Skip to main content
E
EveryDayIsaTest
Participant
September 29, 2020
Question

The MD5 checksums on the Adobe Download page appear to be incorrect for CF2018 products

  • September 29, 2020
  • 2 replies
  • 999 views

I was downloading binaries for CF2018 LINUX-64 bit versions of the coldfusion software today. After downloading them to my computer, I did what any security-conscious developer would do and attempted to validate the MD5 checksums against what was posted by Adobe on the download page. Only 1 of the 5 binary checksums matched what was posted (i.e. the one for the lockdown guide). I noticed that there was a little note at the top of the page that said that the downloads were recently refreshed. It said "Revision history-7/14 - Refreshed add-on installers for 2016 and 2018". Therefore, I suspect that the checksums were missed in that refresh. Also, the most important download, the CF2018 server software, did not have a checksum listed ... unlike most of the other stuff. I contacted Adobe support and after a bit of discussion, they asked me to alert the forum about this. My company needs the latest checksums to verify the downloads before we install. I humby request somebody at Adobe to look into this issue and resolve quickly. Thank you.

 

Here is the download page I consulted:

https://www.adobe.com/support/coldfusion/downloads.html

 

Here is what I computed for checksums as of 9/29/2020:

-------------------------------------------------------------------------

ColdFusion_2018_WWEJ_linux64.bin

Computed ==> 89DC86EF622C1FE73CAE39FD6D46E72E

Displayed ==> MD5 Checksums missing from page

 

ColdFusion_2018_Lockdown_WWEJ_linux64.bin

Computed ==> E7589F824C7FB59C823802B173B36819

Displayed ==> E7589F824C7FB59C823802B173B36819   (Match Found)

 

ColdFusion_2018_PerformanceMonitoringToolset_WWEJ_linux64.bin

Computed ==> 1355F852803CC4745A1D9289C5DC31D2

Displayed ==> MD5 Checksums missing from page

 

ColdFusion_2018_Addon_WWEJ_linux64.bin

Computed ==> DDDB9010011E3E46B8269731CEE5C9D1

Displayed ==> 21B972F7A1C400691143A2F6264E9C06    (No match)

 

ColdFusion_2018_APIManager_Addon_WWEJ_linux64.bin

Computed ==> 1AE1D12907A833070DD74A115DD39540

Displayed ==> F32A03E6C7823C1D25C602E516f6226C    (No match)

 

I was only interested in the CF2018 Linux-64 bit binaries, so I did not try and check all the checksums of all the other products so I can only speak to the above, but I would definitely check those as well. Thank you for your attention Adobe!

    This topic has been closed for replies.

    2 replies

    E
    EveryDayIsaTestAuthor
    Participant
    September 30, 2020

    I'm happy to report that I got a reply very quickly this morning after sending an email to the email address you provided Charlie!

    "Thank you for contacting Adobe.

    You are right, we have refreshed the add-on installer for both CF2016 and CF2018 which is why it is showing the wrong MD5 checksum, we did have the correct file when we shared with the backend team somehow that is missed. I will get this corrected and thank you for pointing this out and sharing these details with us. 

    For those where the MD5 checksum file is missing, I will see if we can add the MD5 for all the other installers."

    Charlie Arehart
    Community Expert
    Charlie ArehartCommunity Expert
    Community Expert
    September 30, 2020

    Very good to hear. Thanks for the update.

     

    FWIW, I had no influence on that response. 🙂 And I do hope more people will learn to leverage that when facing such challenges. I understand why some will default to asking here, but there's only so much we here (those of us who are not Adobe employees) can do.

     

    Of course, the better news will be when they do get the info updated. Let's keep hope alive. 🙂

    /Charlie (troubleshooter, carehart. org)
    Charlie Arehart
    Community Expert
    Charlie ArehartCommunity Expert
    Community Expert
    September 29, 2020

    Thanks for sharing that. Did you detect from the "support" people at Adobe (who told you to alert us here) that they were also going to get the problem solved? A couple of your statements here make it seem like you are asking HERE that they fix it. I can say that they don't often respond here.

     

    If you don't feel that the person you spoke with in "support" was going to get this fixed, then please email cfinstal@adobe.com. That is the address for free installation support, and this problem falls in line with that intent. (Most of us answering questions here are NOT Adobe employees and have no way to change a page like that which shows those checksums.)

    /Charlie (troubleshooter, carehart. org)
    E
    EveryDayIsaTestAuthor
    Participant
    September 30, 2020

    The impression I got from the person I was in chat with was that she was just a helpdesk-type person who could not help with this particular issue. After I explained to her what the problem was, she told me she was consulting a senior team about the issue. I wasn't sure she understood the problem because I let her know that this isn't an "answer" I'm looking for, rather it requires action from Adobe engineers. I even said that she probably couldn't "answer" my question but rather would need to open a ticket and get the engineers involved to compute the new checksums and post it to the download page.

     

    That is all I wanted from her as far as support. She then came back and said that I should post this issue in the forum ... she even posted the link to the forum in the chat window. So I took that to mean that maybe this is where I needed to go to get Adobe engineers to see the issue. I wasn't totally sure about that but since the URL was given, I took that as the next step. Seemed odd, but who knows. Thanks for the tip, I will write to the address you provided.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices