Copy link to clipboard
Copied
After applied Update 11 or 12 on Coldfusion 2021 standard, RRSTful API does not work.
Is there a security standalone patch only (not cumulative patch) to address the critical vulnerabilities of APSB23-52? details are here.
https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html
The server got stuck on Update 10 only, since we only planed to upgrade to enterprise version in 2024.
This is resolved. Successfully patched Update 12. Please refer to the original post
Thank you all. Great to have the fantastic community.
Copy link to clipboard
Copied
As for your inability to update ("server got stuck on Update 10 only"), if you think something about restful APIs "does not work" after applying the updates, go to the cf admin (after applying the update again) and then to the package manager page, and see the list of packages at the bottom. See if some package is listed as not installed. That can happen for unexpected reasons, even just in applying an update (though it shouldn't happen). Click it to install it. Does that solve the problem?
As for your desire for a way to apply security updates only (not cumulative ones), no, there is not such an option, never has been and likely never will be. That's a longstanding matter of debate. (I wrote <a href="https://www.carehart.org/blog/2019/9/26/proposal_for_new_cf_update_process">a post proposing a solution</a> a few years ago.)
Copy link to clipboard
Copied
Thank you for the quick reply. It does not work for me.
The problem is that the REST API function got limited on standard version after applying Update 11 or 12. If there is bypass on my case, I would be very happy to keep my stance safe meanwhile upgrade to enterprise verision next year as Adobe revised the functionalities between the versions.
Copy link to clipboard
Copied
Hold on: your original note said some restful API "does not work". Now you're saying you sense there's some "limit". And now you clarify that you think that limit is new to CF Standard.
So first, please clarify what you mean about "restful api". Do you mean you are SERVING one (as a CFC, using CF's rest framework)? Or do you mean you are CALLING one (such as via cfhttp)? We should just be sure to all be on the same page. I assume you mean the first one.
Second, since you feel it's "limited", what is indicating that to you? Are some incoming calls failing? Is it some but not all? If some, is it that calls to the same one sometimes work and sometimes fail, or always fail?
And you keep wanting to connect this to update 11 or 12. Let's be clear: update 12 was only a security update, while update 11 was a larger update that included bug fixes and more. And of course if one skipped update 11 they'd get that incorporated with 12, as updates are always cumulative--and again there's no way to get "only the security updates".
But since the problem happened as of the update, have you confirmed first that there were no errors in the application of the update? Many people miss that there is in fact an update log, and it tracks a count of "successes" as well as "fatalerrors" and "nonfatalerrors". You'd want to ensure the latter two reported 0. It's in the hf-updates folder within CF, where there's a folder for each update you apply (not any you skip), and in that folder is a log with a long name reflecting the date and time you applied the update. Look in THAT log, about 70 lines down from the top, to find that table with the count of successes and errors.
Finally, you go on to ask for a "bypass". What would you want that "bypass" to do? Again, it's unclear what has changed for you.
But then you also refer to "Adobe revised the functionalities between the versions" (Standard and Enterprise): there were no changes to functionlity differences between CF Standard and Enterprise in any of these updates that I know of. There was also not any change to REST-based limits between the two editions (that I know of) since CF11. So again, can you please clarify what you are referring to?
These questions are not asked to challenge or contend with you, but simply to try to help you. (Or help you while you await perhaps others offering an answer, if you think they may have one that I am not offering.)
Copy link to clipboard
Copied
As a point of clarification for readers, it turns out the OP here (jianpingt85715541) had opened a similar question last month when they'd gone to update 11. And today someone there offered a solution for a similar error they were seeing. It's not yet clear if it was the SAME problem as the OP here, but in case it may help others, here's a link to the discussion of that solution (and a reply I offered to that there. I'd not noticed that post back in October, until today).
Copy link to clipboard
Copied
This is resolved. Successfully patched Update 12. Please refer to the original post
Thank you all. Great to have the fantastic community.