search : peter freitag

select a category, or use search below
(searches all categories and all time range)

displaying top 100 results

Comment on Regression when calling OrmSession.contains() by Peter Freitag
Comment on Passwords are written to lockdown_logs.txt by Peter Freitag
Comment on Oracle’s Java policy change by Peter Freitag
Comment on DollarFormat NumberFormat Rounding Bug by Peter Freitag
Comment on DollarFormat NumberFormat Rounding Bug by Peter Freitag
Comment on DollarFormat NumberFormat Rounding Bug by Peter Freitag
Comment on Oracle’s Java policy change by Peter Freitag
Comment on Add SameSite Cookie Support to ColdFusion by Peter Freitag
Comment on Lockdown Installer Failed to Restart Apache on RHEL 7.5 on SELinux by Peter Freitag
Comment on Lockdown Installer Rolls back if Apache is Stopped by Peter Freitag
Comment on The encodeFor value is not passed to nested cfoutput tags by Peter Freitag
Comment on Monitoring Server Listens to Port 5500 even when disabled from Admin by Peter Freitag
Comment on Lockdown Installer does not use inheritance for file permissions by Peter Freitag
Comment on Unable to parse API Manager config file. wsconfig on Linux by Peter Freitag
Comment on Lockdown Installer Failed to Restart Apache on RHEL 7.5 on SELinux by Peter Freitag
Comment on Monitoring Server Listens to Port 5500 even when disabled from Admin by Peter Freitag
Comment on sort higher order functions should return the sorted object, not simply "YES" by Peter Freitag
Comment on Authenticated users bypass NTFS ACL permission authorization getting access to restricted CF content without error by Peter Freitag
Comment on Authenticated users bypass NTFS ACL permission authorization getting access to restricted CF content without error by Peter Freitag
2673551 CF-4126418 CFwatson User [X] Added By: PreRelease User User Name:Peter Freitag Note Added: Also want to add that I installed the API manager after CF, using the installer bin that was in the cf root directory. Date Added :2016-02-01 19:21:14.0 Added By: PreRelease User User Name:Peter
2673387 CF-4126660 CFwatson User [X] Added By: PreRelease User User Name:Peter Freitag Note Added: Entered Bug. Date Added :2015-07-27 19:14:23.0
2673517 CF-4126456 CFwatson User [X] Added By: PreRelease User User Name:Peter Freitag Note Added: Entered Bug. Date Added :2016-01-14 16:38:56.0
2673520 CF-4126454 CFwatson User [X] Added By: PreRelease User User Name:Peter Freitag Note Added: Entered Bug. Date Added :2016-01-14 18:16:18.0
2673521 CF-4126453 CFwatson User [X] Added By: PreRelease User User Name:Peter Freitag Note Added: Entered Bug. Date Added :2016-01-14 21:35:01.0
2673526 CF-4126448 CFwatson User [X] Added By: PreRelease User User Name:Peter Freitag Note Added: Entered Bug. Date Added :2016-01-20 22:04:57.0
2673529 CF-4126445 CFwatson User [X] Added By: PreRelease User User Name:Peter Freitag Note Added: Entered Bug. Date Added :2016-01-21 21:30:07.0
2673546 CF-4126424 CFwatson User [X] Added By: PreRelease User User Name:Peter Freitag Note Added: Entered Bug. Date Added :2016-01-29 19:09:30.0
2673570 CF-4126395 CFwatson User [X] Added By: PreRelease User User Name:Peter Freitag Note Added: Entered Bug. Date Added :2016-02-08 16:53:57.0
2673571 CF-4126394 CFwatson User [X] Added By: PreRelease User User Name:Peter Freitag Note Added: Entered Bug. Date Added :2016-02-08 20:57:12.0
2682300 CFB-4130058 CFwatson User [X] Added By: PreRelease User User Name:Peter Freitag Note Added: Entered Bug. Date Added :2016-02-09 16:38:14.0
2682301 CFB-4130057 CFwatson User [X] Added By: PreRelease User User Name:Peter Freitag Note Added: Entered Feature. Date Added :2016-02-09 16:45:40.0
2673596 CF-4124703 Documentation : General Peter Freitag ArrayNew is missing the unsynchronized argument added in CF2016 Problem Description: ArrayNew doc: https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-functions/functions-a-b/arraynew.html is missing the unsynchronized argument
2673597 CF-4124702 Functions Peter Freitag Add setting to Application.cfc to create arrays as unsynchronized by default Add an Application.cfc setting to enable creating arrays as unsynchronized by default. This will allow you to put this enhancement in place on a codebase that has to work on more
2682301 CFB-4130057 Security Code Analyzer Peter Freitag Add Detailed JSON file to report export When you export a report it generates a nice HTML report but it would be very useful if it also dumped a JSON file in there (with all the details of the vulnerabilities found, file paths, etc) so you
2673387 CF-4126660 Security Analyzer Peter Freitag Security Analyzer Does not warn about CFMX_COMPAT algorithms Problem Description: It should warn that CFMX_COMPAT is not a secure encryption algorithm when algorithm is left out, or CFMX_COMPAT is specified. Steps to Reproduce: Run security
2673389 CF-4126656 Security Analyzer Peter Freitag SQLi allowed inside any cfif Duplicate ID: CF-4026201 Problem Description: If you wrap a variable with a it will not flag SQLi Steps to Reproduce: SELECT * FROM table ORDER BY #url.sort# Actual Result: Nothing
2673517 CF-4126456 Installation/Config : Installer Peter Freitag Uninstall does not remove cf_scripts folder from wwwroot Problem Description: When you run the uninstaller it forgets to remove the cf_scripts folder from the wwwroot, it removes the CFIDE however. Steps to Reproduce: Install
2673518 CF-4126455 Installation/Config : Installer Peter Freitag Enable/Disable Servlets Installer UI is confusing Problem Description: It is not readily clear if checking a box will enable or disable a servlet. Steps to Reproduce: Run installer and go to screen that says Enabling
2673520 CF-4126454 Security : Secure profile Peter Freitag Allowed file extensions for CFInclude tag should be in Secure Profile Problem Description: The setting Allowed file extensions for CFInclude tag is not part of the secure profile -- so the default "*" is used. It should be set to cfm when
2673521 CF-4126453 Installation/Config : Installer Peter Freitag Jetty folder includes unused JRE 162mb Problem Description: Jetty folder has a jre folder which is the same as the {cf.root}/jre folder, and Jetty is configured to use the {cf.root}/jre folder not the subfolder. Steps to Reproduce
2673524 CF-4126450 Installation/Config Peter Freitag CFSecurityAnalyzerServlet is loaded in web.xml when SecureProfile is enabled Problem Description: The servlet definition for CFSecurityAnalyzerServlet is still loaded when secure profile is enabled (probably production profile as well
2673526 CF-4126448 AJAX : UI Components Peter Freitag FCKeditor version is out of date Problem Description: The version of FCKeditor included with Raijin is 2.6.4.1, the current version of FCKeditor is 2.6.10 which includes several security updates. FCKeditor should be updated to 2
2673529 CF-4126445 AJAX Peter Freitag Duplicate cfajax.js in /cf_scripts Problem Description: There is a file /cf_scripts/cfajax.js that appears to be there by mistake. When you use cfajaxproxy it will make a request for the file /cf_scripts/ajax/cfajax.js It doesn't make sense for the file
2673547 CF-4126423 Installation/Config Peter Freitag Linux Installer does not allow you to specify builtin server port Problem Description: The windows installer allows you to specify a port number for the builtin web server, but the linux installer does not. Steps to Reproduce: Run installer
2673551 CF-4126418 API Manager Peter Freitag No Linux Startup script for API Manager Problem Description: When you install the API Manager it does not install a startup script so it will not start upon reboot. Steps to Reproduce: Run installer. Actual Result: No startup script Expected Result
2673570 CF-4126395 Security Analyzer Peter Freitag Terminology: XSS Attack Problem Description: When security analyzer find an XSS vulnerability it puts them in a category called "XSS Attack" - the word attack is not really appropriate here, since "attack" is a verb. A better way to say it would
2673648 CF-4119952 Documentation Peter Freitag Docs for booleanFormat are incorrect The adobe docs for `booleanFormat()` are incorrect, they say ?*Returns True, for a non-zero value; false for zero, false, and non-Boolean values, and an empty string ("").*? however `booleanFormat("bacon")` throws
2597221 CF-3085245 General Server Peter Freitag Bug 87176:-(Watson Migration Closure)Add onRequestStart method to Server Problem: Add onRequestStart method to Server.cfc to allow a global onRequestStart handler to process for sites with lots of applications Method: Result: Enhancement request
2599324 CF-3040329 AJAX : Plumbing Peter Freitag Bug 80423:(Watson Migration Closure)SerializeJSON function should have an argument to toggle the securejson prefix in cases where it is not needed Problem: SerializeJSON function should have an argument to toggle the securejson prefix in cases where
3122939 CF-4198749 Application Framework : ApplicationCFC Peter Freitag Add onAfterRequestEnd to Application.cfc It would be useful to do some processing onAfterRequestEnd, that is after the response has been sent to the client. This would allow you to perform things like logging, running tasks
3122922 CF-4198748 File Management Peter Freitag Add getCanonicalPath function It would be useful to have a builtin getCanonicalPath function which would essentially just call the java.io.File getCanonicalPath function. The canonical path is useful for performing security checks on file paths.
