Highlighted

ColdFusion (2018 release) Update 8 and ColdFusion (2016 release) Update 14 released

Adobe Employee ,
Mar 17, 2020

Copy link to clipboard

Copied

We are pleased to announce that we have released the updates for the following ColdFusion versions:

 

The following are links to the tech notes for each update:

 

These updates fix security vulnerabilities that are mentioned in the security bulletin,  APSB20-16.

 

The Docker images for these updates are also available.

 

Please update your ColdFusion versions today. Let us know if you face any issues while installing the updates. Your feedback is essential to further enhancing the product.

 

We thank you for your continuing support.

TOPICS
Security

Views

756

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

ColdFusion (2018 release) Update 8 and ColdFusion (2016 release) Update 14 released

Adobe Employee ,
Mar 17, 2020

Copy link to clipboard

Copied

We are pleased to announce that we have released the updates for the following ColdFusion versions:

 

The following are links to the tech notes for each update:

 

These updates fix security vulnerabilities that are mentioned in the security bulletin,  APSB20-16.

 

The Docker images for these updates are also available.

 

Please update your ColdFusion versions today. Let us know if you face any issues while installing the updates. Your feedback is essential to further enhancing the product.

 

We thank you for your continuing support.

TOPICS
Security

Views

757

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Mar 17, 2020 0
New Here ,
Mar 26, 2020

Copy link to clipboard

Copied

was unable to get this update to work on either my production server (win 2018 server, Apache 2.4) or my development box (win 10 pro, Apache 2.4).  I followed the suggestions from Charlie Arehart's blog: https://www.carehart.org/blog/client/index.cfm/2020/3/20/how_and_why_sites_may_break_after_Mar_2020_... but couldn't make it work.  The service wouldn't start no matter what I tried.  The windows system log reported: 
The ColdFusion 2018 Application Server service terminated with the following service-specific error:
The system cannot find the file specified.

 

Not a very helpful message since I have no idea which file is missing.

 

I'm thinking that this problem is specific to the combination of Windows and Apache.

Any suggestions are appreciated.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 26, 2020 0
Adobe Community Professional ,
Mar 26, 2020

Copy link to clipboard

Copied

I don't think so, to your last point.

 

Regarding cf not starting, please go to the cfusion/bin folder and use the cf start.bat script there. Tell us what errors appear there. 

/Charlie (server troubleshooter, carehart.org)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 26, 2020 0
New Here ,
Mar 27, 2020

Copy link to clipboard

Copied

OK, trying again: 

After installing update 8 and upgrading the connector (but nothing else), the CF service is still running. 
Pages report: 503 Service Unavailable

Unlike the two prior times I installed CF from scratch and applied the updates, the service will restart, but still get a 503 error

 

Tried adding allowedRequestAttributesPattern="*" to server.xml file as suggested like this:

 <Connector connectionTimeout="60000" maxThreads="500" packetSize="65535" port="8018" protocol="AJP/1.3" redirectPort="8451" secret="3AE375DE-1E15-40CD-84EF-C83F3BA6C687" tomcatAuthentication="false" allowedRequestAttributesPattern="*"/>

Still get 503 error

 

workers.properties looks like this:

heartbeat_interval=30
heartbeat_limit=90

#Start of workers.properties associated with 'cfusion'
worker.list=cfusion

worker.cfusion.type=ajp13
worker.cfusion.host=localhost
worker.cfusion.port=8018
worker.cfusion.connection_pool_timeout=60
worker.cfusion.monitoringsecret=59778e3f-a238-467f-8bb6-f98efa405ce1
worker.cfusion.secret=3AE375DE-1E15-40CD-84EF-C83F3BA6C687
#End of workers.properties associated with 'cfusion'

 

My hosts file is stock (everything is commented out), so that's unlikely to be the problem.

 

Tried removing the web connector and recreating.  No joy either.

