• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

ColdFusion (2018 release) Update 9 and ColdFusion (2016 release) Update 15 released

Adobe Employee ,
Apr 21, 2020 Apr 21, 2020

Copy link to clipboard

Copied

We are pleased to announce that we have released the updates for the following ColdFusion versions:

 

In this update, apart from fixing the security vulnerabilities, we’ve also added SameSite cookie support for cfcookie.

 

For more information, see the tech notes below:

 

These updates fix security vulnerabilities that are mentioned in the security bulletin,  APSB20-18.

 

Please update your ColdFusion versions today. Let us know if you face any issues while installing the updates. Your feedback is essential to further enhancing the product.

 

We thank you for your continuing support.

TOPICS
Getting started

Views

1.3K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 23, 2020 May 23, 2020

Copy link to clipboard

Copied

I am getting a 403 forbidden error after updatingt to 14 or greater(CF2016) and 9(CF2018) any insight? I have several instances that I need to update so I need a rinse repeat type of SOP.

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
May 23, 2020 May 23, 2020

Copy link to clipboard

Copied

Yes, this is a known issue. See the technote for the update, and it's post installation section. It notes the 403 error and what to do about it.

 

If you still have challenges, write back. If that works for you, do let us know. 


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
May 23, 2020 May 23, 2020

Copy link to clipboard

Copied

That didn't work I updated the server.xml with the same secret from the worker.properties and double checked it still getting a 403?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
May 23, 2020 May 23, 2020

Copy link to clipboard

Copied

Well there were two suggested fixes for the 403. Read in the troubleshooting section about adding the allowedRequestAttributesPattern=". *" to the ajp connector in server.xml.

 

Perhaps you're frustrated and rushing. If so, do note two things

 

First, observe the case of that attribute (critical) and the value: a dot and an asterisk. 

 

Second, you should NOT have needed to have "updated the server.xml with the same secret from the worker.properties". The CF update should have done THAT. Then the wsconfig update would have put the secret CF created into the workers.peoperties. I'm saying something seems off if the secret was NOT there already. 

 

Just trying to help. I have more detail (on these various problems after that March update to 2018 and 2016) in a post on my site: 

 

https://www.carehart.org/blog/client/index.cfm/2020/3/20/how_and_why_sites_may_break_after_Mar_2020_...


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
May 23, 2020 May 23, 2020

Copy link to clipboard

Copied

If you may be getting these replies by email, note I've corrected my last post. As I'm writing on my phone, in the tiny editing window offered, that can't be zoomed in, I missed that I'd made a typo in the attribute name. It's... attributes... (s) not... attributed... (d). 


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
May 26, 2020 May 26, 2020

Copy link to clipboard

Copied

LATEST

jal4470, did you get the problem resolved? If so, what was the right solution for you?


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation