portal entry

select a category, or use search below
(searches all categories and all time range)

ColdFusion (2018 release) Update 1, ColdFusion (2016 release) Update 7, and ColdFusion 11 Update 15 Released

| View in Portal
September 11, 2018 01:28:24 PM GMT
<p>We are pleased to announce the updates for ColdFusion (2018 release), ColdFusion (2016 release), and ColdFusion 11. These updates address a few security issues, which are mentioned in the security bulletin APSB18-33, upgrade the Tomcat engine and OpenSSL jars for PDFgServlet. ColdFusion (2018 release) Update 1 In addition to fixing the vulnerabilities mentioned in the security bulletin, this update contains bug fixes, an upgraded Tomcat (ver 9.0.10), and upgraded OpenSSL upgrade to 1.0.2p for PDFgServlet. For more information on the […]</p>
<p>The post <a rel="nofollow" href="https://coldfusion.adobe.com/2018/09/coldfusion-2018-release-update-1-coldfusion-2016-release-update-7-and-coldfusion-11-update-15-released/">ColdFusion (2018 release) Update 1, ColdFusion (2016 release) Update 7, and ColdFusion 11 Update 15 Released</a> appeared first on <a rel="nofollow" href="https://coldfusion.adobe.com">ColdFusion</a>.</p>
Labels: Adobe ColdFusion 2018, Blog, ColdFusion, ColdFusion 2018, Hotfix, Security, Updates, coldfusion 11 update, coldfusion 2016 update, coldfusion 2018 update, coldfusion hotfix, coldfusion security update


Just installed the hotfix 7 for CF 2016. We are currently unable to access the out sites over https. Anyone facing similar issues? Insight for the fix? All of out cipher suites are up to date.
Comment by Ryan McGuirk
1245 | September 12, 2018 05:15:31 PM GMT
Hi Ryan, Can you tell us on which platform did you install, was the update installation successful? Are you using connector? Can you elaborate what is the exact issue (We are currently unable to access the out sites over https.)?
1248 | September 17, 2018 05:39:17 AM GMT
Ryan, did you mean "out sites" or "our sites"? If the former, do you mean by way of cfhttp or CF scheduled tasks, perhaps? There would seem nothing about hotfix 7 that would seem related to that. Can you clarify what you were on before hotfix 7? Also, have you checked the update's log (the long-named one in the folder for the update under your CF hf-updates folder)? For more, see my blog post on this: https://www.carehart.org/blog/client/index.cfm/2016/9/6/solve_common_problems_with_CF_updates_in_10_and_above Also, are you sure you didn't do something else? It could be that since CF was restarted as a part of the update, perhaps some other change was made (in CF or its jvm config) that didn't take effect until the CF restart. In that case, the update itself may have nothing to do with the problem.
Comment by Charlie Arehart
1249 | September 17, 2018 02:26:26 PM GMT
Ryan?Do you have any thoughts on the suggestions/questions that Harikrishna and I had offered?
Comment by Charlie Arehart
1260 | September 29, 2018 02:05:03 PM GMT
Anyone else have an issue with CF 11 updates between 14 and 15?    I can see all 15 updates - but the normally expandable accordions where you usually see the update details - none of those will expand, so I can't update anything.
Comment by Jim Priest
1272 | October 05, 2018 05:44:44 PM GMT
Jim, I'd bet that's because of a configuration problem with CF. See if you or someone changed the "settings" page value for "default script src".  If so, the problem is that the built-in web server you're using for CF does not know about that change. You could change it back (to the default in CF2016 of cf_scripts), and then the update feature will work. It's leveraging one of those CF UI tags that creates the accordion. But then if someone had also changed your external web server (IIS or Apache) to use that differently named scriptsrc value, then your own code using such UI tags would fail until you changed back the CF admin. Obviously getting the built-in web server to use whatever value you have set for the scriptsrc would be best, but that's not easily communicated here. (I need to do a blog post on this mess, and understanding and resolving it.) Certainly if the box you're working on is not prod, just change the default scriptsrc value back to cf_scripts, run the update, and then set it back. Or you could download the update (google coldfusion 2016 updates to get the page that lists the updates), and download the jar you want, and then run the update from the command line rather than from the CF Admin. The Adobe docs talk about how to run the jar from the command line, or I have a blog post with details on that. Let us know if this gets you going. And Adobe, if you see this, please have CF better handle changes to the default scriptsrc by having it setup the built-in web server to know about it, for use by the CF Admin update feature.
Comment by Charlie Arehart
1273 | October 05, 2018 05:53:27 PM GMT
Hi Saurav Ghosh, For each of the successive releases ColdFusion 11 Update 15, ColdFusion (2016 release) Update 7 and ColdFusion (2018 release) Update 1, you write, “upgraded OpenSSL to 1.0.2p”. This is confusing, because the version number stays the same. Just to be clear, has there been an upgrade of OpenSSL, say, to 1.1.1?
Comment by BKBK
1539 | January 14, 2019 11:49:58 AM GMT