Hi @Eddy37392163brn8 , Did you find a solution to this? ... View more

@Priyank Shrivastava. , thanks for returning to share the result. ... View more

I have provided this information to our security department and they have acknowledged that this is not actually a security vulnerability so we are all good.  Thanks again for the info you provided, I learnt something in the process which is always a good thing!  Have a nice day. ... View more

Glad to help. First, again yes, the change would have been from creating or updating a connector after that Oct '23 update.   But, second no, you don't "have to" RDP to access the admin. I offered multiple alternatives. There are still others. I can help anyone interested in choosing among and getting any of them working. More on my rates, approach, satisfaction guarantee, online calendar and more at carehart.org/consulting.  ... View more

That definitely sounds strange, Cindy, but good on you for plowing through for a solution.   And thanks for sharing the details...  though I suspect a tiny fraction of folks are doing the war deployment of CF, let alone doing it on Azure app service, so there may well be some unique challenges that we rarely hear about with that combination or some aspect of it   I guess your next challenge will be to see how things go for any future cf update--that incorporates package updates, at least. Not all do, so there's some potentially good news. :-).  ... View more

Forrest, the scriptsrc setting has not related to the CFIDE folder since cf2016, when Adobe split the cf_scripts folder out of the CFIDE folder to instead be now a SIBLING to it.   If you mean you had somehow overridden that scriptsrc admin settings to point again at the CFIDE folder, that would indeed now be blocked by the connector change as well as the uriworkermap.properties file block.   Good that you've solved that tweak you'd made. Hope all the details I offered might also help future readers who may find this thread.  ... View more

Thank you Satyam!  A high compliment! ... View more

@Rahul_Raj0044 , I would strongly advise you not to install ColdFusion 2023 on Windows Server 2012. You have to use Windows Server 2016, 2019 or 2022 instead. That's what you will see when you follow the link supplied by Priyank.   Why not Windows Server 2012 (R2)? Perhaps the most important consideration of all is that Microsoft no longer supports Windows Server 2012. Support for Windows Server 2012 and Windows Server 2012 R2 ended on October 10, 2023. After that date,  Windows Server 2012 and Windows Server 2012 R2 no longer receive security updates, non-security updates, bug fixes, technical support, or online technical content updates.   Why Windows Server 2016, 2019 or, preferably, 2022? ColdFusion 2023 relies on modern features, security patches and optimizations in Operating Systems, that may not be available or fully functional on Windows Server 2012. For example, the newer Operating Systems offer, to name but a few: Greater performance: (enhanced memory, CPU, and storage management), Built-in hybrid Cloud support , Improvements in virtualization (Hyper-V), Support for modern containerization technology (e.g., Docker, Kubernetes), Improved security (Windows Defender ATP, HTTP 2, TLS 1.2 and above).       ... View more

The Adobe team should, in any case, do a review of the changes in log4j (implementation, configuration and settings) in Update 13 of ColdFusion 2021.  ... View more

In CF2021 I have set the Default ScriptSrc Directory to [MyScriptDir]   I ran your sample script above, using [MyScriptDir]   And I get what I expected (but might not be ideal): C:\ColdFusion2021\cfusion\wwwroot\cf_scripts\scripts   HackMyCF does not report any issues (and I know it would report an issue if the Default ScriptSrc Directory in the Admin interface had not be changed).     Thanks for the help! ... View more

Hmm. Same here. To answer Charlie's questions: yes, update install command was run from elevated CMD prompt update was installed using cfusion JRE yes, JRE version is 17.0.9 so > 17.0.8 update install log is pretty much clean and all successful there's no mention of ZipException in the update install log   Then, the symptoms: all applications AND ColdFusion administrator UI are broken there are exceptions in the logs mentioning "Could not process Application.cfc successfully for template <...>" Caused by 'Could not initialize class coldfusion.runtime.AppHelper' at coldfusion.runtime.AppEventInvoker.getAppThisDefaults(AppEventInvoker.java:43) at coldfusion.filter.PathFilter.resolveApplicationScope(PathFilter.java:213) Caused by: java.lang.ExceptionInInitializerError at coldfusion.server.ServiceFactory.getClientScopeService   We'll be retrying at a later point. Any suggestions are welcome. I suspecting the introduction of the 'Clientvariable support in CFSetup' might have anything to do with it, but that's just guessing. ... View more

@brado70491931 , ColdFusion uses version 4 of CKEditor. To see this, launch the following URL - or its equivalent - in a browser: http://127.0.0.1:8500/cf_scripts/scripts/ajax/ckeditor/samples/ .   Relatively speaking, version 4 isn't old, since the current version of the editor is CKEditor 5. What is important is to address any vulnerabilitiy that a CKEditor version may have. That is what Update 13 of ColdFusion 2021 did.  ... View more

Hi @Sam.Neutron We are seeing some issue with the package URL and it could be the reason for the failure. Once it is fixed, I will let you know.  ... View more

@BKBK  I understand however, in first part, we want users to rename from .zip to.VSIX and in the second part, users can select the file and install from VSIX.  ... View more

@sezen_2028  Can you please let me know which product you are using so we can take a look?  ... View more

Sounds good. Thank you! ... View more

LOL.    Thanks for everything guys.  Report modification done, hours ago.    Install was perfect.   Much appreciate.  Thanks. ... View more

Got the file. it was in the .config hidden folder 🙂   All good. Thanks for the help! ... View more

Hi Aidan,   Thanks for the update and for sharing your experience. Your discovery of this cftrace quirk will certainly help fellow developers.   Regards,   BKBK ... View more

