Entries Tagged as “Adobe ColdFusion 10”
Adobe ColdFusion 10 | Updates
ColdFusion 10 Update 13 is now available.
This update introduces support for OS X 10.9 Mavericks. It fixes the web server connector issue on OS X 10.9 reported as bug #3653076.
Users who are on OS X 10.9 or who plan to upgrade to 10.9 should apply this update. Users on other platforms need not apply this update.
For further details you may refer this technote.
Security | Adobe ColdFusion 10
ColdFusion Enterprise installation includes FIPS compliant RSA BSAFE JCE Crypto Provider. Default algorithm used by this library for random number generation is ECDRBG (A variant of Dual Elliptic Curve). RSA has released an advisory regarding same (ESA-2013-068) listing unsafe random bit generation algorithms.
ColdFusion sets the default random number generator algorithm to FIPS186Random (JVM argument -Dcoldfusion.jsafe.defaultalgo=<algorithm>) which is completely safe to use. So good news is by default your ColdFusion 10 installation is secure. Note that CrypotJ libraries are not available in Standard installation of ColdFusion.
ColdFusion 9 family uses BSafe library 3.6 which doesn’t make use of ECDRBG based algorithms. It uses SHA1PRNG as default random number generation algorithm. There is no impact on coldfusion 9. JVM argument -Dcoldfusion.jsafe.defaultalgo is not available in ColdFusion 9 family.
Following table lists unsafe random bit generation algorithms.
|ECDRBG||Dual EC DRBG (128 Bit)|
|ECDRBG128||Dual EC DRBG (128 Bit Default)|
|ECDRBG192||Dual EC DRBG (192 bit)|
|ECDRBG256||Dual EC DRBG (256 bit)|
Pete from CF community has also blogged about the same here
Adobe ColdFusion 10 | Announcements | Updates
We updated the ColdFusion 10 Mandatory Update bits on Nov 21, 2013. This has been done to implement certain internal changes in the code signing mechanism.
Users who are on ColdFusion 10 Update 8 and above are not affected by this change. They need not reapply the Mandatory Udpate. Users on Update level 7 and below can follow this article to reapply the Mandatory Update.
Users on a new ColdFusion 10 installation (build number 282482 or 283922) should apply the Mandatory Update.
Users who need to install updates older than Update 8, can reference this article to download and install the required update.
Security | Adobe ColdFusion | Adobe ColdFusion 10 | Announcements | Hotfix | Updates | web application security
New security update is available for coldfusion versions 9.0, 9.0.1, 9.0.2 and 10.0. This hotfix addresses the security issues specified in the technote here. Here is the link to the security bulletin for this hotfix. It also includes few important bug fixes for coldfusion 10 as specified here.
We recommend locking down your server by following the lock down guide and disable unused features in the production environments.
Administrator | Adobe ColdFusion 10 | web application | web application development | web application security
One of the world’s leading open-source research websites was experiencing performance issues because increasing volumes of data were taxing the system’s available memory. To solve the problem, the Social Science Research Network (SSRN) called on ITX Corp., an IT solutions provider. ITX rebuilt the site using Adobe ColdFusion, which helped eliminate memory problems, cut development times through the reuse of modularized code, and streamline SSRN’s web technology infrastructure.
“Not only did the upgrade to 64-bit Adobe Cold Fusion help stop server crashes, it also helped reduce the number of servers SSRN needs to run its site,” says Fernando D’Agostino, lead architect at ITX. “Previously, SSRN had 14 servers. Now it has 8, which reduces costs associated with server purchases, maintenance, and support.” http://adobe.ly/19XDRHf