CFFTP fingerprint attribute stopped working after upgrade to CF23 from CF18

Report · Jan 15, 2025

Hi,
We upgraded to CF23 Ent (from CF18 Ent) and after the upgrade, our CFFTP fingerprint attribute stopped working.

Upon connecting to the remote sFTP server, CFFTP now gives error "Fingerprint is either invalid or missing".

However, the fingerprint is valid. The code has been working for years before the CF upgrade. The remote FTP server has not been changed and I can use FileZilla to see the fingerprint, and as expected, it matches the fingerprint attribute in our CFFTP.

If I remove the CFFTP's fingerprint attribute, we connect just fine.

Any ideas what is going on here, or ideas on how to troubleshoot this further?
Thanks!
Byron

Report · Jan 15, 2025

Byron, there's an explanation and a solution.

First, FWIW this is in fact not "new with cf2023" but instead new since the updates to cf2023 AND cf2021 which were released in Oct 2024. (Perhaps it's that you moved to cf2023 and immediately updated to update 12--which came out in Dec 2024.)

As for solving it, that was discussed also in the technote for those Oct 2024 updates. See for instance the technote for cf2023 update 11, which offers these jvm args that can be added to either release to get back the older functionality you were leveraging:

-Dcoldfusion.sftp.enable-ssh-rsa=TRUE -Dcoldfusion.sftp.fingerprint=md5

The update technote also links to the Adobe bug tracker ticket explaining more about why things changed.

Finally, as for how to add such jvm args to cf, that was covered briefly in a reply from Adobe on this same matter in this other thread.

After restarting cf, let us know how things go.

/Charlie (troubleshooter, carehart.org)

Report · Jan 15, 2025

Hello Charlie,

That solved the problem. Thank you for such a fast and thorough response.

It all makes sense. We purchased our CF23 late summer 2024 during an Integral sale but waited until recently to install it, and at the same time, we installed update 12 only, since they are cumulative.

I am guilty of not reading the update 11 technote, since it did not occur to me that there might be a bug introduced AFTER CF18 and BEFORE CF23 update 11 that would impact us. I only read the CF23 update 12 technote.

I see the section in the update 11 technotes regarding the sFTP fingerprint issue, and the fix that you pointed out.

I wonder if it makes sense to add a note regarding this issue at:

https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-tags/tags-f/cfftp-opening-and-closing-s...

By the way, for many years now, I have been reading the on-line help you give to the CF community, and it is both impressive, and very much appreciated.

Byron

Report · Jan 15, 2025

Glad to help, and thanks very much for the kind regards.

As for not thinking to check the technotes of updates you've skipped, that's both understandable and sadly almost universal. There is a box at the top of each, suggesting you consider that (which I'd persuaded them to add--though I've always felt their wording of that was awkward. Beggars can't be choosers.)

As for the docs, to be clear I don't control that or work for Adobe. 🙂 But you can file a quick bug report at tracker.adobe.com. They really do attend to many of those. You can point back to this discussion for context. You could also add a link to that ticket here, and perhaps others seeing this will add votes.

/Charlie (troubleshooter, carehart.org)

Report · Jan 16, 2025

Hi @Byron Byron_756 , thanks for your suggestion. I have sent a request to Adobe to add information about the CFFTP fix and the Java flags to the documentation on opening and closing secure connections using CFFTP.

CFFTP fingerprint attribute stopped working after upgrade to CF23 from CF18

1 Correct answer