and maybe that would stop the error i posted above, but nope same error.
Crazy thing is the CFAdmin task runner says it succeeded. but the code is never executed.

Anyway, if anyone can think of something i can try i would really appreciate it.

Some background:
Server: windows 2012 64b, 16gb ram. CF11 64b latest download and installed HF9.
I can post the jvm if needed or post full error logs if needed.

Thanks

Like
2016-07-04 07:29:45
2016-07-04 07:29:45

Hi Guys, for what every reason I never got an email notification that a reply to this post.. anyway, I punted and just did a fresh install. What a pain.. biggest issue was the backup neoxx.xml files were not readable by the new install. Not sure why but after putting them in place and restarting the service, nothing would run http 500 for everything.

SO I manually rebuilt the config..
So far so good until today when I noticed that all of my scheduled tasks are running but not firing. What I mean is that I have a task that sends an email, it is not firing but the task is running successfully. The log files produces this:

“Error”,”DefaultQuartzScheduler_Worker-1″,”07/04/16″,”07:16:57″,,”An error occurred while trying to encrypt or decrypt your input string: Given final block not properly padded. ”
44473 coldfusion.runtime.Encryptor$InvalidParamsForEncryptionException: An error occurred while trying to encrypt or decrypt your input string: Given final block not properly padded.
44474 at coldfusion.runtime.Encryptor.processCipherWork(Encryptor.java:632)
44475 at coldfusion.runtime.Encryptor.decrypt(Encryptor.java:399)
44476 at coldfusion.runtime.Encryptor.decrypt(Encryptor.java:363)
44477 at coldfusion.runtime.Encryptor.decrypt(Encryptor.java:340)
44478 at coldfusion.util.PasswordUtils.decryptWithAES_CBC_PKCS5(PasswordUtils.java:509)
44479 at coldfusion.util.PasswordUtils.decryptPassword(PasswordUtils.java:437)
44480 at coldfusion.scheduling.ScheduleTagData.getHttpTag(ScheduleTagData.java:1632)
44481 at coldfusion.scheduling.CronTask.execute(CronTask.java:91)
44482 at org.quartz.core.JobRunShell.run(JobRunShell.java:207)

Not sure whats going on now. Can anyone point me in the right direction?

Like
2016-06-30 09:15:55
2016-06-30 09:15:55

Since upgrading from CF 11 U7 to U9, my Access Databases occasionally peg the CPU to 50% and lock some users out. Indeed, the CF Administrator also cannot validate the connection to one of my two Databases.

Since swagent.exe was last modified on the date I installed the update, I am worried that something in the update is causing my trouble. Any thoughts?

Like
2016-06-27 00:32:57
2016-06-27 00:32:57

@Chewy,
Can you run cfinfo -version to check, if the update is applied properly and let us know what is the result of it?

Is it only admin not being served or none of the cfm pages are getting served?

Can you zip your cfusion/logs and connector logs folders and send it across to hkallaeATadobeDOTcom.

Thanks,
Hari

Like
2016-06-25 15:13:52
2016-06-25 15:13:52

After the admin console install of cf11 hf9 i restarted and all i get are 500 errors on all cf aites.
I removed the connectors and added them back but still just getting 500 errors.

The iis logs just say isapi error. Cf log just says null pointer exception.

Where else can i look?

Thanks

Like
2016-06-24 08:12:49
2016-06-24 08:12:49

I resolved my issue, the .profile file was corrupted. The discussion thread has been updated as well.

Like
2016-06-21 08:49:17
2016-06-21 08:49:17

I did not give enough information in my last post. I am using ColdFusion 11. Running the hotfix from the command line as Administrator produces this issue:

Error: Could not find or load main class [Drive Letter]:ColdFusion11cfusionhf-updateshotfix_009.jar

The command I ran was:

[Drive Letter]:ColdFusion11jrebinjava.exe -jar [Drive Letter]:ColdFusion11cfusionhf-updateshotfix_009.jar -i silent -f [Drive Letter]:ColdFusion11cfusionhf-updates[Server Name].profile

I started a forum discussion here:
https://forums.adobe.com/thread/2170170

Like
2016-06-21 08:45:39
2016-06-21 08:45:39

After updating from CF11 HF7 to CF11 HF9 some of our Access scripts that run as CF Scheduled Tasks started failing. For some reason it is looking for a mdb file that is neither the one specific by the datasource or in a location we defined.

Error Executing Database Query. [Macromedia][SequeLink JDBC Driver][ODBC Socket][Microsoft][ODBC Microsoft Access Driver] Could not find file ‘C:ColdFusion11cfusiondbslserver54loggingdbo.mdb’.

Like
2016-06-20 07:32:32
2016-06-20 07:32:32

It looks like parts of this patch are hard coded to assume ColdFusion 11 is installed in the C:ColdFusion11 on a Windows machine. The variables in .profile seem to be ignored.

Like
2016-06-17 09:30:40
2016-06-17 09:30:40

[sub]

Like
2016-06-15 02:38:13
2016-06-15 02:38:13

@Motch – The bug was fixed for 2016 release and the fix was backported to versions 10.0 and 11.0 too.

Like
2016-06-14 23:55:37
2016-06-14 23:55:37

https://helpx.adobe.com/coldfusion/kb/bugs-fixed-coldfusion-10-update-20.html

If you click on the bug Id, it seems to be related to CF11 and not CF10

Like
2016-06-14 09:53:21
2016-06-14 09:53:21

Follow-up – restarting the CF Application Service eliminated the exception. Not sure why, but the updater is working now.

Like
2016-06-14 09:31:09
2016-06-14 09:31:09

When I log into my CF11 Administrator and go to Server Update / Updates I get an exception.

The selected type [CFContainerID] was not set via the ESAPI validation configuration

at cfindex2ecfm479980389._factor0(/CFIDE/administrator/updates/index.cfm:170) at cfindex2ecfm479980389._factor6(/CFIDE/administrator/updates/index.cfm:164) at cfindex2ecfm479980389._factor8(/CFIDE/administrator/updates/index.cfm:52) at cfindex2ecfm479980389._factor9(/CFIDE/administrator/updates/index.cfm:51) at cfindex2ecfm479980389.runPage(/CFIDE/administrator/updates/index.cfm:1)

Like
2016-06-14 08:38:45
2016-06-14 08:38:45

@up2date – Thanks for pointing it out. Updated the links

Like
2016-06-14 08:20:06
2016-06-14 08:20:06

Links for APSB16-22 under “ColdFusion 10 Update 20” and “ColdFusion 11 Update 9” refers to APSB16-16…

Like
2016-06-14 07:44:05
2016-06-14 07:44:05

@Phil – The Connecotor need not be reconfigured as there are no connector-specific changes. We will get the tech note discrepancy addressed.

Like
2016-06-14 07:36:02
2016-06-14 07:36:02

For ColdFusion 11 Update 9, the technote says “Refer the important notes section to see if the connector needs to be reconfigured after applying this update” but there is not “important notes section”.

Does the connector need to be reconfigured?

Like
2016-06-14 06:58:59
2016-06-14 06:58:59

subscribe

Like
Add Comment