search : security

select a category, or use search below
(searches all categories and all time range)

displaying top 100 results

CFINDEX and Sandbox security
Can't resize/adjust security repor
cfhtmltopdf with sandbox security throwing "coldfusion.document.webkit.PDFgRequestUtil"
Spring integration, spring security and jsp tags
Tomcat install of cfusion.war with security manager turned on
deserializeJSON() invokes java.lang.System.getProperty() which is slow with sandbox security enabled
Continuous security for your CFML code with Fixinator
Bug 77407:JRUN JAR Launcher security alert shows Publisher: Macromedia Inc
cfquery's coldfusion.tagext.sql.QueryTag.maskDateTimeColumns() is slow with sandbox security enabled
cfquery sandbox security issue after CF2016 update 4
Bug 83539:(Watson Migration Closure)Use of Locales with security sandboxing enabled throws sandbox security error, requires explicitly declared sandbox path access to C:\Inetpub\wwwroot\CFIDE\scripts\ folder
Comment on deserializeJSON() invokes java.lang.System.getProperty() which is slow with sandbox security enabled by External U.
Comment on Tomcat install of cfusion.war with security manager turned on by S P.
Comment on Spring integration, spring security and jsp tags by HariKrishna K.
Disable Mutliple Request : Triggering security analyzer scan more than once should not be allowed .
Comment on cfquery sandbox security issue after CF2016 update 4 by Chris D.
(Update 2) security analyzer does not detect xss and csrf (Japanese Ver.)
Comment on Tomcat install of cfusion.war with security manager turned on by john t.
Comment on cfquery sandbox security issue after CF2016 update 4 by S P.
Comment on deserializeJSON() invokes java.lang.System.getProperty() which is slow with sandbox security enabled by External U.
Comment on Tomcat install of cfusion.war with security manager turned on by john t.
HTML security header "X-Content-Type-Options: nosniff" breaks various '.gif' icons in CF admin w/ IE11
Comment on cfquery's coldfusion.tagext.sql.QueryTag.maskDateTimeColumns() is slow with sandbox security enabled by Nimit S.
Comment on deserializeJSON() invokes java.lang.System.getProperty() which is slow with sandbox security enabled by Nimit S.
Comment on Spring integration, spring security and jsp tags by HariKrishna K.
Comment on Tomcat install of cfusion.war with security manager turned on by john t.
Comment on cfquery sandbox security issue after CF2016 update 4 by Chris D.
Comment on cfquery sandbox security issue after CF2016 update 4 by S P.
Comment on Tomcat install of cfusion.war with security manager turned on by john t.
Comment on (Update 2) security analyzer does not detect xss and csrf (Japanese Ver.) by Arpit G.
Comment on (Update 2) security analyzer does not detect xss and csrf (Japanese Ver.) by Arpit G.
Bug 83540:(Watson Migration Closure)Changing file/path settings on a CF9 security sandbox blows up CF, requiring a service restart
Comment on HTML security header "X-Content-Type-Options: nosniff" breaks various '.gif' icons in CF admin w/ IE11 by S P.
Comment on HTML security header "X-Content-Type-Options: nosniff" breaks various '.gif' icons in CF admin w/ IE11 by Chris D.
ColdFusion 11 - Editing an existing Sandbox box security location does not update the path in the list under Security> Sandbox Security
Comment on ColdFusion 11 - Editing an existing Sandbox box security location does not update the path in the list under Security> Sandbox Security by S V.
Comment on Disable Mutliple Request : Triggering security analyzer scan more than once should not be allowed . by Mukesh K.
Bug 78754:[JFERNANDES] Server admin AIR app should have a feed to list all available hotfixes (by version) and security bulletins updates as well
Comment on Bug 78754:[JFERNANDES] Server admin AIR app should have a feed to list all available hotfixes (by version) and security bulletins updates as well by External U.
Comment on Bug 78754:[JFERNANDES] Server admin AIR app should have a feed to list all available hotfixes (by version) and security bulletins updates as well by External U.
Comment on Bug 78754:[JFERNANDES] Server admin AIR app should have a feed to list all available hotfixes (by version) and security bulletins updates as well by External U.
Bug 78773:If security setting in IE7/8 are set to not allow ActiveX, user gets a prompt when using CF Ajax components
Comment on Disable Mutliple Request : Triggering security analyzer scan more than once should not be allowed . by Milan C.
Comment on Security Analyzer - Secure with Credentials by External U.
Bug 85964:Having the ability to send encrypted email from ColdFusion programatically would be a hugely helpful enterprise feature and would help DoD and other government customers get the security features they
Comment on Bug 85964:Having the ability to send encrypted email from ColdFusion programatically would be a hugely helpful enterprise feature and would help DoD and other government customers get the security features they by Adobe D.
Comment on Bug 85964:Having the ability to send encrypted email from ColdFusion programatically would be a hugely helpful enterprise feature and would help DoD and other government customers get the security features they by Adobe D.
Comment on Bug 85964:Having the ability to send encrypted email from ColdFusion programatically would be a hugely helpful enterprise feature and would help DoD and other government customers get the security features they by Kunal S.
Comment on Security Analyzer - addtoken and Secure Profile by External U.
