Highlighted

ColdFusion (2018 release) Update 9 and ColdFusion (2016 release) Update 15 released

Adobe Employee ,
Apr 21, 2020

Copy link to clipboard

Copied

We are pleased to announce that we have released the updates for the following ColdFusion versions:

 

In this update, apart from fixing the security vulnerabilities, we’ve also added SameSite cookie support for cfcookie.

 

For more information, see the tech notes below:

 

These updates fix security vulnerabilities that are mentioned in the security bulletin,  APSB20-18.

 

Please update your ColdFusion versions today. Let us know if you face any issues while installing the updates. Your feedback is essential to further enhancing the product.

 

We thank you for your continuing support.

TOPICS
Getting started

Views

1.1K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

ColdFusion (2018 release) Update 9 and ColdFusion (2016 release) Update 15 released

Adobe Employee ,
Apr 21, 2020

Copy link to clipboard

Copied

We are pleased to announce that we have released the updates for the following ColdFusion versions:

 

In this update, apart from fixing the security vulnerabilities, we’ve also added SameSite cookie support for cfcookie.

 

For more information, see the tech notes below:

 

These updates fix security vulnerabilities that are mentioned in the security bulletin,  APSB20-18.

 

Please update your ColdFusion versions today. Let us know if you face any issues while installing the updates. Your feedback is essential to further enhancing the product.

 

We thank you for your continuing support.

TOPICS
Getting started

Views

1.1K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Apr 21, 2020 0
New Here ,
May 23, 2020

Copy link to clipboard

Copied

I am getting a 403 forbidden error after updatingt to 14 or greater(CF2016) and 9(CF2018) any insight? I have several instances that I need to update so I need a rinse repeat type of SOP.

 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
May 23, 2020 0
Adobe Community Professional ,
May 23, 2020

Copy link to clipboard

Copied

Yes, this is a known issue. See the technote for the update, and it's post installation section. It notes the 403 error and what to do about it.

 

If you still have challenges, write back. If that works for you, do let us know. 

/Charlie (server troubleshooter, carehart.org)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
May 23, 2020 0
New Here ,
May 23, 2020

Copy link to clipboard

Copied

That didn't work I updated the server.xml with the same secret from the worker.properties and double checked it still getting a 403?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
May 23, 2020 0
Adobe Community Professional ,
May 23, 2020

Copy link to clipboard

Copied

Well there were two suggested fixes for the 403. Read in the troubleshooting section about adding the allowedRequestAttributesPattern=". *" to the ajp connector in server.xml.

 

Perhaps you're frustrated and rushing. If so, do note two things

 

First, observe the case of that attribute (critical) and the value: a dot and an asterisk. 

 

Second, you should NOT have needed to have "updated the server.xml with the same secret from the worker.properties". The CF update should have done THAT. Then the wsconfig update would have put the secret CF created into the workers.peoperties. I'm saying something seems off if the secret was NOT there already. 

 

Just trying to help. I have more detail (on these various problems after that March update to 2018 and 2016) in a post on my site: 

 

https://www.carehart.org/blog/client/index.cfm/2020/3/20/how_and_why_sites_may_break_after_Mar_2020_...

/Charlie (server troubleshooter, carehart.org)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
May 23, 2020 0
Adobe Community Professional ,
May 23, 2020

Copy link to clipboard

Copied

If you may be getting these replies by email, note I've corrected my last post. As I'm writing on my phone, in the tiny editing window offered, that can't be zoomed in, I missed that I'd made a typo in the attribute name. It's... attributes... (s) not... attributed... (d). 

/Charlie (server troubleshooter, carehart.org)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
May 23, 2020 1
Adobe Community Professional ,
May 26, 2020

Copy link to clipboard

Copied

jal4470, did you get the problem resolved? If so, what was the right solution for you?

/Charlie (server troubleshooter, carehart.org)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
May 26, 2020 0