In the coldfusion-error.log I found:

INFO: Starting ProtocolHandler ["ajp-nio-127.0.0.1-8018"]

 

Tried changing this in workers.properties:

worker.cfusion.host=localhost to worker.cfusion.host=127.0.0.1  -- didn't help

 

Stumped.

 

 

 

 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 27, 2020 0
New Here ,
Mar 27, 2020

Copy link to clipboard

Copied

Tried running the cfstart.bat script as suggested to see what it would do:

Got a firewall blocking warning (allowed exception) and the output posted below.  Service didn't start.  ran it again and compared the two outputs.  Only differences were times.  Still wouldn't start.  Now it wont start from the services console either.

cfstart.bat output:

--

Java HotSpot(TM) 64-Bit Server VM warning: Ignoring option MaxPermSize; support was removed in 8.0
Mar 27, 2020 10:34:57 AM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'protocol' to 'HTTP/1.1' did not find a matching property.
Mar 27, 2020 10:34:57 AM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'protocol' to 'AJP/1.3' did not find a matching property.
Mar 27, 2020 10:34:57 AM org.apache.tomcat.util.IntrospectionUtils setProperty
WARNING: Error setting property [allowedRequestAttributesPattern] to [*] on class [class org.apache.coyote.ajp.AjpNioProtocol]
java.lang.reflect.InvocationTargetException
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.apache.tomcat.util.IntrospectionUtils.setProperty(IntrospectionUtils.java:71)
at org.apache.tomcat.util.IntrospectionUtils.setProperty(IntrospectionUtils.java:48)
at org.apache.catalina.connector.Connector.setProperty(Connector.java:292)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.apache.tomcat.util.IntrospectionUtils.setProperty(IntrospectionUtils.java:151)
at org.apache.tomcat.util.IntrospectionUtils.setProperty(IntrospectionUtils.java:48)
at org.apache.catalina.startup.SetAllPropertiesRule.begin(SetAllPropertiesRule.java:67)
at org.apache.tomcat.util.digester.Digester.startElement(Digester.java:1173)
at java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(AbstractSAXParser.java:510)
at java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractXMLDocumentParser.emptyElement(AbstractXMLDocumentParser.java:183)
at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(XMLDocumentFragmentScannerImpl.java:1377)
at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2708)
at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:605)
at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:534)
at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:888)
at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:824)
at java.xml/com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
at java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1216)
at java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:635)
at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1431)
at com.adobe.coldfusion.launcher.Launcher.run(Launcher.java:742)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at com.adobe.coldfusion.bootstrap.Bootstrap.init(Bootstrap.java:100)
at com.adobe.coldfusion.bootstrap.Bootstrap.main(Bootstrap.java:185)
Caused by: java.util.regex.PatternSyntaxException: Dangling meta character '*' near index 0
*
^
at java.base/java.util.regex.Pattern.error(Pattern.java:2015)
at java.base/java.util.regex.Pattern.sequence(Pattern.java:2190)
at java.base/java.util.regex.Pattern.expr(Pattern.java:2056)
at java.base/java.util.regex.Pattern.compile(Pattern.java:1778)
at java.base/java.util.regex.Pattern.<init>(Pattern.java:1427)
at java.base/java.util.regex.Pattern.compile(Pattern.java:1068)
at org.apache.coyote.ajp.AbstractAjpProtocol.setAllowedRequestAttributesPattern(AbstractAjpProtocol.java:182)
... 34 more

