search : a s

select a category, or use search below
(searches all categories and all time range)

displaying top 100 results

2613295 CF-3335493 S V. Sequential HTTP calls to random function within less span of time resulting in same number. This issue nothing to do with caching. Use a psuedo-random algorithms (SHA1PRNG, IBMSecureRandom) to provide greater randomness.
2610306 CF-3712098 S P. Although this bug is fixed, there seems to be a backward-compatibility issue. As a result, this fix will be part of next release.
2608635 CF-4041625 S P. Hi Aaron, I too have observed the behavior, where the image is rendered as a static image. Could you log a separate ER for the same. Thanks, Preethi
3047640 CF-4198571 S P. Hi Jack, Can you download the image and try to use it as a file and let us know what it returns. Thanks!
2608114 CF-4189738 S P. Hi Jay Could you share a snippet of the code with which you are facing this issue. Thanks!
2609505 CF-3840754 S V. Bingo, i was about to comment with a code snippet, then i have seen your comment. Thanks Aaron :)
2672512 CF-4193907 S P. Hi Jim, We have been trying to repro this issue, but have not been able to encounter it yet. Will be trying it with new settings/environment again. Else is it possible that we can have a session where we can have a look at the issue in your machine, so that we can debug it
2608653 CF-4033628 S V. Hi Adam, We don't have support for invoking a static class methods directly from CFML(other than createobject java). Also doing this requires a way to have package and import for those classes to avoid conflicts with user's variables. we can log an enhancement
2612744 CF-3434473 S P. To figure out which 'encodefor' function is to be used based on the context will introduce a huge overhead because of the parsing that would be involved, which 'cfoutput' is not expected to do. The enhancement is to provide a quick shorthand to encode all the expressions
2608635 CF-4041625 S P. Hi Mary, Thank you so much, providing a sample animated gif to test with would be really helpful so that we would also be testing on the image that you would be using. Thanks & Regards, Preethi
2608712 CF-4019518 S V. Added the new attribute called filename which sets the file name of the attachment as given in the filename attribute. Here is a the example with the filename attribute: Pavan Kumar Sannisetty Thanks, Pavan.
2609409 CF-3849572 S P. Since we have not got a response, we will be closing the bug for now. If you still face the issue or have any concerns, the bug would be reopened. Thanks!
2610365 CF-3705370 S V. The error occurred because cfexchangecontact tag is already closed using /> in the first statement change it to >. It works. But still there is a problem. If the maxRows value specified in the filter is greater than 100 still it returns 100 records only.
4586952 CF-4203096 S V. The canonicalize function checks for multiple and mixed encodings (html, url and javascript) given any string. ≠ is a valid html entity there by it replaced it with the equivalent html character. The function treats the given url as string it there by canonicalizes
. The google maps server should accept such host header. Host = "Host" ":" host [ ":" port ] ; Section 3.2.2 A "host" without any trailing port information implies the default port for the service
2608114 CF-4189738 S P. Hi Jay, That would be really helpful, because I tried to repro this with some simple code making the ajax request which in turn call the 'cfajax.js' file. But I did not hit this issue. So, if you could share a simpler version of your code, it would be helpful. Thanks!
2608933 CF-3959342 S P. Hi Dave, This behavior is seen due to dependency on Java JDK, and is not an issue caused due to ColdFusion. Also as Aaron has pointed out, using the function precisionEvaluate() is a workaround for this. Hence this is an expected behavior. Please do mention if you have any
2608291 CF-4136028 S V. Escaping control characters (0x00-0x1F & 0x7F) with its unicode sequences (\u00nn) except few special characters in this character space which are already getting escaped. \b Backspace (ascii code 08) \f Form feed (ascii code 0C) \n New line (0A) \r Carriage return (0D
) Are you facing this issue in a specific browser or on all browsers. 2) When accessing CF admin console whether sha1.js file got loaded 3) Whether your browser is configured/able to execute the javascript Thanks
2612744 CF-3434473 S V. Added a new attribute called encodefor to the output tag. Valid values are html, htmlattribute, url, javascript, css, xml, xmlattribute, xpath, ldap and dn. Based on the value respective encodefor function will be invoked for each expression inside the cfoutput tag body
Comment on Issue when assigning values to a CFINPUT . by S V.
2682246 CFB-4138072 S P. Have logged a separate bug for sorting as ER with bug id #4139323.
Comment on encrypt() key passed as a string vs. as a variable renders a different result by S V.
