Re: Issue with new CF Update
Yep, it wasn't a dash on the tech post. Changed to a dash instead and it worked on one production server. I'll try more tomorrow, thanks. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343180 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Issue with new CF Update
On Mon, Mar 21, 2011 at 2:42 PM, Jason Nokes wrote: > > The ? is not in there. > If you're referring to Sean's post, he means, make sure that the character is front of "Dcoldfusion" is a hyphen, not an en dash or em dash. The character within your post, which he quotes, appears to be an en dash. That's what he means when he refers to "extended characters." -- Thanks, Tom Tom McNeer MediumCool http://www.mediumcool.com 1735 Johnson Road NE Atlanta, GA 30306 404.589.0560 ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343172 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Issue with new CF Update
The ? is not in there. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343169 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Issue with new CF Update
> On Fri, Mar 18, 2011 at 4:07 PM, Jason Nokes wrote: >> I successfully deployed the fixed hotfix >> (http://www.adobe.com/support/security/bulletins/apsb11-04.html) on both of >> our development servers, but cannot get it deployed to our production >> servers. When I add "Dcoldfusion.session.protectfixation=false" to the JVM >> arguments CF service will not start. Make sure that's - and not which is the character you showed. A copy and paste glitch caused by extended characters in the HTML of the bulletin?? -- Sean A Corfield -- (904) 302-SEAN An Architect's View -- http://corfield.org/ World Singles, LLC. -- http://worldsingles.com/ Railo Technologies, Inc. -- http://www.getrailo.com/ "Perfection is the enemy of the good." -- Gustave Flaubert, French realist novelist (1821-188 ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343167 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Issue with new CF Update
Here is the error starting from command prompt: Exception in thread "main" java.lang.NoClassDefFoundError: Dcoldfusion/se rotectfixation=false Caused by: java.lang.ClassNotFoundException: Dcoldfusion.session.protectf =false at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:303) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) at java.lang.ClassLoader.loadClass(ClassLoader.java:248) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:316) ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343163 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Issue with new CF Update
On Fri, Mar 18, 2011 at 4:07 PM, Jason Nokes wrote: > I successfully deployed the fixed hotfix > (http://www.adobe.com/support/security/bulletins/apsb11-04.html) on both of > our development servers, but cannot get it deployed to our production > servers. When I add "âDcoldfusion.session.protectfixation=false" to the JVM > arguments CF service will not start. I have seen the same on some CF 8 Standard servers. The critical lines in coldfusion-out.log are: java.lang.NoClassDefFoundError: Dcoldfusion/session/protectfixation=false Caused by: java.lang.ClassNotFoundException: Dcoldfusion.session.protectfixation=false at java.net.URLClassLoader$1.run(URLClassLoader.java:202) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:190) at java.lang.ClassLoader.loadClass(ClassLoader.java:307) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) at java.lang.ClassLoader.loadClass(ClassLoader.java:248) Exception in thread "main" These sites run with a very non-default set of classpath and libpath variables in jvm.config and I haven't had time to see if this is a problem with these sites or with the patch in general. Jochem -- Jochem van Dieten http://jochem.vandieten.net/ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343149 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Issue with new CF Update
> When I start from command line it says "A service specific error has > occurred: 2". I'm doing > net start of the Windows service, not sure if there is another way to start > via cmd. That's not what I meant, although I can see why you might think that. That runs CF as a service. Instead, you can run CF as an application. Stop the CF service, then from a command prompt find cfstart.bat somewhere within your CF install directory, if you're using the standalone version of CF. If you're using the JRun version, find jrun.exe, then type "jrun -start coldfusion" to start the default CF instance. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343128 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Issue with new CF Update
When I start from command line it says "A service specific error has occurred: 2". I'm doing net start of the Windows service, not sure if there is another way to start via cmd. Our JVM has evolved over time. Not sure if it started in 32-bit or 64-bit. Here are Arguments to VM: java.args=-server -Xmx2560m -Dsun.io.useCanonCaches=false -XX:MaxPermSize=512m -XX:+UseParallelGC -Xbatch -Dcoldfusion.rootDir={application.home}/ -Djava.security.policy={application.home}/servers/cfusion/cfusion-ear/cfusion-war/WEB-INF/cfusion/lib/coldfusion.policy -Djava.security.auth.policy={application.home}/servers/cfusion/cfusion-ear/cfusion-war/WEB-INF/cfusion/lib/neo_jaas.policy -Duser.timezone=GMT -Dcoldfusion.fckupload=true ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343123 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Issue with new CF Update
> I successfully deployed the fixed hotfix > (http://www.adobe.com/support/security/bulletins/apsb11-04.html) on both of > our development servers, > but cannot get it deployed to our production servers. When I add > "Dcoldfusion.session.protectfixation=false" to the JVM arguments CF service > will not start. > > The servers are all the same. I've quadruple checked that I've deployed the > correct files and even deployed the files again to a second > production server without success. The JVMs on dev and prod are identical > except for the their Xmx and XX:MaxPermSize size arguments. What JVM are you using? Is it the one that comes with CF? 32- or 64-bit? What do you see if you start CF from the command line? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343119 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Issue with new CF Update
I successfully deployed the fixed hotfix (http://www.adobe.com/support/security/bulletins/apsb11-04.html) on both of our development servers, but cannot get it deployed to our production servers. When I add "âDcoldfusion.session.protectfixation=false" to the JVM arguments CF service will not start. The servers are all the same. I've quadruple checked that I've deployed the correct files and even deployed the files again to a second production server without success. The JVMs on dev and prod are identical except for the their Xmx and XX:MaxPermSize size arguments. Any ideas? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:343118 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Issue with new CF Update
