June 14, 2016
Updates for ColdFusion 2016, ColdFusion Builder 2016, ColdFusion 11 and ColdFusion 10 released
Comments
(20)
June 14, 2016
Updates for ColdFusion 2016, ColdFusion Builder 2016, ColdFusion 11 and ColdFusion 10 released
Senior Lead Software Engineer
Staff 4 posts
Followers: 4 people
(20)

This article announces the release of updates for ColdFusion 2016, ColdFusion Builder 2016, ColdFusion 11 and ColdFusion 10.

These updates address a common vulnerability mentioned in security bulletin APSB16-22.

ColdFusion 2016 Update 2

ColdFusion 2016 Update 2 fixes an important security issue. It also includes some other important fixes related to Language, Security Analyzer, AJAX, document management, SharePoint, CLI, API Manager and a few other areas.

For details, refer this technote.

ColdFusion Builder 2016 Update 2

ColdFusion Builder 2016 Update 2 (standalone) has been upgraded from Kepler to Mars. It includes important updates to Security Analyzer, a few bug fixes related to performance and other bug fixes. PhoneGap has been upgraded to 5.2.

For details, refer this technote.

ColdFusion 11 Update 9

ColdFusion 11 Update 9 fixes an important vulnerability mentioned in the security bulletin APSB16-22. It also includes a few other fixes.

For details, refer this technote.

ColdFusion 10 Update 20

ColdFusion 10 Update 20 fixes an important vulnerability mentioned in the security bulletin APSB16-22. It also includes a few other fixes

For details, refer this technote.

 

20 Comments
Jul 26, 2016
Jul 26, 2016

[sub]

Like
()
Edit
Jul 5, 2016
Jul 5, 2016

Guys
by the way my scheduled tasks have no password. I was thinking that i could go into each one and set the password to some value and maybe that would stop the error i posted above, but nope same error.
Crazy thing is the CFAdmin task runner says it succeeded. but the code is never executed.

Anyway, if anyone can think of something i can try i would really appreciate it.

Some background:
Server: windows 2012 64b, 16gb ram. CF11 64b latest download and installed HF9.
I can post the jvm if needed or post full error logs if needed.

Thanks

Like
()
Edit
Jul 4, 2016
Jul 4, 2016

Hi Guys, for what every reason I never got an email notification that a reply to this post.. anyway, I punted and just did a fresh install. What a pain.. biggest issue was the backup neoxx.xml files were not readable by the new install. Not sure why but after putting them in place and restarting the service, nothing would run http 500 for everything.

SO I manually rebuilt the config..
So far so good until today when I noticed that all of my scheduled tasks are running but not firing. What I mean is that I have a task that sends an email, it is not firing but the task is running successfully. The log files produces this:

“Error”,”DefaultQuartzScheduler_Worker-1″,”07/04/16″,”07:16:57″,,”An error occurred while trying to encrypt or decrypt your input string: Given final block not properly padded. ”
44473 coldfusion.runtime.Encryptor$InvalidParamsForEncryptionException: An error occurred while trying to encrypt or decrypt your input string: Given final block not properly padded.
44474 at coldfusion.runtime.Encryptor.processCipherWork(Encryptor.java:632)
44475 at coldfusion.runtime.Encryptor.decrypt(Encryptor.java:399)
44476 at coldfusion.runtime.Encryptor.decrypt(Encryptor.java:363)
44477 at coldfusion.runtime.Encryptor.decrypt(Encryptor.java:340)
44478 at coldfusion.util.PasswordUtils.decryptWithAES_CBC_PKCS5(PasswordUtils.java:509)
44479 at coldfusion.util.PasswordUtils.decryptPassword(PasswordUtils.java:437)
44480 at coldfusion.scheduling.ScheduleTagData.getHttpTag(ScheduleTagData.java:1632)
44481 at coldfusion.scheduling.CronTask.execute(CronTask.java:91)
44482 at org.quartz.core.JobRunShell.run(JobRunShell.java:207)

Not sure whats going on now. Can anyone point me in the right direction?

Like
()
Edit
Add Comment