Skip to main content
T
TedJ
Inspiring
December 29, 2011
Question

Security Patch hf801-00004.jar crashes servers

  • December 29, 2011
  • 4 replies
  • 1510 views

Hi,

I have applied the security patch for CF 8.01 which loads the hf801-00004.jar file. Updated 3 servers (tests) and all have the same errors.

Any page that runs a query errors with 'NoClassDefFoundError'.  The 3 servers were all test/developer servers but were fully functional. Always the same errors on each.

Any idea's on why and how to fix?

Thanks

    This topic has been closed for replies.

    4 replies

    A
    Anonymous
    January 1, 2012

    Just in case anyone else pulls the same stupid move I did... here was the fix for the image issues...

    When you update to hf801-00004.jar, DO NOT remove the hf801-71557.jar file as it is needed to handle images. That's what was blowing everything up for me!

    A
    Anonymous
    December 30, 2011

    TedJ,

    Interesting. I'm not having any problems with running queries or adding datasources. Just seems to be locking image files after uploading. The files get there, just can't do anything with them after that. Very odd.

    My next plan of action is individual hot fixes rather than the whole 04 compilation. Figure I can isolate which one's causing the problem that way.

    Good luck with your challenge!

    A
    Anonymous
    December 30, 2011

    I'm having my own issues with the hf801-00004.jar file. Once applied (even if I do nothing but that) image uploads from a CF File Upload process fail. Both stand alone and from within a FCKeditor environment. Revert back by removing hf801-00004.jar file and all is well. Apply it, it breaks. Anyone else run into this and have a fix?

    T
    TedJAuthor
    Inspiring
    December 30, 2011

    BKRStudio,

    After you apply the patch try adding a datasource. If it's the same issue you will see an error after clicking the 'Add'.

    Seems to be (at least what I found) all related to running queries after the fix.

    I unzipped to a temp folder, then copied .jar to  /lib/updates also unzipped directly into /lib/updates keeping the subfolder. Both methods caused the failure.

    Win servers, CFIDE in default location. All options were at defaults in my tests.

    Just an FYI,

    Ted

    Charlie Arehart
    Community Expert
    Charlie ArehartCommunity Expert
    Community Expert
    December 30, 2011

    Ted, did you by any chance save all the things you changed (the CFIDE directory, the WEB-INF, etc.) , so that you can revert things back? And if you do so does it remove the problem?

    If so, with the pressure off, I would then ask: are you sure you didn’t by any chance apply things incorrectly? It’s quite common, because in fact there are now so many files that need to be changed.

    For instance, are you positive you changed the CFIDE that’s really being used? People often have more than one place where CFIDE exists (even all for the same intended CF version), but they don’t always update all of them (or the right one for an intended instance) when applying hotfixes. But I appreciate that in the case of query code, the CFIDE location doesn’t likely matter. Still I hope the point is considered.

    Also, and perhaps more specific to your situation, when people extract the zips to replace files in these directories, I’ve seen zip tools that extract files in such a way as to cause a problem.

    I outline these and a couple more problems in more detail in a blog entry:

    http://www.carehart.org/blog/client/index.cfm/2011/10/21/why_chfs_may_break

    Hope that may help.

    (And yes, before anyone may press the point, there’s no question that applying CF hotfixes is getting to be a real pain. As I discuss briefly in that blog post, Adobe does plan to address this in the next release, Zeus. More than that, they announced at the RIACon 2011 keynote that they also planned to offer a form of this hotfix management feature for CF 8 and 9 as well.)

    /charlie

    /Charlie (troubleshooter, carehart. org)
    T
    TedJAuthor
    Inspiring
    December 30, 2011

    Charlie,

    Thanks for the reply.

    Pressure is off since the 3 servers I updated are my own development servers. Plain vanilla setup too (CFIDE, etc.) I never do anything without testing on my own in-house systems. Been there done that :-)

    The /lib/update folders had the right jar file, removed the old per documentation. Used WinZip on 2 files, PKZip on another. Pretty careful on how I did things and since the installs are straight forward should have been a no brainer. I have been using CF since the old Allaire days of 4.0.

    I have not read your blog yet, will do now. And yeah.....the hot fixes are getting painful. Loading version 9 has been fun and have held off changing versions so I'm glad to hear changes are coming.

    I will update here if I have any luck. For now not running hot fixes in production until I get things figured out. Most stuff is behind the Firewall any way.

    Tahnks again,

    Ted

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices