Not sure why this wasn't given more of an announcement, but the first cumulative hot fix for ColdFusion 9 was released yesterday. Hit the link up for details on what was fixed. The best item I think is the JSON casting issue. I talked about that bug in a blog entry back in October.
Edited: A tip for Mac users. I noticed when I double clicked on the zip that my Mac extracted the jar and automatically extracted the contents. Since the CF Admin wants the jar, I wasn't sure what to do. On a whim I went to the command line and found that I could use "unzip". I simply unzipped the file there and it just extracted the jar.
Archived Comments
I just applied this to 2 of my identical CF9 (mac 10.6) boxes. One went well and one was a fail.
In the one that failed the server starts up OK, but calls to any list functions caused it to bomb. Logs are full of stuff like:
coldfusion.runtime.ListFunc.ListFirst(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; - coldfusion.runtime.ListFunc.ListFirst(Ljava/lang/String;Ljava/lang/String;)Ljava/lang/String; null
Trying to get to the admin page throws:
javax.servlet.ServletException: ROOT CAUSE:
java.lang.NoSuchMethodError: coldfusion.runtime.ListFunc.ListFindNoCase(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)I
at coldfusion.runtime.CFPage.ListFindNoCase(CFPage.java:1893)
at cflogin2ecfm655958995.runPage(E:\centaur_rc1\cfusion\wwwroot\CFIDE\administrator\login.cfm:34)
Wait, where did "E:\centaur_rc1" come from? I am on a mac? Is there a bug in this patch? Why would it work on my other machine?
I've got some digging to do.
Ignore the path - that just comes from where stuff is compiled over at Adobe.
Outside of that, I'd file a bug report.
FYI, can you show me a code snippet that - by itself - forces this error? I want to try it here. I did a simple listFirst call and it didn't throw an error.
Maybe it's a coincidence. However, since I installed this hot fix uploading images through fckeditor is wacked.
Hey Simon, I don't know if this helps since I use FCKeditor outside of ColdFusion, but I noticed FCKeditor doesn't like the recent update to Firefox because the regex that checks browser version doesn't consider any version updates past 2009. I got around it by switching off (false) the fckEditor.checkBrowser variable.
Does this hotfix also deal with the reported vulnerability in BlaseDS as well, or do both need to be applied?
It does not.
Hey Simon.
I had a problem after the hotfix too. You might want to check this out. This was exactly our problem:
http://www.ephost.com/suppo...
Actually, the fix was even easier for us. We simply added -Dcoldfusion.fckupload=true to the JVM Arguments panel in CF admin.
-Brian
I also had a problem with FCK Editor image uploads after applying the hotfix. I fixed it in editor/filemanager/connectors/cfm/cf_commands.cfm. There is a function called FileUpload. I renamed that to FileUploader and then changed 2 calls to that function: cf_upload.cfm and cf_connector.cfm. Note that it is only necessary to change the actual function calls. FileUpload appears as a string in a few places and you can leave them alone. Fixed the 500 error for me.
Wow, I just realized how late I am to this party.
I should note that the problem on our end was that we rolled out fckeditor separate from the one included with CF 9 and the fileupload function conflicted with the one in CFIDE.
I'm getting this error in my log files:
Element EXCEPTION.ROOTCAUSE.TYPE is undefined in ARGUMENTS.
It's all over multiple applications.
Any ideas on that. Applied the hot fix the other day.