2673524 CF-4126450 CFwatson User [X] Added By: PreRelease User User Name:Peter Freitag Note Added: Entered Bug. Date Added :2016-01-19 21:50:37.0
2673547 CF-4126423 CFwatson User [X] Added By: PreRelease User User Name:Peter Freitag Note Added: Entered Bug. Date Added :2016-01-29 19:30:01.0
2673556 CF-4126413 CFwatson User [X] Added By: PreRelease User User Name:Peter Freitag Note Added: Entered Bug. Date Added :2016-02-05 17:21:05.0
2610001 CF-3738195 Administrator Peter Freitag CFAdmin Server Update Gray Spacing Issue Duplicate ID: CF-3737169 Problem Description: The Server Update > Updates page has some spacing issues with the border. This didn't appear in IE, but shows up in the latest versions of Chrome and Firefox. See
2610183 CF-3722462 Mobile Support Peter Freitag The cfclient_main.js file hard codes /CFIDE/scripts paths Problem Description: /CFIDE/cfclient/cfclient_main.js hard codes CFIDE/scripts/ URI's which can be changed dynamically using the setting in ColdFusion Administrator "default script src
2673386 CF-4126661 CFwatson User [X] Added By:preethi Note Added: Hi Peter, The above scenario has already been logged as a bug. Hence closing the bug. Thanks! Date Added :2015-07-30 06:15:19.0 Added By: PreRelease User User Name:Peter Freitag Note Added: Entered Bug. Date Added :2015-07-27 18:54:02.0
2673388 CF-4126659 CFwatson User [X] Added By:preethi Note Added: Hi Peter, The above scenario has already been logged as a bug. Hence closing the bug. Thanks! Date Added :2015-07-30 10:51:23.0 Added By: PreRelease User User Name:Peter Freitag Note Added: Entered Bug. Date Added :2015-07-27 19:18:37.0
2673389 CF-4126656 CFwatson User [X] Added By:preethi Note Added: Hi Peter, The above scenario has already been logged as a bug. Hence closing the bug. Thanks! Date Added :2015-07-30 06:13:10.0 Added By: PreRelease User User Name:Peter Freitag Note Added: Entered Bug. Date Added :2015-07-27 20:24:48.0
2673386 CF-4126661 Security Analyzer Peter Freitag OWASP Encoder Functions not XSS Safe in all contexts, eg encodeForHTML in JS Duplicate ID: CF-4026100 Problem Description: The encodeForHTML function is designed to be used in the body of a HTML tag only, not in a HTML attribute, not in CSS
2673388 CF-4126659 Security Analyzer Peter Freitag Security Analyzer XSS Warning on XmlFormat HTMLEditFormat Duplicate ID: CF-4026103 Problem Description: If I set url.id = Int(url.id) and then output XmlFormat(url.id) HTMLEditFormat(url.id) and simply #url.id# -- no warning is triggered for #url
2673523 CF-4126451 REST Services Peter Freitag New /api/ Mapping for Rest Services causes existing /api/ folder to fail Problem Description: Raijin adds a new default servlet mapping /api/* for REST services. If my application already has a /api/ folder in its root it will break. Steps
2673546 CF-4126424 Installation/Config Peter Freitag Linux Installer points to cf11 lockdown guide Problem Description: In the linux installer on the "Select ColdFusion Server Profile" screen it says: "When the installation completes, please lock down your Server as per the guidelines provided
2673550 CF-4126420 AJAX Peter Freitag The s.gif fails to load when using non default scriptsrc Problem Description: When you have a cfwindow tag it will always attempt to load: /cf_scripts/scripts/ajax/resources/ext/images/default/s.gif even if you change the Default Script Src in the Cold
2673556 CF-4126413 Security Analyzer Peter Freitag Security Analyzer False Positive on #DateFormat(now())# and certain other built-in functions. Problem Description: Treats #DateFormat(now())# as SQL injection in a query, though it is safe. Steps to Reproduce: Create a file with the following
2673571 CF-4126394 Security Analyzer Peter Freitag Security Analyzer says encoded files have syntax errors Related Bugs: 4131907 - Similar to ColdFusion Builder 4131907 - Similar to ColdFusion Builder Problem Description: If there are files encoded with cfencode it says they were not scanned due
2614707 CF-3086162 Document Management : Office Integration Peter Freitag Bug 87161:-(Watson Migration Closure)Can't use ram disk to read cfspreadsheet Problem: Can't use ram disk to read cfspreadsheet Method: Copy a file into ram disk, then try to read it using cfspreadsheet tag. Result: Says
2598010 CF-3041850 Language : Tags Peter Freitag Bug 83739:Any tag that writes a header, for example cfheader, cfcontent, cfmail, cfmailpart, cfmailparam should not allow CRLF characters because that allows the creation of an additional header Problem: Any tag that writes a header, for example
2682300 CFB-4130058 Security Code Analyzer Peter Freitag Security Analyzer Reports hardcode image paths Problem Description: The report only looks corrent when viewed on the machine that generated it, or on computers that have installed builder at the same path. You will find the image paths hard
2682303 CFB-4130055 Security Code Analyzer Peter Freitag Security Analyzer Times out after 30 seconds, unable to scan large dir Problem Description: I tried running a scan on an application with 900 files. The security analyzer times out after 30 seconds saying "Error message from the server. Read
Added :2016-01-21 03:12:43.0 Added By: PreRelease User User Name:Peter Freitag Note Added: What information do you need? Date Added :2016-01-20 21:59:59.0 Added By: PreRelease User User Name:Peter Freitag Note Added: Entered Bug. Date Added :2016-01-19 21:41:30.0
for "secure profile". Date Added :2016-01-13 02:57:46.0 Added By: PreRelease User User Name:Peter Freitag Note Added: Entered Bug. Date Added :2016-01-08 19:48:11.0
2673501 CF-4126479 CFwatson User [X] Added By: PreRelease User User Name:Peter Freitag Note Added: Good call on always using in-memory storage for CF administrator - is there an Application.cfc setting to control this? Date Added :2016-01-14 16:41:09.0 Added By:sanniset Note Added: Now verifying
2673550 CF-4126420 CFwatson User [X] Added By: PreRelease User User Name:Peter Freitag Note Added: Tested this on a Mac using the Feb7 build and it seams to be working now. I don't think I will have a chance to retest on Linux right now, but I would assume it was not a platform specific issue. Date
Peter Freitag ColdFusion 2016 Security Enhancements: EncodeFor ColdFusion 2016 added a handy enhancement to make writing secure CFML code easier for developers. This enhancement helps developers protect large chunks of code from a security vulnerability known as Cross Site Scripting or XSS. What
2608351 CF-4116201 File Management Peter Freitag Add isFile and isDirectory functions Currently if you want to determine if a path is pointing to a file or a directory you need to use the getFileInfo function and look at the type key of the struct returned. The getFileInfo function throws
2597552 CF-3043568 Language : General Peter Freitag Bug 86654:HMAC’s or Hash-based Message Authentication Code’s are becoming a fairly standard requirement when working with various API’s Problem: HMAC’s or Hash-based Message Authentication Code’s are becoming a fairly standard requirement when
2597642 CF-3043067 Security : SSL Peter Freitag Bug 85814:-(Watson Migration Closure)Need better error message than peer not authenticated when there is a SSL problem with CFHTTP Problem: Need better error message than peer not authenticated when there is a SSL problem with CFHTTP. Method
2682291 CFB-4130071 Security Code Analyzer Peter Freitag Security Analyzer Fails Silently when not using builtin server Problem Description: When you have a server setup with secure profile and try to use the security analyzer with it, the security analyzer fails silently. The request to the CF
2609987 CF-3739003 Administrator Peter Freitag Unable to Decrease Memory Limit per Application for In-Memory Virtual File System Problem Description: If you decrease both the Memory Limit for In-Memory Virtual File System AND the Memory Limit per Application for In-Memory Virtual File System
2610033 CF-3737264 Installation/Config Peter Freitag SecureProfile should not install Example Datasources, Gateways, or Solr Collections Problem Description: When selecting secure profile, the installer still adds example/demo datasources, event gateway instances and solr collections. These things
2610212 CF-3719102 Installation/Config Peter Freitag Error in init script when created using cf-init.sh Problem Description: I had to run cf-init.sh to create the startup script in /etc/init.d/ since the installer didn't do this for me (filed bug for this #3719096). The init script that it creates
2610213 CF-3719096 Installation/Config Peter Freitag Linux Installer does not Start ColdFusion on system init when selected Problem Description: Ran installer, and selected "Start ColdFusion on system init" but no start script was added to /etc/init.d/ Steps to Reproduce: Run installer
2612241 CF-3535998 Installation/Config Peter Freitag ColdFusion AMI's default to 512MB max heap Problem Description: The ColdFusion AMI's default to 512 max heap size, this should be increased to a higher value especially on large, x-large instances which have at least 7.5GB of Ram. Steps
2613387 CF-3326488 Security Peter Freitag Unable to specify Cookie Timeout of -1 in Administrator Problem Description: In Application.cfc you can specify this.sessioncookie.timeout=-1 however you can't specify a timeout of -1 server wide in the ColdFusion administrator. Steps to Reproduce: Go
2613388 CF-3325996 Web Container (Tomcat) Peter Freitag Status command fails in Linux Startup Script when Default Shell Empty Duplicate ID: CF-3339175 Problem Description: If you have setup your ColdFusion user on linux with a default shell of something like /sbin/nologin when you try to run /etc
4019926 CF-4201329 Tags Peter Freitag The encodeFor value is not passed to nested cfoutput tags Problem Description: If you have a cfoutput tag with encodeFor specified it does not apply the encoding to nested cfoutput tags. The entire point of encodeFor is to make it easy for developers to fix XSS
is needed. Date Added :2016-01-15 14:23:26.0 Added By: PreRelease User User Name:Peter Freitag Note Added: Entered Bug. Date Added :2016-01-14 17:56:17.0
just run. Date Added :2016-03-17 06:19:13.0 Added By: PreRelease User User Name:Peter Freitag Note Added: Yes that setting was the trick - I increased the timeout to 300 seconds and the scan completed on the large file set. Rather than just closing the bug, I would urge you to consider as David
2609762 CF-3781603 Installation/Config : Scripts Peter Freitag Ubuntu Not supported in cf-init.run.sh Problem Description: Installing CF11 on Ubuntu it does not start CF automatically (does not setup a script in /etc/init.d/) even though I checked the option to start on system init during
2610031 CF-3737272 AJAX Peter Freitag Hard Coded References to /CFIDE/scripts Problem Description: There are several hard coded references to /CFIDE/scripts/ -- the /CFIDE/scripts path can be changed in the ColdFusion administrator causing the features that rely on a hard coded value to fail
2612402 CF-3515644 Net Protocols : HTTP Peter Freitag CFHTTP with compression="none" fails to decode deflated http response Problem Description: When specifying compression="none" in the tag or if specifying the headers: (Which appears to be equivalent to what compression="none" does apparently
2612466 CF-3506758 Database Peter Freitag MySQL 5.6 Unable to Execute Queries Problem Description: The MySQL JDBC Driver that ships with ColdFusion makes calls with SET OPTION, which has been deprecated in favor of SET (without OPTION) for some time. MySQL 5.6 removes support for SET OPTION