Twitter: cfjedimaster
Address: Lafayette, LA, USA
Menu

New ColdFusion Security Bulletin

05-11-2010 3,096 views ColdFusion 10 Comments

Just a quick note to let folks know about a new ColdFusion Security Bulletin: Security update: Hotfixes available for ColdFusion. See the link for more details. This update covers ColdFusion 8 and higher and impacts all operating systems.

10 Comments

  • Julian Halliwell #
    Commented on 05-12-2010 at 3:51 AM
    We just applied the 8.01 HF to 2 different dev machines and after restarting CF <cfquery> could no longer connect to any datasources (errored with datasource exceptions). Verifying all dsns in the CF Admin worked ok though.
  • Raymond Camden #
    Commented on 05-12-2010 at 5:37 AM
    Your best bet is to contact Adobe support. Sorry I can't help more.
  • Julian Halliwell #
    Commented on 05-12-2010 at 5:46 AM
    Thanks Raymond, but I wasn't expecting help. Just commenting in case anyone else has a similar issue, and warning people to test first before applying to production servers.
  • Raymond Camden #
    Commented on 05-12-2010 at 5:47 AM
    Don't you know - I feel guilty if I don't answer _every_ comment here. ;)
  • Yaron #
    Commented on 05-12-2010 at 7:53 AM
    Same thing happened to our server. All you have to do is take down the cf service, remove the shf8010001.jar file from your updates dir (?:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\updates) and restart. Adobe? WTF? People! Always test updates on dev servers first.
  • Chad #
    Commented on 05-12-2010 at 9:22 AM
    I just tried it on our development 8.0 server and nothing broke.

    What server versions did break? I have an 8.0.1 production server and you guys are making me nervous.

    Are there any details on what is vulnerable? Is it just the login.cfm files in CFIDE that the fix replaces? If so those are not public facing on my production server so i may skip the update.
  • James #
    Commented on 05-12-2010 at 9:36 AM
    Posts on Facebook say that Adobe is looking into the problem.
  • Yaron #
    Commented on 05-12-2010 at 12:37 PM
    Version: 8,0,1,195765
    Edition: Enterprise
  • Paul Karlin #
    Commented on 05-12-2010 at 12:51 PM
    Same problem here with 8.0.1 -- we're uninstalling now. At least we only deployed to testing first!
  • Josh #
    Commented on 05-13-2010 at 10:32 AM
    The fix for the hotfix is out.

    http://kb2.adobe.com/cps/841/cpsid_84102.html

Post Reply

Please refrain from posting large blocks of code as a comment. Use Pastebin or Gists instead.

Leave this field empty

Sponsors

CFConsultant
ColdFusion Consulting Since 1997. Experienced, Adobe Certified, Reliable.

Search

Recent Posts

Support this Site!

If this post was helpful to you, then please consider visiting my Amazon Wishlist or making a donation:

Subscribe

Want to be emailed when new posts are released? Simply enter your email address below.