3276884 CF-4199012 S P. Hi Scherg, Would like to clear a few queries around this issue: 1.Does this issue happen even with a simple cf application/page where we set the cookie? Or is it in a combination of cf & non-cf pages only? 2.Do you get any exceptions in coldfusion exception logs
2609110 CF-3928707 S P. Hi Jake, I have tried to repro this issue on a couple of linux machines including a fresh machine and was unable to repro this issue. Can you confirm if you are still hitting this issue. Also is there any other scenario where you are hitting the same exception
Comment on encrypt() key passed as a string vs. as a variable renders a different result by S P.
2608153 CF-4180330 S P. Hi Paul, I used the base64 string provided by you to render the image, both as a hardcoded string and as a coldfusion variable. The image is properly rendered in both the cases. I have also tried the same on a simpler base64 string in which case too it threw no exception
2608535 CF-4070214 S V. I have ran sample test with sha-256 writeoutput(hash('pavankumar','sha-256')); The result is A92A8D0A9CDD4AF917C4BCEA0E3BE0BC62C2554E789DE9C533F70957F0FCFFDA And the converter you have also given the same result. Thanks
Comment on Issue when assigning values to a CFINPUT . by S P.
2609110 CF-3928707 S V. If this is same as #CF-3926238? error message would be "User not authorized to invoke this method". But here we getting a different error.
2609512 CF-3839458 S V. Hi Aaron, We have logged a separate bug #CF-4131007 for the CF Administrator session timeout issue . Thanks, Pavan.
2609673 CF-3810459 S P. @daamsie :Thank you for the prompt reply. The support team will get back to you to resolve this issue over a connect session.
2596852 CF-3561029 S P. Base64 encoding is being used to send a binary file( gpeg, png images) to browser wherein the “u+” is a valid two chars sequence which is not a Unicode. With this fix 'u+' was always being converted to '\u' due to which a lot of customers had reported concerns about image
2597031 CF-3183072 S V. Added a fix to xmlParse function to identify the encoding from the given xml files.
3185843 CF-4198855 S P. Hi Chris, The fix that was part of this bug was specific for a MS SQL DB. We have logged another bug which will be fixing the issues for other DBs as well. Please track the issue as a part of the following ticket: #CF-4201015. Thanks!
2673317 CF-4126912 S P. Hi David, We had a pre-release bug raised related to a particular built-in function. And we are handling the scenarios related to built-in functions as part of that bug. Will be adding these functions too, to that list and hence will be closing this ticket. Thanks, Preethi
2609282 CF-3862308 S V. cfdirectory is used for creating/deleting bucket and should not be used for creating directories inside a bucket. check the documentation But creating a file like this creates
2609388 CF-3851459 S P. Hi Aaron Thank you for such a detailed repro case. I have tried to repro this issue with the testcase that you have provided. I am still seeing a behaviour in contrast to yours. The exceptions are being logged in 3 log files -- application.log / exception.log / coldfusion
3952668 CF-4201058 S P. Hi Mikeal, In order to confirm if this is just exception issue, could try the following: Can you tell me the behavior when: specify a smaller value (say 10,50) specify a larger value 3.No timeout value Thanks!
2673205 CF-4146098 S V. Hi Aaron, For moving mails from 2 folders for example from inbox to temp folder both these folders need to be accessed in read write mode. IMAP protocol uses select command to access the IMAP folder and at a time only one folder can be selected for connection. From RFC
2610939 CF-3662524 S V. Here's the documentation of coldfusion 10 locking --Copied from the documentation Note: You cannot upgrade or downgrade a lock from one type to another. In other words, do
3521767 CF-4199795 S P. Hi Chris, Please share a code snippet where you are hitting the issue, so that we will be able to narrow it down and debug the issue. Thanks!
2608173 CF-4172645 S P. The fix made will now throw the exception pointing out the valid characters to use, if connection name includes a hyphen. The fix will be available in the upcoming updates. Thanks!
2608434 CF-4095231 S P. Hey Chris, I had send a zipped folder of the patch over mail, looks like it is not delivered. Will share it again, please check. Thanks!
2608598 CF-4051769 S P. Since we have not got a response, we will be closing the bug for now. If you still face the issue or have any concerns, the bug would be reopened. Thanks!
2608766 CF-4010041 S P. Can you specify on which update level you are on CF 10 and which exact version of MAC 10 you are on? Also could you also mention if it was a fresh VM that you faced this issue on.
2610333 CF-3710215 S V. This bug has been fixed. Allowing concurrent logins using cflogin is a security feature/enhancement added in coldfusion 11.
4203285 CF-4201982 S P. Hi Aaron, It indeed is a duplicate of the bug #4175138. We are tracking that bug, will update you on the progress around the same. Thanks!
