Copy link to clipboard
Copied
I just applied update 5 and now I am getting XML errors:
"Error","ajp-nio-127.0.0.1-8020-exec-10","10/13/22","11:28:42","Medlists3","coldfusion.runtime.CFPage.XmlSearch(Lcoldfusion/xml/XmlNodeList;Ljava/lang/String;)Ljava/lang/Object;
https://helpx.adobe.com/coldfusion/kb/coldfusion-2021-update-5.html says
CHANGE IN XML
If the XML path contains a forward slash or backslash, it will be blocked. The flag, coldfusion.xml.allowPathCharacters, must be set to true to allow the same.
But I don't know where to make this change.
Hello Gabriel,
Please try this.
Update ColdFusion 2021 with update 5
Please let me know if that resolves the issue.
Copy link to clipboard
Copied
Gabriel, to add any jvm argument to CF, you have two choices--and you do want to be careful about doing this. First, though, note that it needs to be added with a -D in front of it:
Even if you may opt to do the change in the CF Admin, I would warn of this: if you make a mistake, CF may well accept your change, but then you may find on restarting CF that it can't start...and that you can't get to the CF Admin to correct things. It's for for that reason I recommend you edit the file instead. If you do (having left it open after saving it), and CF doesn't start, then you can undo what you added.
Even safer would be to make a COPY of the jvm.config file first, again whether you edit in the Admin or by editing the file.
Let us know how it goes. I will share also that I can help folks do these sort of things, in as little as 15 mins, via remote screenshare consulting. More at carehart.org/consulting.
Copy link to clipboard
Copied
Hello Gabriel,
Please try this.
Update ColdFusion 2021 with update 5
Please let me know if that resolves the issue.
Copy link to clipboard
Copied
Hello RaviShabkar,
I have tried your advice as well as the jvm argument and neither works for me. I can't even get to the CF Admin Package Manager page as it is throwing the XMLSearch error below. I have also pasted in my java.args below.
Does anyone have any other ideas?
java.args=-server -Xms256m -Xmx1024m --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/sun.util.cldr=ALL-UNNAMED --add-opens=java.base/sun.util.locale.provider=ALL-UNNAMED --add-opens=java.base/java.net=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED -XX:+UseParallelGC -Djdk.attach.allowAttachSelf=true -Dcoldfusion.home={application.home} -Duser.language=en -Dcoldfusion.rootDir={application.home} -Dcoldfusion.xml.allowPathCharacters=true -Dcoldfusion.libPath={application.home}/lib -Dorg.apache.coyote.USE_CUSTOM_STATUS_MSG_IN_HEADER=true -Dcoldfusion.jsafe.defaultalgo=FIPS186Random -Dorg.eclipse.jetty.util.log.class=org.eclipse.jetty.util.log.JavaUtilLog -Djava.util.logging.config.file={application.home}/lib/logging.properties -Dtika.config=tika-config.xml -Djava.locale.providers=COMPAT,SPI -Dsun.font.layoutengine=icu -Dcom.sun.media.jai.disableMediaLib=true -Dcoldfusion.classPath={application.home}/lib/updates,{application.home}/lib/,{application.home}/gateway/lib/,{application.home}/wwwroot/WEB-INF/cfform/jars,{application.home}/bin/cf-osgicli.jar
"Error","http-nio-8400-exec-3","11/02/22","13:39:44","cfadmin","coldfusion.runtime.CFPage.XmlSearch(Lcoldfusion/xml/XmlNodeList;Ljava/lang/String;)Ljava/lang/Object; The specific sequence of files included or processed is: E:\CF2021\cfusion\wwwroot\CFIDE\administrator\updates\index.cfm, line: 733 "
java.lang.NoSuchMethodError: coldfusion.runtime.CFPage.XmlSearch(Lcoldfusion/xml/XmlNodeList;Ljava/lang/String;)Ljava/lang/Object;
at cf_core2ecfm1148457877$funcGETINSTALLEDUPDATES.runFunction(/CFIDE/administrator/updates/_core.cfm:733)
Copy link to clipboard
Copied
Please try this.
1. Stop ColdFusion service.
2. Clear the cfclasses from \ColdFusion2021\{instances}\wwwroot\WEB-INF\cfclasses
3. Clear the felix-cache from \ColdFusion2021\{instance}\bin\felix-cache
4. Start ColdFusion service and try to load CF admin and let me know if that works.
If that doesn't work, we can connect over a call and help you with that.
Copy link to clipboard
Copied
Hi @Priyank Shrivastava. - That did get my application that makes use of the XMLSearch function working again.
However, the CF Admin is still throwing the error below. Can you please let me know how I can setup a call with Adobe support on this?
Thanks,
Jeff
java.lang.NoSuchMethodError: coldfusion.runtime.CFPage.XmlSearch(Lcoldfusion/xml/XmlNodeList;Ljava/lang/String;)Ljava/lang/Object;
at cf_core2ecfm1148457877$funcGETINSTALLEDUPDATES.runFunction(/CFIDE/administrator/updates/_core.cfm:733)
Copy link to clipboard
Copied
Hi, @Priyank Shrivastava. !
What exactly is Apache Felix being used for in CF? That's a new one on me. Thanks in advance!
Dave Watts, Eidolon LLC
Copy link to clipboard
Copied
Dave, Felix is an implementation of the osgi framework (from the Apache org) which underlies the new modularity of cf2021, where one can optionally implement only SOME "packages", related to features of cf. As you may know, that's controlled either in the cf admin "package manager" page or via the cfpm tool in the cf bin folder.
And whether one does or doesn't manipulate the packages, cf under the covers uses that modularity with regard to how things work.
As such, Priyank's suggestion to clear that cache is another attempt at solving the xmlsearch problem. That's a new one to me.
That said, Priyank, shouldn't one use cfpm purgecache. Or is there no benefit of that over just deleting the files?
Copy link to clipboard
Copied
Hi @Priyank Shrivastava. - my CF admin still throws an error when I try to go to the Package Manager tab.
Any ideas on how to fix this?
Dec 1, 2022 11:42:15 AM Error [http-nio-8400-exec-6] - coldfusion.runtime.CFPage.XmlSearch(Lcoldfusion/xml/XmlNodeList;Ljava/lang/String;)Ljava/lang/Object; The specific sequence of files included or processed is: XXXX\cfusion\wwwroot\CFIDE\administrator\updates\index.cfm, line: 733
Copy link to clipboard
Copied
@jeffp80876634 Try updating all the packages via the command line and see if it helps.
Navigate to \ColdFusion2021\cfusion\bin folder from the command prompt, run cfpm.bat and the below command.
cfpm>update ALL
Restart the CF and check.
Thanks,
Vikram
Copy link to clipboard
Copied
Thanks Charlie, I DO appreciate the fast response. I tried adding the flag but unfortuately it had no effect
Copy link to clipboard
Copied
Thanks RaviShankar Chagnur! that worked!
Copy link to clipboard
Copied
Thanks for this! I was having a similar problem. Clearing the cfclasses didn't help, but Charlie's JVM flag did.
Copy link to clipboard
Copied
I have the same issue. I tried the JVM argument. No affect. On my local dev box, my wwwroot\WEB-INF\cfclasses is empty (we keep this turned off on our dev/test machines). Please advise.
#xmlTransform( xml, getXsl() )# << this code causes the error below.
An error occurred while Transforming an XML document.
Unable to process the XML string as it could probably contain file paths.
coldfusion.xml.XmlProcessException: An error occurred while Transforming an XML document. at coldfusion.xml.XmlProcessor.doTransform(XmlProcessor.java:712) at coldfusion.xml.XmlProcessor.access$100(XmlProcessor.java:95) at coldfusion.xml.XmlProcessor$2.run(XmlProcessor.java:660) at java.base/java.security.AccessController.doPrivileged(Native Method) at coldfusion.xml.XmlProcessor.transform(XmlProcessor.java:656) at coldfusion.xml.XmlProcessor.transform(XmlProcessor.java:645) at coldfusion.runtime.CFPage.XmlTransform(CFPage.java:444)
Copy link to clipboard
Copied
Jhansen, the update technote does indicate the change that leads to this failure, so it's not unexpected. Not clear if you realize that. And the ultimate solution is to get that getxsl result (the xmlsearch criteria) to NOT have slashes, as that's deemed to be a security vulnerability.
But yes, as the technote shows, Adobe provided for backward compatibility/reduced security by way of that jvm arg.
So when you say it doesn't work, we should all question whether you implemented it correctly. If you see my comment above to Gabriel, there are specific things to do and to check. If you may have more than one instance of cf2021 on that machine, do be sure you've put the change in the right place. If you do, that error should go away. If you make any mistake, it could remain.
Let's us know what you think. And if you may have taken offense at my reply here, please know that's not my intent. I'm just trying to help. I can't known who knows what. I just help people solve such problems literally every day, in the community and in my consulting.
Copy link to clipboard
Copied
Oh Charlie, I'm not offened, we have worked togehter before. In fact, you where right, I did it wrong. I missed the space. The JVM arg DOES allow the code to work. The XML in question has lots of slashes/paths in it because it part of the menu system. It's going to take some work to fix this one. <facepalm>
Copy link to clipboard
Copied
Ah, OK Justin. Didn't connect the dots with just the initial. 🙂 Great to hear that you solved things, and glad to have helped. I suspect this could happen to others, so good to get the info out here. Until again.
Copy link to clipboard
Copied
Hi Charlie,
I had a question related to your note about NOT using slashes in the xmlSearch criteria. Perhaps I am missunderstanding, but I'm unsure how you would otherwise search the XML. Isn't XPATH (which will almost always contain slashes) the basis of searching XML?
Please advise.
Thanks,
Brad
Copy link to clipboard
Copied
Yes, Brad. But I'm simply reflecting the info Adobe has shared in the technote for update 5. As indicated there (and quoted above):
CHANGE IN XML
If the XML path contains a forward slash or backslash, it will be blocked. The flag, coldfusion.xml.allowPathCharacters, must be set to true to allow the same.
To be clear, I don't work for Adobe. My understanding is that this is a change related to an aspect of security. My sense if that they're implementing it as a protection, with the jvm arg for those who a) do intentionally use xmlsearch and b) need to permit use of such normal xpath search criteria.
That said, I've been participating in another thread in these forums where people are finding they CAN use paths in the search criteria. We've not gotten clarification on that from anyone.
I welcome further clarification there or here from anyone understanding things better.
Copy link to clipboard
Copied
Hi Charlie,
Thanks very much for the response and the link to the other thread. I look forward to more clarification coming from Adobe, as it certainly does seem to defeat the purpose of the xmlSearch() method if XPATH can't be used as intended :-). I am still on CF2018, but update 15 has the same technote. We use xmlSearch() extensively, so I won't be rushing to update.
Best Regards,
Brad
Copy link to clipboard
Copied
Sure, and I only pointed to 2021 given the subject of this thread, but yep I agree it's a confusing situation about xmlsearch.
That said, before holding off on the update, why not try it to see what happens--especially given what bkbk reported in that other thread? Perhaps YOU could be the one to bring us clarity on what works or may not. 🙂
As you may know, updates are easily uninstalled. Or you can use the free developer edition on a machine other than your production one. Even if you "can't run your web app off the prod server", you could at least try some subset.
Or you can try things for free on the Adobe cffiddle.org site, which already supports these two latest updates.
Copy link to clipboard
Copied
This change is specifically to XMLTransform() and not XMLsearchI(). In case you are not using XMLtransform, you don't need to add the flag in your CF server. For XMLSearch(), we did change the signature and that is why we need to clear the classes.
Copy link to clipboard
Copied
Hi Priyank,
Thanks very much for the clarification. This is extremely helpful and makes much more sense! 🙂
Best Regards,
Brad
Copy link to clipboard
Copied
Ah, OK. Thanks, Priyank. I don't think I'd seen that clarified anywhere else. It would SURELY help to get that added to the update technotes. They don't mention the path issue being about xmltransform, nor about xmlsearch use requiring recompile/clear of classes.
Also, are those issues really limited to each of those function? Or does either issue affect other CFML functions/tags related to XML processing?
I will post to that other forum thread, pointing to your comment.
Copy link to clipboard
Copied
Sure Charlie, I will ask documentation team to update the doc.