Hi @abdulkadir385559737ekc    We have forwarded your request to the relevant team, which will contact you. This is not the correct product for this post. ... View more

First thing: check if cf is indeed is listening on that 5005 port. If not (for any of many possible reasons), then the attempt by cfb to reach it will of course fail.   I elaborate more below, including how to do that as well as more on this general challenge with the debugger, and my hope to try to replicate things. I appreciate how much you and others have suffered, even though others may say "it works for me". Problems like this can be challenging, both to replicate and to solve.    1) First as for how to check on the port, since you're on Windows, I'd recommend you use the built-in windows Resource Monitor tool. See its "network" tab, then the "listening ports" there, which lists what processes are listening on what ports, and by default it lists them in ascending numerical order by port. Is 5005 there? And is it coldfusion.exe that's listening on it? (And is there only one coldfusion.exe running? You can sort that list by process name and look at the process id's shown, or you look in Task Manager and its Details tab to confirm.)    Folks on Linux or Mac, or on windows who prefer the command line, can of course use netstat or other such tools to list what's listening on what ports.    2) If indeed it IS your expected CF process which IS listening on that port, then we'd need proceed to subsequent diagnosis. And there can be various other things to consider. FWIW, I've been helping people overcome issues with CF step debugging since the feature first came out more than 15 years ago. There are several moving parts, and it can be challenging for most folks to get it all working. Once it does, then they use it happily for a long time like you had. 🙂    And to be clear, I have used the step debugger with cf2021 and the new CFBuilder. So it HAS worked.    3) But I appreciate that you or other readers facing this problem might ask, "rather than go back and forth with questions and diagnosis here, could you at least just PROVE for yourself and us whether YOU can get cf2021 update 16 to be debugged successfully, whether from the old OR new cf builder"?   And I do hope to try that. But I'm writing from a phone now so I cannot, and I may be blocked helping clients today. So I've set a reminder to try it tomorrow. (And life could get in the way of that.)   3a) Indeed, I'll say that anyone CAN ensure they get my undivided attention on an issue, with priority, by finding and requesting a consulting block of time via my online calendar, offered via my consulting page at carehart.org. As I explain there, if the time is not valuable, you won't pay for it.   And while the calendar doesn't offer time in the weekend, it can be arranged by email. But again I have set my own reminder to try to give this time tomorrow, if not sooner.   4) It does sadden me to see people suffering with this, and I do want to help. It should work, of course. If there's some bug that would be useful to confirm. If it works, then it's a config/diagnosis puzzle to resolve when it does not.   And just as I wrote extensively about troubleshooting this step-debugging in CFBuilder when it first came out, I'd be open to doing it again for the new one. (Though again the problems may not be IN the editor or its setup, as was true back then also.)   5) Finally, it may help some readers to hear that we (I and others) in the community here do try to help immediately when we are able, including attempting to replicate problems. It's just that some, like this, are harder to replicate--especially when we are on mobile--and so may take more time.   But perhaps BKBK or someone else may jump in today or earlier tomorrow than me, to report their experience. ... View more

I want to add here, for the sake of future readers, that while Paul reported that the Cloudflare "fix" I offered above "broke his site", he was never able to confirm what he'd done (nor could we investigate) because he reverted to using the Windows scheduled tasks feature in PLACE of the CF Scheduled Tasks feature. Anyone who hits this error should in fact still consider the solution I offered above.    Indeed, I just helped someone use the same approach tonight, and it worked--and his site did continue to work fine otherwise (as does my own, where I'd done this a long time ago). And I've helped others implement the solution.   One last thing: the person tonight wasn't getting this "error code 1010" reported originally here by Paul. Instead, they found that in CF's scheduler.log, the call to the task was logging an error of "403 forbidden", as in:   "Error","DefaultQuartzScheduler_Worker-2","09/23/24","15:21:00","","403 Forbidden".   That's what he presented instead, and it wasn't until we dug further that we realized (he acknowledged) that he was routing his sites through cloudflare, and had done that for a new server he was running, where this problem was happening. That's when I proposed we apply the technique I listed above, and now tasks worked.   In particular I wanted to add this mention of the "403 forbidden" error in the log so that others searching for that might find this post. (Recall that Paul instead had been looking at the output saved in the file as named in the CF scheduled task. Just two different results for the same error, it seems.)  ... View more

It was just posted that the new Update 16 includes the fix to this issue. https://community.adobe.com/t5/coldfusion-discussions/now-live-adobe-coldfusion-2023-and-2021-september-2024-security-updates/td-p/14852233  ... View more

Thank you for all your help.... I figured it out. The Command Prompt I had pinned was not as Administrator afterall.  ... View more

Hope it works out. FWIW, I actually HAD meant to ask about what jdbc driver you were using, as that can indeed have an impact on such problems. 🙂  ... View more

Were you able to discern why this is working?   I ran into a similar situation in ColdFusion 2023.  I eventually got it to work.  The abbreviated version of the connection string worked.  I added the HostNameInCertificate and that worked as well.  If I changed the hostname to something invalid, I got the error message you indicated.   I'm confused as to why this is working, though. How is it validating without knowing which TrustStore is being used and without being provided a password with which to access the TrustStore?  I decided to change the password for the cacerts to see if that impacted anything and it did not.  If it does use cacerts, does Java have access to the password? ... View more

Please see my reply as a new thread below.  ... View more

Thanks for the clarification. FWIW, as a moderator I was able to modify your previous comment to point readers to your subsequent comment. 🙂  ... View more

+1 voted for CF-4222564  ... View more

@Priyank Shrivastava.  following up on my previous post.  can you please provide any inputs on that?   ... View more