I found the download page very slow, I refreshed a couple of times and then I got multiple downloads, so it does work! (from Canada)   Tested lightly here on CF2021 Windows and on CF2021 on Redhat Linux and so far so good 🙂   ... View more

@dejank52055655     I was seeing  ORA-17273: Could not commit with auto-commit enabled. https://docs.oracle.com/error-help/db/ora-17273/   My custom Java class opens a connection using the data source passed by ColdFusion then does a series of inserts, then explicitly commits, then closes the connection.  I probably should have been explicitly disabling auto-commit but I didn't know it was needed because until I changed the underlying driver it just worked 😉    To be clear - this particular problem was my issue in my code when running with the Oracle ojdbc11.jar - not related to anything Adobe or Oracle.  I'm assuming the default behaviour in the embedded DataDirect driver is slightly different from the downloaded Oracle driver but it has me wondering whether swapping drivers is going to raise some other issues (like the <cfprocresult> difference) ... View more

Hi @Charlie Arehart    I skipped some details for brevity but we were using CF2021 with latest updates with Oracle 19.23 Enterprise Edition and now that our database team has updated to Oracle 19.24, we are seeing the same arraycopy errors as the original poster.  There were no patches or updates or version updates to CF2021.   We have been using <cfprocresult> since at least CF2016, maybe longer, but it does not work when I change from the embedded DataDirect drivers (macromedia.jdbc.MacromediaDriver) to the Oracle branded ojdbc11.jar (oracle.jdbc.driver.OracleDriver) downloaded from the Oracle web site, same approach as @Simon.edu.  It says so in the CF docs, I just wasn't aware of that limitation.   I also found that a custom Java class that connects to Oracle called from CF using the CF data source started failing with the change to ojdbc11.jar, apparently because the auto-commit setting is different than the DataDirect drivers.  I was able to update the Java class to explicitly disable auto-commit to resolve that issue.  Alternatively I could have added -Doracle.jdbc.autoCommitSpecCompliant=false to my CF JVM arguments.   Ideally Adobe would update the DataDirect drivers (from Progress?) to resolve the arraycopy problem and then we wouldn't bother with the Oracle branded drivers.    Does anyone know if the DataDirect drivers are better performing than the Oracle branded drivers?  We will do full regression tests on the apps but besides the difference to <cfprocresult> and auto-commit, anything else we might bump up against?   Thanks to all for the good advice found in the community 🙂  ... View more

I just discovered that calling stored procedures that return a refcursor is not supported via the Oracle thin drivers.  I get: java.sql.SQLException: ORA-06550: line 1, column 7: PLS-00306: wrong number or types of arguments in call to 'procname' then found this note in <cfprocresult>:  To use reference cursors in packages or stored procedures, use the cfprocresult tag. This causes the ColdFusion JDBC database driver to put Oracle reference cursors into a result set. (You cannot use this method with Oracle's ThinClient JDBC drivers.)   I can try to workaround this but we urgently need a fix from Adobe on this, now I'm wondering what else is broken when trying to use the thin drivers (ojdbc11.jar) ... View more

Same problem here with CF2016 but even when we finally get the resources to upgrade to CF2021 (that's our plan) we still have that problem because log4j 1.x is in CF2021 too.   Priyank has said they would address that in a future release but we need some timelines as we are facing some pretty intense scrutiny regarding log4j 1.x. ... View more

There is also the version of log4j 1.x embedded inside cf-logging.jar.     On CF2021, comparing before and after, the Adobe patch removes some of the known vulnerable classes from the coldfusion.org.apache.log4j folder in the .jar and Priyank reported "We will be upgrading the library in future update".   Besides the open CVEs logged against log4j 1.2, likely mitigated by removing the vulnerable classes, our security folks also point out that log4j 1.2 is no longer maintained and may be subject to other vulnerabilities.  I realize if we tried to remove every library that is not "actively maintained" we would quickly decimate a good part of the open source universe, but seeing as how log4j 1.2 is under the lens and is going to be an ongoing sticky point with IT security experts, Adobe needs to at least announce a plan to resolve this as soon as practical.     ... View more

Thanks Priyank, I appreciate the quick reply.  I could see the SocketServer.class was removed from cf-logging.jar which should mitigate the risk. I have some test scripts I can use to illustrate this to our security team.  I'll pass your response back to our security team. Hopefully coming from Adobe they will agree this is an acceptable action until a more complete migration from log4j 1.2 can be completed.   ... View more

Hi Priyank   Thanks for releasing the patch.  I can see that it added log4j 2.16 libraries in cfusion/lib but it left my patched log4j 2.15 libraries there too so I will remove those so only the latest version remain.   Are there any plans to upgrade the log4j 1.2 libraries to log4j 2.x?  A scan has identified these in cf-logging.jar.  Our organizational IT security guidance is that we must migrate all log4j 1.2 to log4j 2.x or will need to shut down services because of previously logged CVE vulnerabilities in log4j 1.2 and because log 4j 1.2 is no longer actively maintained.     Thanks for your help   ... View more

Email sent to you Priyank, thank you for listening into the forums. ... View more

Trying from Canada to download and getting nowhere using Chrome or Chome Icognito or Firefox across 2 different computers in different networks.  My colleague is trying the same and nothing happens...   https://www.adobe.com/support/coldfusion/downloads.html#cf2021productdownloads leads me to  https://www.adobe.com/ca/products/coldfusion/download-trial/try.html "Adobe ColdFusion (2021 release) Start your 30-day free trial" I fill in the form (again), click the blue DOWNLOAD button and it sends me to  https://www.adobe.com/ca/products/coldfusion/download-trial/get-started.html   No download starts automatically, there is no link I can see to download, I am totally stumped.   ... View more