that hardly seems like a fix. On Sat, Feb 12, 2011 at 4:34 PM, Dave Watts wrote: > > > > Yes. This is a known (but not yet documented) issue. There are three > > > ways you can fix this: > > > > Just so folks are clear, you're saying that the new security fix will > > break existing working applications? And folks need to change their > > configuration or their code? > > Yes, that's my understanding, since it changes the default behavior of > cookies and how CF responds to cookies. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > http://training.figleaf.com/ > > Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on > GSA Schedule, and provides the highest caliber vendor-authorized > instruction at our training centers, online, or onsite. > > ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342165 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Issue with new CF Update
> > Yes. This is a known (but not yet documented) issue. There are three > > ways you can fix this: > > Just so folks are clear, you're saying that the new security fix will > break existing working applications? And folks need to change their > configuration or their code? Yes, that's my understanding, since it changes the default behavior of cookies and how CF responds to cookies. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342164 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Issue with new CF Update
On Fri, Feb 11, 2011 at 10:16 AM, Dave Watts wrote: > Yes. This is a known (but not yet documented) issue. There are three > ways you can fix this: Just so folks are clear, you're saying that the new security fix will break existing working applications? And folks need to change their configuration or their code? (this is a genuine question - I've not followed the update process so I'm just looking at all the folks who are complaining about broken applications when they apply the security fix) -- Sean A Corfield -- (904) 302-SEAN Railo Technologies, Inc. -- http://getrailo.com/ An Architect's View -- http://corfield.org/ "If you're not annoying somebody, you're not really alive." -- Margaret Atwood ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342163 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Issue with new CF Update
> We're having a somewhat similar issue. We have multiple CF servers and use > our own server-independent session management using cookies > and session info saved in the database. We've found that if you go from one > updated server to another updated server it loses the user session. If > you go to or from a NON-updated server to an updated server it works fine. It > also works if you stay on the same updated server. Is this related? I > had to roll the updated servers back, but worry about updates in the future > that include this hotfix. I don't know if it's related, but you should be able to control the scope of the cookies using the DOMAIN attribute of CFCOOKIE, if you're not already doing so. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342159 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Issue with new CF Update
> > I installed the CF901 (APSB11-04) hotfix on our development and now > we are having problems when trying to access different > > applications in the same browser at the same time. Each application > wants to use its own CFID and CFTOKEN, but when you > > log into one app which is app name "X", then try to open app "Z", > you cannot get in because the CFID and CFTOKEN are already > > there from the other application. Our URL domain name is the same > for both. Was there something in the hotfix that prevents > > this from happening now with the same domain name?? > > Yes. This is a known (but not yet documented) issue. There are three > ways you can fix this: > > 1. Revert to the prior configuration. > > 2. Ensure that you set the CFID and CFTOKEN cookies so that they're > path-specific - you'll have to rewrite them yourself using CFCOOKIE. > > 3. Use J2EE session handling. > > Dave Watts, CTO, Fig Leaf Software > http://www.figleaf.com/ > http://training.figleaf.com/ > > Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on > GSA Schedule, and provides the highest caliber vendor-authorized > instruction at our training centers, online, or onsi We're having a somewhat similar issue. We have multiple CF servers and use our own server-independent session management using cookies and session info saved in the database. We've found that if you go from one updated server to another updated server it loses the user session. If you go to or from a NON-updated server to an updated server it works fine. It also works if you stay on the same updated server. Is this related? I had to roll the updated servers back, but worry about updates in the future that include this hotfix. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342154 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Issue with new CF Update
> I installed the CF901 (APSB11-04) hotfix on our development and now we are > having problems when trying to access different > applications in the same browser at the same time. Each application wants to > use its own CFID and CFTOKEN, but when you > log into one app which is app name "X", then try to open app "Z", you cannot > get in because the CFID and CFTOKEN are already > there from the other application. Our URL domain name is the same for both. > Was there something in the hotfix that prevents > this from happening now with the same domain name?? Yes. This is a known (but not yet documented) issue. There are three ways you can fix this: 1. Revert to the prior configuration. 2. Ensure that you set the CFID and CFTOKEN cookies so that they're path-specific - you'll have to rewrite them yourself using CFCOOKIE. 3. Use J2EE session handling. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsi ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342144 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Issue with new CF Update
I installed the CF901 (APSB11-04) hotfix on our development and now we are having problems when trying to access different applications in the same browser at the same time. Each application wants to use its own CFID and CFTOKEN, but when you log into one app which is app name "X", then try to open app "Z", you cannot get in because the CFID and CFTOKEN are already there from the other application. Our URL domain name is the same for both. Was there something in the hotfix that prevents this from happening now with the same domain name?? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:342143 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm