Bardnet
Participant
Bardnet
Participant
Activity
Mar 15, 2024
11:25 AM
1 Upvote
6 years later and the idea to look into the Application.cfc is still valuable.
... View more
Aug 04, 2023
01:50 AM
Does anyone remember, which updater eventually fixed the issue in ColdFusion 2018?
... View more
Oct 23, 2022
02:58 PM
Hi, a few days ago I took notice of a security issue in the JAVA package Apache Commons Text. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42889 https://nvd.nist.gov/vuln/detail/CVE-2022-42889 I looked through ColdFusion installs on several servers and got the impression that package is not part of ColdFusion. Has anyone heard of this issue in relation with ColdFusion? Best, Bernhard
... View more
Dec 12, 2021
09:40 AM
Has anyone managed to build a testcase? After reading a post over on dev.lucee I simply put the line <cflog text="${jndi:ldap://127.0.0.1:1389/cflog}" in a cfm file but nothing happened. I don't want to wait for a hacker to find the issue; I'd love to see whether I'm vulnerable.
... View more
Dec 17, 2020
03:21 PM
Sadly, the log files are not helpful.
... View more
Dec 17, 2020
03:21 PM
Thanks alot for your pointers! I try this setting. As a quick fix I tried to identify if the script is already running and cancel every other request. Still looking for the issue, bud I could limit the negative effects.
... View more
Dec 10, 2020
02:24 PM
Hi, I find myself in a ColdFusion 2018 environment on a Linux server behind an Apache server. I had issues and tried to track them down. It turned out my long running script is called over and over again. I call it manually through a webbrowser once. I see it initiates only one request through the browser's F12 tool. After I realized that requests multiply I searched the internet for possible solutions and found this thread on this site: https://coldfusion.adobe.com/2019/02/apache-crashes-serving-multiple-thread-requests-using-cf2018/ I eventually set heartbeat_interval to 0 and noticed no change. Only after httpd was restarted the "Segmentation fault" messages stopped. Now I start my long running script and enter some data into a database when it is started, including a timestamp. This is how I see that the script is started again and again every 6 minutes. I guess this is still a connector issue. Does this behaviour ring a bell? I like to believe some instance (connector, httpd) sees no response from CF's Tomcat and repeats the request. Is there such a timeout? The Request Timeout in CFAdmin is disabled - the checkbox is unchecked. Best, Bernhard
... View more
Nov 23, 2020
05:12 AM
What do you mean "it doesn't like the parameter "? Is there an error message?
... View more
Jul 23, 2020
03:14 PM
Windows download (ZIP) just worked for me.
... View more
Feb 11, 2020
02:02 PM
Today, I saw it the versions 1.8.241 and 11.0.6 were made available by Adobe on said site.
... View more
Feb 11, 2020
01:55 PM
The password is stored encrypted. It is always advised to hash passwords. ColdFusion cannot do this because the password is needed in clear text to establish a new connection to a database. ColdFusion used to have one global key. This was changed some times back, so when ColdFusion is installed a seed is generated and every password is encrypted using this key. There is this article explaining many things including how to read the passwords using the AdminAPI and decrypt them: https://medium.com/@cfmike/retrieve-coldfusion-datasource-passwords-4c1064b91548 Prior to CF10 the seed and agorithm are fixed values and are “0yJ!@1$r8p0L@r1$6yJ!@1rj” and “DESede” respectively. For CF10 and beyond you will need to retrieve these values from the seed.properties file.
... View more
Feb 06, 2020
01:45 PM
It's likely the files are cached. Look in you CFAdmin. There are two settings "Trusted cache" and "Save class files". You can uncheck both for a moment. There's also a button to clear the component cache.
... View more
Jan 30, 2020
01:46 PM
What do you want to achieve? Do you want do look into the database and modify the data using Visual Studio Code?
... View more
Dec 16, 2019
02:44 PM
Thanks everyone for your replies. Earlier today, I took the code and started up CommandBox. I planned to step through the versions, until the code broke. I started with 2018.4 and everything worked as I know it. I switched to 2018.5 and already got the error. A chain of switch statements is indeed the reason for the exception and I can likely refactor the code and make it work. Still, the code works in some CF versions.
... View more
Dec 13, 2019
03:12 PM
Hi, we're in the process of porting our application to ColdFusion 2018. The staging server was on CF 2018 updater 4 and the site worked well. We eventully updated to updater 7 and the site stopped working with exception: Branch Target Offset Too Large for Short The code was not modified, the JAVA version stayed the same - 11.0.4. Only the latest ColdFusion updater was installed. We returned to updater 4 as this was working. We got this exception with a different code in CF 11 in the past, which worked in CF 2016. We can maybe shorten the code (break it down, whatever). It's a surprise to see this exception out of a sudden, as it used to disappear using a newer updater. Has anyone of you experienced the same exception, recently? Which updater (5, 6, 7) introduced this behaviour?
