Just a quick note to let folks know about a new ColdFusion Security Bulletin: Security update: Hotfixes available for ColdFusion. See the link for more details. This update covers ColdFusion 8 and higher and impacts all operating systems.
Just a quick note to let folks know about a new ColdFusion Security Bulletin: Security update: Hotfixes available for ColdFusion. See the link for more details. This update covers ColdFusion 8 and higher and impacts all operating systems.
Archived Comments
We just applied the 8.01 HF to 2 different dev machines and after restarting CF <cfquery> could no longer connect to any datasources (errored with datasource exceptions). Verifying all dsns in the CF Admin worked ok though.
Your best bet is to contact Adobe support. Sorry I can't help more.
Thanks Raymond, but I wasn't expecting help. Just commenting in case anyone else has a similar issue, and warning people to test first before applying to production servers.
Don't you know - I feel guilty if I don't answer _every_ comment here. ;)
Same thing happened to our server. All you have to do is take down the cf service, remove the shf8010001.jar file from your updates dir (?:\JRun4\servers\cfusion\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\updates) and restart. Adobe? WTF? People! Always test updates on dev servers first.
I just tried it on our development 8.0 server and nothing broke.
What server versions did break? I have an 8.0.1 production server and you guys are making me nervous.
Are there any details on what is vulnerable? Is it just the login.cfm files in CFIDE that the fix replaces? If so those are not public facing on my production server so i may skip the update.
Posts on Facebook say that Adobe is looking into the problem.
Version: 8,0,1,195765
Edition: Enterprise
Same problem here with 8.0.1 -- we're uninstalling now. At least we only deployed to testing first!
The fix for the hotfix is out.
http://kb2.adobe.com/cps/84...