Mar 27, 2020 10:34:57 AM org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'allowedRequestAttributesPattern' to '*' did not find a matching property.
Mar 27, 2020 10:34:57 AM org.apache.catalina.core.AprLifecycleListener lifecycleEvent
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: [C:\ColdFusion2018\cfusion\lib;C:\ColdFusion2018\cfusion\jintegra\bin;C:\ColdFusion2018\cfusion\jintegra\bin\international;C:\ColdFusion2018\cfusion\lib\oosdk\classes\win;C:\ColdFusion2018\jre\bin]
Mar 27, 2020 10:34:58 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-nio-8500"]
Mar 27, 2020 10:34:58 AM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-nio-127.0.0.1-8018"]
Mar 27, 2020 10:34:59 AM org.apache.catalina.core.StandardService startInternal
INFO: Starting service [Catalina]
Mar 27, 2020 10:34:59 AM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet engine: [Apache Tomcat/9.0.21]
Mar 27, 2020 10:35:01 AM org.apache.jasper.servlet.TldScanner scanJars
INFO: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
Mar 27, 2020 10:35:01 AM org.apache.catalina.util.SessionIdGeneratorBase createSecureRandom
WARNING: Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [182] milliseconds.
03/27 10:35:03 INFO License Service: Flex 1.5 CF Edition enabled
03/27 10:35:03 INFO Starting Flex 1.5 CF Edition
Mar 27, 2020 10:35:03 AM java.io.ObjectInputFilter$Config lambda$static$0
INFO: Creating serialization filter from !org.mozilla.**;!com.sun.syndication.**;!org.apache.commons.beanutils.**
Mar 27, 2020 10:35:03 AM org.apache.catalina.core.ApplicationContext log
INFO: ColdFusionStartUpServlet: ColdFusion: Starting application services
Mar 27, 2020 10:35:03 AM org.apache.catalina.core.ApplicationContext log
INFO: ColdFusionStartUpServlet: ColdFusion: VM version = 11.0.1+13-LTS
Mar 27, 2020 10:35:03 AM Information [main] - Starting logging...
Mar 27, 2020 10:35:03 AM Information [main] - Starting license...
Mar 27, 2020 10:35:03 AM Information [main] - Developer Edition enabled
Mar 27, 2020 10:35:03 AM Information [main] - Starting crypto...
Mar 27, 2020 10:35:04 AM Information [main] - Installed JSafe JCE provider: Version 6.21 Crypto-J 6.2.1, EMC Corporation. JsafeJCE Security Provider (implements RSA, DSA, ECDSA, Diffie-Hellman, ECDH, AES, DES, Triple DES, DESX, RC2, RC4, RC5, PBE, MD2, MD5, RIPEMD160, SHA1, SHA224, SHA256, SHA384, SHA512, HMAC-MD5, HMAC-RIPEMD160, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, HMAC-SHA512, HMACDRBG, HASHDRBG, CTRDRBG, FIPS186PRNG, SHA1PRNG, MD5PRNG; RFC 3394, RFC 5649 AES Key Wrap; X.509 CertificateFactory; PKCS12, PKCS15 KeyStore; X.509V1, PKIX, PKIX-SuiteB, PKIX-SuiteBTLS CertPathValidators; X.509V1, PKIX, PKIX-SuiteB, PKIX-SuiteBTLS CertPathBuilders; LDAP, Collection CertStores)
Mar 27, 2020 10:35:04 AM Information [main] - Starting security...
Mar 27, 2020 10:35:04 AM Information [main] - Starting scheduler...
Mar 27, 2020 10:35:04 AM Information [main] - Starting WatchService...
Mar 27, 2020 10:35:04 AM Information [main] - Starting debugging...
Mar 27, 2020 10:35:04 AM Information [main] - Starting sql...
Mar 27, 2020 10:35:05 AM Information [main] - Starting runtime...
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by coldfusion.runtime.locale.CFLocaleBase (file:/C:/ColdFusion2018/cfusion/lib/cfusion.jar) to constructor sun.util.cldr.CLDRLocaleProviderAdapter()
WARNING: Please consider reporting this to the maintainers of coldfusion.runtime.locale.CFLocaleBase
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Mar 27, 2020 10:35:07 AM Information [main] - CORBA Configuration not enabled
Mar 27, 2020 10:35:07 AM Information [main] - Starting mail...
Mar 27, 2020 10:35:07 AM Information [main] - Starting cron...
Mar 27, 2020 10:35:07 AM Information [main] - Created scheduler DefaultQuartzScheduler with thread pool size as 10
Mar 27, 2020 10:35:07 AM Information [main] - Starting registry...
Mar 27, 2020 10:35:07 AM Information [main] - Starting client...
Mar 27, 2020 10:35:07 AM Information [main] - Starting xmlrpc...
Mar 27, 2020 10:35:08 AM Information [main] - Starting jaxrs...
Mar 27, 2020 10:35:08 AM Information [main] - Starting graphing...
Mar 27, 2020 10:35:08 AM Information [main] - Starting solr...
Mar 27, 2020 10:35:08 AM Information [main] - Starting archive...
Mar 27, 2020 10:35:08 AM Information [main] - Starting document...
Mar 27, 2020 10:35:08 AM Information [main] - Starting eventgateway...
Mar 27, 2020 10:35:08 AM Information [main] - Event Gateway Disabled.
Mar 27, 2020 10:35:08 AM Information [main] - Starting FlexAssembler...
Mar 27, 2020 10:35:08 AM Information [main] - Starting .NET...
Mar 27, 2020 10:35:08 AM Information [main] - Starting Monitoring...
Mar 27, 2020 10:35:09 AM Information [main] - Starting PDFG...
Mar 27, 2020 10:35:09 AM Information [main] - Starting WebSocket...
Mar 27, 2020 10:35:09 AM Information [main] - WebSocket server listens on port: 8575
Mar 27, 2020 10:35:09 AM Information [main] - ColdFusion started
Mar 27, 2020 10:35:09 AM Information [main] - ColdFusion: application services are now available
Mar 27, 2020 10:35:09 AM org.apache.catalina.core.ApplicationContext log
INFO: CFMxmlServlet: Macromedia Flex Build: 87315.134646
03/27 10:35:09 INFO Macromedia Flex Build: 87315.134646
Mar 27, 2020 10:35:17 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-nio-8500"]
Mar 27, 2020 10:35:17 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-nio-127.0.0.1-8018"]
Mar 27, 2020 10:35:17 AM com.adobe.coldfusion.launcher.Launcher run
INFO: Server startup in 20250 ms
Mar 27, 2020 10:35:26 AM Information [Thread-12] - PDFg service manager http://127.0.0.1:8991/PDFgServlet/ registered.
Error: Could not load mediaLib accelerator wrapper classes. Continuing in pure Java mode.
Occurs in: com.sun.media.jai.mlib.MediaLibAccessor
com.sun.media.jai.mlib.MediaLibLoadException