[ANeff] Bug for: Secure Profile Settings Summaries are missing info
Connection String for ColdFusion (using Oracle advanced Security)
Cancel Security Analyzer Request option must exist
Comment on [ANeff] Bug for: secure_profile_error.cfm inconsistent handling of errors by S P.
2596923 CF-3369472 External U. This bug impacts security. It inhibits Confidentiality, Integrity and Accountability when it comes to that security. It also could inhibit secure communications where content is encrypted based on one email address, but then sent out by another.
More info on the CF Security Update included in the March 1 CF updates for CF11, 2016, and 2018
Comment on [ANeff] ER for: Secure Profile should enable CF's most secure session management option by Aaron N.
Modernization of Adobe ColdFusion Helped Improving Security, Deployment and Other Important Aspects
Security Analyzer and dbtype="query" within cfquery
2608741 CF-4013824 External U. security point of view this would be great to secure admin-console
[ANeff] Bug for: 30 issues with Secure Profile page
Security Analyzer , If the operation is cancelled it should display the partial results
[Security Analyzer] Throws Server error if folder names has a comma within the name
4157451 CF-4201788 Administrator [ANeff] ER for: CF Admin password strength meter This ER is to add a password strength meter to anywhere where CF passwords are defined. Examples: - CF Admin > Security > Administrator - CF Admin > Security > RDS - CF Admin > Security > User Manager Use case: So
Comment on Secure WebSocket Internal with Multiple Sites by External U.
Comment on [ANeff] Bug for: 30 issues with Secure Profile page by External U.
Allowed file extensions for CFInclude tag should be in Secure Profile
Secure Profile should be opt-out
When "Unscanned Files" pane is empty, an unhanded exception is thrown if "Clear Security Markers" is run. This results in Security Analyzer pane not being cleared.
Security Analyzer - Unnamed Application and
Sandbox Security: cfpresentationslide doesn't work with URL src
Tracker Issue Error in AdminAPI
2609462 CF-3845479 Administrator : Admin API Adam Cameron Error in AdminAPI Repro (https://github.com/daccfml/scratch/blob/master/blogExamples/coldfusion/bugs/adminapi/securityObjectBug.cfm): {code} administrator = new CFIDE.adminapi.administrator(); administrator.login("12345678", "apiuser"); try
(Update 2) charts are not displayed in Security Analyzer Report (Japanese Ver.)
java.io.FileNotFoundException thrown on opening files when using the Security Code Analyzer
2609632 CF-3818547 Rakshith N. While we appreciate the request for decrypting the administrator cfm files from a security review perspective, the recommendation from the security group at Adobe is to not ship decrypted administrator cfm files. The reason for this that we (Adobe) would like
2612549 CF-3499540 External U. I'm also getting this error in one application on IIS7/Windows Server 2008 R2 SP 1. Another application running on the server is not reporting this error. java.lang.ArrayIndexOutOfBoundsException: 3 at coldfusion.security.SecurityManager.parseAuthInfo(Security
Security Analyzer - addtoken and Secure Profile
[ANeff] Bug for: Secure Profile doesn't include default error template paths in "Snapshot when secure profile enabled"
----------------------------- Watson Bug ID: 4006927 External Customer Info: External Company: External Customer Name: Toan External Customer Email: External Test Config: Hi, It seems that ColdFusion 11 loads "com.rsa.jsafe.provider.JsafeJCE" as the default security provider at startup. This causes some problems with other
2608773 CF-4006927 S V. Adding customer note Hi, It seems that ColdFusion 11 loads "com.rsa.jsafe.provider.JsafeJCE" as the default security provider at startup. This causes some problems with other providers like IAIK ECCelerate. For example, when we try to parse a certificate request
[LOC]: In Admin > Security > Security Configuration: "The value must be greater than 0" is in English at multiple places.
[ANeff] ER for: use EFR for API Manager and Security Analyzer
[ANeff] Bug for: [Regression] Enabling Secure Profile during install breaks Allowed SQL after Update 3
GetFreeSpace Not Working With Sandbox Security
ColdFusion 2018 Component Inheritance failing with Sandbox Security enabled.
3133483 CF-4198786 Vamseekrishna N. Since this was a security update, non-security bug fixes were pushed out to the next update. We can evaluate how this fix can be shared once it is fixed.
2672570 CF-4187127 Vamseekrishna N. This fix will be made available in the next bug-fix update release. Note that a security release is not counted as a bug-fix release and the recently released updates were security updates.
Comment on Allowed file extensions for CFInclude tag should be in Secure Profile by Aaron N.
Comment on [ANeff] Bug for: Secure Profile doesn't include default error template paths in "Snapshot when secure profile enabled" by S P.
Comment on SecureProfile should not install Example Datasources, Gateways, or Solr Collections by External U.
Comment on Post ColdFusion Security Hotfix APSB13-10 - error on JSON returned with debug on by External U.
2612242 CF-3535992 Rupesh K. Tomcat always sets the secure flag on the JSESSIONID if the request is secure. As Tomcat does not provide any way to turn it off, we cant do anything about it.
Comment on coldfusion.runtime.Cast._double(J)D after Security Hotfix APSB13-03 by Adobe D.
2613565 CF-3222889 External U. I agree that this should be repaired in CF 10. This supports an open security standard, and we need all the security we can get.