2609918 CF-3744211 S V. Verified the issue coldfusion supports only redirects for get and head methods. According to W3 spec If the 302 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed
2608370 CF-4110208 S P. Hi Matthew, Can you specify if you are facing this issue on a specific platform or it is generic. Also do mention which java version you are using. Please do try out one of the following workarounds : 1)Since you are using "CBC" feedback mode in AES algorithm
3349916 CF-4199410 S P. Hi Michael, Since a similar ER has been previously logged, will be closing this issue and be tracking this scenario as well, as part of the other bug( Thank you so much for raising this ER!
2672729 CF-4175138 S P. Hey Aaron, Do let us know if there is any information that could help us repro this issue, so that we could try to incorporate a fix for the same in the upcoming updates itself. Thanks, Preethi
2673316 CF-4126922 S P. Hi David, There is an internal bug with a similar scenario that was logged, hence will be closing this bug and be extending the scenario to the ones raised here as well. Now, that bug has been made external. Thanks, Preethi
2673571 CF-4126394 S P. This has been fixed from the core engine working perspective. Hence will be closing this now. The same from the builder side needs to be fixed, which will be tracked in a separate bug which has been added in the related bugs.
2673678 CF-4118881 S P. For the file injection vulnerability to be flagged, the Security Analyzer expects the "file" attribute to be present based on whose value, it would flag it as a vulnerability or not. So, since in this case there is no "file" attribute it is not flagging and this would happen
2609050 CF-3941413 S P. Seems to work fine in ColdFusion 11 although it does seem to be an issue in 10. Not sure we will be fixing this for CF 10 unless we hear more users asking for the same. Let us know if you see a concern with this. Thanks!
2609159 CF-3918758 S V. Preethi, I have configured a simple probe on CF11 update 6 the probe is working fine. But one issue i have seen is with the url column in list of probes. The URL is not valid but probe is running fine. Even in the logs i can see it is triggering the probe getting
2609388 CF-3851459 S P. Hi Aaron I am in fact facing this issue with a fresh install of CF11/HF3, with "Site-wide Error Handler" as /CFIDE/administrator/templates/secure_profile_error.cfm in CF Admin. So I would like you to confirm one thing, as to, if you have enabled secure profile (Security
2609431 CF-3847740 S V. Hi Aaron, Yes attachments should be an array. Changing the attachments from tab delimited string to array is not backward compatible. So we can get around this issue by having a new column in the result table like attachmentlist which lists the attachments as array
2609512 CF-3839458 S P. Hi Aaron, This bug was marked for ToFix, after which it came back to me only a few days back to check if the issue was reproducible in another scenario as well. Since it is being reproducible changing the status back to ToFix. Thanks, Preethi
Tomcat With A SecurityManager" for the changes that are required to be done. Hope that this helps you, do let us know otherwise. Thanks!  
for 'expires' attribute falling back to default value instead of throwing an exception. Please raise an ER for the same since this would be a new behavior.   Thanks!
Comment on encrypt() key passed as a string vs. as a variable renders a different result by S V.
''%e3%81%be%e3%81%a9%e3%81%8b%e5%a4%89%e8%ba%ab%e5%be%8c; filename*1=.pdf charset is appended and non ascii characters are encoded. But as you said CF is not currently adhering to the rfc 2231 as below when asterisk is specified: Note that it is perfectly permissible to leave either the character
is not containing the port 80 (as it is a default port). So when amazon computes the signature it will be different from the actual one. While populating the host header we only look at the authority part of the given URL and strip out the default port (80 and 443 based on protocol) and stuff it in the host header
2610243 CF-3715101 S V. Equals sign is a special character in cookie value. In order to use equals value in the cookie the value should be either wrapped in double quotes or use url encoding method. If you want to use cfheader for creating the cookie encode the value part and decode it while using
2609123 CF-3926479 S V. Mobile DOM inspection is a development feature gets enabled only when the server is installed using development profile. When server is installed using production profile this issue will not occur. When server is installed using production profile the installer comments out
2609388 CF-3851459 S P. Hi Aaron, Actually, I am seeing a behavior opposite to what you are facing. With the CF11 GM build,Secure Profile's site-wide error handler logs uncaught errors for other functions and for those in Application.cfc's constructor area, except onApplicationEnd() & on
2610488 CF-3699565 S V. When an exchangetask is modified by setting the status to completed the status is still showing as In_progress checked the trace logs seems to be a bug with the EWS API will post a question in the forums.
Comment on Fix the isValid('integer') function or Provide a Version that actually does work by S V.
are getting this error in CF11. I have tried using a simple eml file as you have mentioned, also used thunderbird but no luck. Also, fix will be provided for ColdFusion 10 version.
user is manually deleting the cookies using CFCookie tag the cookie name becomes CFAUTHORIZATION_PEACEQDEV and results in a new cookie. Also in CF10 we cannot manually set expires to the cookies (CFID,CFToken and Auth cookie). Check the bug CF-3182493 which was fixed in CF11. There by the expires
2609053 CF-3941059 S P. This is an expected behavior for Unicode control characters, as there went in a fix wrt to the bug #CF-3561029 with CF10 update14 regarding the same. Hence the behavior has changed from returning "xU+a600x" to returning "x\u600x" . Also wrt to the issue with base64
2608718 CF-4018212 S P. The fix will be available in the next ColdFusion release, with a proper error message. Thanks!
2608545 CF-4068290 S P. Hi Dallas, Tried the scenario with the IIS website hosted at a UNC path, but it renders the appropriate results. It would be really helpful, If you could provide the details regarding the user which accesses it and the permissions. Also, could you specify how your IIS
4171128 CF-4201841 S P. We can only fetch the values of property if we have a getter method.The scenario listed here itself corresponds to breaking the OO paradigm i.e we should not be able to fetch the property value without a getter method.
2927125 CF-4198404 S P. Do you see this issue with HF3 as well? Could you also confirm, if it is a solaris specific issue. Thanks!
2675044 CF-4087973 S P. In the similar lines other in-built structs to be handled would be: 1)cflogin 2)cfhttp will add a few other structs to be dealt with.
2609272 CF-3863387 S P. This is a known issue that happens with update 1 as well, not specific to update 3. The issue will be looked into. Thank you for pointing it out.
Comment on Running an SSL ldap query with referral option generates a java error by S P.
2614063 CF-3133547 S V. If we consider scope names always as reserved, cfloop over a query might break if the database column name is having any of the reserved scope names. From long we have been searching scopes in some fixed order and not treating the reserved scopes as special, will change
2608781 CF-3999633 S P. Hi Pawel, I have tried to repro this issue according to the steps as specified below with a domain user. I have in fact have tested it with different sftp servers: FreeSSHD as well as Core SFTP Client. But I am unable to see the above mentioned Exception message. Though
Comment on list iteration & member functions all need to expect both a "delimiters" and a "includeEmptyValues" argument. by S P.
3498609 CF-4199667 S P. Hi Timothy, Please let us know a couple of things on this issue: 1.The build number of the HF3 update in the admin, where you do not see the issue. 2.The path to HF3,i.e, have you applied HF3 on HF2 or HF1 or GM. Thanks!
2608545 CF-4068290 S P. Hi Dallas, Can you confirm if you are hitting this issue on the latest CF11 updates? Also can you provide details as to, if you are using a virtual directory and if it has been mapped in the "Default ScriptSrc Directory" of the admin page or if it is empty. Thanks!
2608587 CF-4057613 S V. Added a new JVM Argument coldfusion.cookie.prefixdomainhash and setting this argument value to false will disable the hash prefix. As Mark said this hash prefix enables us to share CF session cookies across multi-server sites (multiple sub domains) we will get
2608127 CF-4185383 S P. Hi Wil, It would be really helpful if you could provide a few more details to narrow down the issue. Have you setup start/stop permissions for the created service account that you have configured to run with the ColdFusion services. By default Windows doesn't provide start
2608773 CF-4006927 S V. Adding customer note Hi, It seems that ColdFusion 11 loads "com.rsa.jsafe.provider.JsafeJCE" as the default security provider at startup. This causes some problems with other providers like IAIK ECCelerate. For example, when we try to parse a certificate request
) which does not support SYST command you should not use this work around. We will add a new attribute to the cfftp tag to specify the desired OS type which helps in parsing the listdir listing response. Thanks, Pavan.
Comment on Bug 83362:(Watson Migration Closure)Could we have a function similar to ApplicationStop() for the current session request called SessionStop() by S V.
2600185 CF-3039298 S V. to know whether sessionmanagement is enabled or not we can use getApplicationMetadata which returns a structure of application settings. returned struct contains a key named sessionmanagement which contains YES/NO based on application.cfc/cfm setting.
2599587 CF-3039934 S V. while writing the image getting an error javax.imageio.IIOException: Invalid argument to native writeImage. This happens because we are bitten by a java bug. Before java 6 we used to have this bug status unknown
2608193 CF-4166939 S V. 1) Problem: When Only a single body part along with an inline attachment & file attachment are present in the email we are using the structure such as multipart/related text/html inline attachment file attachment Few mail clients won't read
Comment on First time after editing system probe, it displays "there was a problem running the probe" when the probe is run. After that it displays the appropriate message. by S P.
Comment on Bug 83800:(Watson Migration Closure)A really minor bug but thought I'd report that links from the Welcome page in the CFIDE/administrator go to 404 pages for:Security Zone- Learn how to keep your server secure »- Sign up to receive secu by S P.