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 27, 2020 0
Adobe Community Professional ,
Mar 27, 2020

Copy link to clipboard

Copied

Adam, change the allowedRequestAttributesPattern value to =".*" (dot-asterisk), not "*". If that works for you, great. I am working on a blog post to explain what's up.

/Charlie (server troubleshooter, carehart.org)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 27, 2020 0
New Here ,
Mar 27, 2020

Copy link to clipboard

Copied

Charlie,

No joy with that either.  Tried adding allowedRequestAttributesPattern=".*" to the Connector line in server.xml and upgrading the connector and then tried removing/adding the connector.  I still get a 503 error.  

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 27, 2020 0
New Here ,
Mar 27, 2020

Copy link to clipboard

Copied

Same thing here. I can't make it work neither on 2018 update 8 nor 2016 update 14. 

 

Please fix this Adobe!

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 27, 2020 0
Adobe Community Professional ,
Mar 27, 2020

Copy link to clipboard

Copied

Guys, I appreciate your frustration, but I don't think there is any Adobe bug. Instead, as I help people this past week I am finding problems to be configuration issues, and more tomcat issues rather than Adobe ones.

 

First, Adam, you did not clarify it, but cf IS now starting for you now, right?

 

As for the 503, based on what you say you have tried previously, please try adding address="::1" to that ajp connector line. Restart cf.. Does that work?

 

Joseph, tell us what you have done after the cf update. Upgraded the connector? Made any other config changes? What error do you get? What resources have you read, for assistance?