... View more
Nov 06, 2019
12:46 PM
I saw a working version in the past, but don't have the code at hand. There's one code on the internet: https://www.mitrahsoft.com/index.cfm/blog/minify-js-css-files-using-coldfusion-and-yui-library I believe I tried to work with createDynamicProxy in the past and it wasn't 100 percent perfect. The thing is, YUI wasn't updated in years and cannot handle many recent JS features: https://github.com/yui/yuicompressor/issues/234
... View more
Nov 06, 2019
12:30 PM
Well, technically: if you want, you can write the content including the tags in a file and use cfinclude to execute the file.
... View more
Nov 03, 2019
02:14 PM
This, sadly, is for various reasons not possible as the developer wishes 😞 No idea if this functionality is widely used. Stumbled over a website that used this recently.
... View more
Jul 18, 2019
01:22 PM
The value of an attribute is enclosed in double quotes. When quotes are used in a string they must be doubled.
... View more
Jul 17, 2019
02:43 PM
2 Upvotes
You need something like < cfhttp method= "post" url= "http://TheirURL.com:7000/device/00:08:e1:06:c5:39/send" throwonerror= "Yes" > < cfhttpparam type= "body" value= "{""audioLevel"": 50, ""url"": ""http://some-stream.de/""}" > </ cfhttp > You can generate the body by building a structure in ColdFusion and use serializeJSON to put it in the value attribute. Take care for the casing of the word audioLevel. curl is a command line tool that allows to send http requests. It can be used for testing. You can put everything in a cfexecute tag, if you wish. curl is freely available for download on: curl
... View more
Jul 14, 2019
12:28 PM
Hi Dave, that's an interesting point. I just looked into a ColdFusion 2018 folder and see ext-all-debug.js and ext-all.js are identic. When you use nodejs, you can use uglifyjs to compress the file like: uglifyjs ext-all-debug.js -o ext-all.js -c -m For me the file was compresssed to 2 MB down from 10 MB
... View more
Jun 27, 2019
03:08 PM
Do you want to continue running you app under CF9? As Dave did, I would also recommend to use a recent version. If you just during development want to look at you app using CF9, I would recommend CommandBox.
... View more
Jun 27, 2019
10:42 AM
Do you have to use the installer? There's a third party tool Commandbox. That allows to install older ColdFusion versions from 9 and later. https://commandbox.ortusbooks.com/setup/installation What do you want do do with that old version?
... View more
Jun 12, 2019
02:01 PM
Would also guess the leading slash is the issue. CF even accepts slash as path separator in Windows.
... View more
May 17, 2019
02:32 PM
Hi, a customer is going to update their Oracle and announced they are setting SQLNET.ALLOWED_LOGON_VERSION_SERVER to 12. This means the client driver has to be version 11.2 or later. In previous discussions I always sad simply use a recent Thin driver and everything's fine. I found this query that says which client you are on SELECT DISTINCT s.client_version FROM v$session_connect_info s WHERE s.sid = SYS_CONTEXT('USERENV', 'SID') I run it from a cfquery tag in a ColdFusion script and everything is fine when I use a recent Thin driver, they report back version 12 or 18 or something. I also ran it in ColdFusion 2016 with Updater 10 installed. I connected to Oracle using the built in driver (Developer Edition/Enterprise). I got 11.1.0.7.0 as my client version. This is lower than the driver recommended to connect to Oracle 12 with (11.2). Does anyone have a recent Oracle running and set ALLOWED_LOGON_VERSION_SERVER to a high value (at least 12)? Does this work with the driver ColdFusion 2016 comes with? Here's a matrix that shows which client can connect to which server version: Oracle DBA Blog Apps DBA Blog: java.sql.SQLException: ORA-28040: No matching authentication protocol Best, Bernhard
... View more
May 15, 2019
01:27 PM
Hi, I never heard of this behaviour. ColdFusion in my case typically runs under a Windows service account. I have no idea if this has a temp folder. I googled the term "poifiles" and found a thread: https://answers.sap.com/questions/10661163/index.html The 'poifiles' folder are used to store apache poi temporary files, which are generated for MS Word and Excel document processing. Thes files are usually automatically deleted during the JVM close No idea if this is true, though!
... View more
May 01, 2019
09:12 AM
1 Upvote
I use FileLocator, too. It's a great tool to search over a whole drive and even over network shares. They recently united the Free version and the paid version. The Pro Version is free for private use. Works great. VSCode, as I recommended yesterday, needs a setting to use the complex regexp that I wrote. { "search.usePCRE2": true }
... View more
Apr 30, 2019
03:18 PM
3 Upvotes
Hi, you can search through your code using regular expression if you use a good editor. VSCode and eclipse allow to search throught he project at once. The following looks for the cfsqltype-attribute that does not contain a correct value: cfsqltype="cf_sql_(?!integer|numeric|varchar|float|timestamp|date|longvarchar|blob|bigint|tinyint|char|decimal|time|bit|smallint|clob)
... View more
Apr 16, 2019
12:03 PM
Hi, can you share your code that does the encryption and the decryption? Does the string you finally pass into the url contain "funny" characters that might be destroyed somehow (by wrong/repeated url encoding)?
... View more
AdChoices