Bug ID
Последнее обновление
18 янв. 2022 г.
ColdFusion (2018 release) Update 10
Примечание.
If you are applying Update 10 without applying Update 8, follow the Post Installation steps mentioned for Update 8.
Note: If you are already on Update 8, you can apply Update 10 without performing any intermediary steps.
Примечание.
If you are updating via ColdFusion Administrator:
The minimum update versions are Update 4 or higher for ColdFusion (2018 release), due to a recent change in code signing certificate.
These are mandatory pre-requisites before updating.
The updates below are cumulative and contain all updates from previous ones. If you are skipping updates, you can apply the latest update, not those you are skipping. Further, you must take note of any changes that are implemented in each of the updates you are skipping.
To install previous updates, see ColdFusion (2018 release) Updates.
What's new and changed
ColdFusion (2018 release) Update 10 (release date, 14 July, 2020) addresses vulnerabilities that are mentioned in the security bulletin, APSB20-43, and a few other issues.
CAR deployment
For security reasons, we strongly recommend that you delete the file after the car file deployment.
On the Archive wizard UI, we've added a text accordingly.
Bugs fixed
|
|
Description |
Component |
|---|---|---|
|
Unexpected memory issues in Redis. The application runs on ColdFusion (2018 release) Update 5 and Redis 5.0.5 on AWS managed service. |
Caching |
|
|
When monitoring is enabled for a server in Performance Monitoring Toolset, cfthread tags fail to execute intermittently. |
Performance Monitoring Toolset |
|
|
After updating ColdFusion, a few applications started to behave unexpectedly. |
Security |
|
|
Intermittent StackOverflowError exception when launching some pages. |
Security |
|
|
There are numerous calls to Redis in a time interval. |
Performance Monitoring Toolset |
|
|
CFHTTP calls with proxyserver produce Error 404. |
HTTP |
Prerequisites
- On 64-bit computers, use 64-bit JRE for 64-bit ColdFusion.
- If the ColdFusion server is behind a proxy, specify the proxy settings for the server to get the update notification and download the updates. Specify proxy settings using the system properties below in the jvm.config for a stand-alone installation, or corresponding script file for JEE installation.
- http.proxyHost
- http.proxyPort
- http.proxyUser
- http.proxyPassword
- For ColdFusion running on JEE application servers, stop all application server instances before installing the update.
Installation
For instructions on how to install this update, see Server Update section. For any questions related to updates, see this FAQ.
- The update can be installed from the Administrator of a ColdFusion instance or through the command-line option.
- Windows users can launch the ColdFusion Administrator using Start > All Programs > Adobe > Coldfusion 2018 > Administrator.
- Microsoft Windows 8.1, Windows 10, Windows Server R2 2012, and Windows Server 2016 users must use the “Run as Administrator” option to launch wsconfig tool at {cf_install_home}/{instance_name}/runtime/bin.
- If you get the following error when installing the update using the Download and Install option, ensure that the folder {cf_install_home}/{instance_name}/hf_updates has write permission: "An error occurred when performing a file operation write on file {cf_install_home}/{instance_name}/hf-updates/hotfix_010.properties".
- The connector configuration files are backed up at {cf_install_home}/config/ wsconfig /backup. Add back any custom changes made to the workers.properties file after reconfiguring the connector.
Installing the update manually
- Click the link to download the JAR.
- Execute the following command on the downloaded JAR. You must have privileges to start or stop ColdFusion service and full access to the ColdFusion root directory.
Windows: <cf_root>/jre/bin/java.exe -jar <jar-file-dir>/hotfix-010-320417.jar
Linux-based platforms: <cf_root>/jre/bin/java -jar <jar-file-dir>/hotfix-010-320417.jar
Ensure that the JRE bundled with ColdFusion is used for executing the downloaded JAR. For standalone ColdFusion, this must be at, <cf_root>/jre/bin.
Install the update from a user account that has permissions to restart ColdFusion services and other configured webservers .
For further details on how to manually update the application, see the help article.
Post installation
Примечание.
After applying this update, the ColdFusion build number should be 2018,0,10,320417.
Post installation, we recommend rebuilding or reconfiguring your connector.
Note: This holds true only if you have applied Update 10 without applying Update 8.
If you see Error 503 or Error 403 when firing up your websites, see the troubleshooting steps.
Applying Server Auto-Lockdown
After you've installed Update 10 (with a pre-configured connector), and have locked down the server using the Auto-Lockdown installer, you may encounter Error 403 forbidden, when accessing the web pages.
To fix this issue, follow the steps mentioned below:
- Ensure that the secret in workers.properties file matches the secret in server.xml.
- If the secret does not match, copy the secret from workers.properties file and paste it in server.xml file.
- Restart your ColdFusion Server for the changes to take effect.
Locations of files
|
File |
Location |
|---|---|
|
server.xml |
{cf.instance.home}\runtime\conf |
|
AJP connector in server.xml |
AJP connector has protocol attribute set as AJP/1.3. For example, <Connector port="8018" protocol="AJP/1.3" packetSize="65535" redirectPort="8451" tomcatAuthentication="false" maxThreads="500" connectionTimeout="60000" secret=”abcd” /> |
|
secret in server.xml |
The secret value in server.xml is present in the Connector Node with the attribute name as secret. For example, <Connector port="8018" protocol="AJP/1.3" packetSize="65535" redirectPort="8451" tomcatAuthentication="false" maxThreads="500" connectionTimeout="60000" secret=”abcd” /> |
|
workers.properties in IIS |
{cf.home}/config/wsconfig/<magic_folder_number> |
|
workers.properties in Apache |
APACHE_HOME/conf/ |
|
secret in workers.properties |
worker.cfusion.secret=<secret> |
Uninstallation
To uninstall the update, perform one of the following:
- In ColdFusion Administrator, click Uninstall in Server Update > Updates > Installed Updates.
- Run the uninstaller for the update from the command prompt. For example, java -jar {cf_install_home}/{instance_home}/hf_updates/hf-2018-00010-320417/uninstall /uninstaller.jar
If you can't uninstall the update using the above-mentioned uninstall options, the uninstaller could be corrupted. However, you can manually uninstall the update by doing the following:
- Delete the update jar from {cf_install_home}/{instance_name}/lib/updates.
- Copy all folders from {cf_install_home}/{instance_name}/hf-updates/{hf-2018-00010-320417}/backup directory to {cf_install_home}/{instance_name}/
Connector configuration
Adobe MAX
— творческая конференция
С 14 по 16 октября очно в Майами-Бич и онлайн
Adobe MAX
Творческая конференция
С 14 по 16 октября очно в Майами-Бич и онлайн