 

I have helped people all week, and have been able to help get everyone going. We'll get you guys going.

 

And if there is need for more or better documentation, we'll get it made available. 

/Charlie (server troubleshooter, carehart.org)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 27, 2020 0
New Here ,
Mar 28, 2020

Copy link to clipboard

Copied

Charlie,

Thanks a bunch for the help.  Got it working with your last suggestion:

Added  address="::1"  to the AJP connector line in server.xml (apparently didn't need the allowedRequestAttributesPattern=".*" parameter):
<Connector connectionTimeout="60000" maxThreads="500" packetSize="65535" port="8018" protocol="AJP/1.3" redirectPort="8451" secret="221AA5F3-3A69-4AFC-AB5A-D8B928B93C79" tomcatAuthentication="false" address="::1" />

 

Recap:
This is an out of the box install of the developer edition (2018.0.0.2 -- initially installed with update 2) on Windows 10 pro/Apache 2.4.41, stock host file, everything on one box. After installation, added update 4, then 7, then 8 then upgraded web connector and made the change above to get it to work.

 

I was thinking this morning that maybe it was related to the 'localhost' debugging problem you helped me with a few months ago (https://www.carehart.org/blog/client/index.cfm/2018/8/24/fixing_CF_debugging_output_for_ipv6_localho...), but that bug must have been fixed along the way since debugging was working (checked at update 7).

 

So I glossed over your instructions regarding how to deal with CF and Tomcat on different servers since that didn't seem to apply to me.  Nonetheless, I take it that the updated Tomcat is using the IPv6 loopback, CF isn't, and one or both aren't resolving properly?

 

Thanks again!

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 28, 2020 0
Adobe Community Professional ,
Mar 28, 2020

Copy link to clipboard

Copied

Glad to hear that got you going. And yes, it's about ipv6 support, but not about cf but rather tomcat. Adobe just incorporated and updated tomcat ajp connector. That's what has the problem.

 

I am continuing research to understand a document things, to get changes made where needed.

 

It seems to be an apache thing. Thanks for confirming you use it, on windows. I've seen it on Linux as well.

 

Can you confirm if you were also using any sorry of rewrite (mod_rewrite or htaccess)? 

/Charlie (server troubleshooter, carehart.org)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 28, 2020 0
New Here ,
Mar 28, 2020

Copy link to clipboard

Copied

Charlie,

Not using mod_rewrite or htaccess in either development or production machines (seems like a headache to me).  I was trying to get the update to work on my laptop dev machine first and my Apache configuration is pretty simple.  I'll apply this to my production machine when I'm on the clock and have a good backup beforehand.  That Apache is pretty simple too except for SSL and virtual hosts, but I expect it'll work just fine.

 

It looks like when CF updates are applied, serverl.xml gets replaced (or at least it did that for update 8).  Will the consequence of that be that I'll need to manually edit serverl.xml for future updates?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 28, 2020 0
Adobe Community Professional ,
Mar 28, 2020

Copy link to clipboard

Copied

Ok, thanks. So it seems the ::1 needs to be added for those on apache (and perhaps in other cases also), and the fact that tomcat doesn't support ::1 as a default for that address attribute out of the box would be on them.

 

As for that other attribute, allowedrequestattributespattern, that seems needed ifor folks on apache who use rewrites (or again in some other cases). 

 

As for the cf  update, it does NOT replace the server.xml. As the Adobe technote explains (and I confirmed in testing), they ONLY added the new secret attributes in that ajp connector line.

 

Of course, they did also implement new tomcat libraries which changed HOW that ajp connector worked. Again, it was to implement a tomcat-written fix TO THE "ghostcat" vulnerability.

 

And it was in doing THAT that Tomcat (not Adobe) causes this need for the tweaks discussed here.

 

Bottom line: no, future cf updates should not be expected to require us to have to implement such tweaks again. Those we do now should remain in place.

/Charlie (server troubleshooter, carehart.org)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 28, 2020 0