Entries Tagged as “Updates”
Applying Updates on a Locked down ColdFusion 10 Server
Administrator | Adobe ColdFusion 10 | ColdFusion | General | productivity | Updates
Note: This is valid from Hotfix 9 onwards.
Depending on the user account that you have used to Lock down your server, you might need to consider the following few more steps for providing appropriate permissions to be able to apply the updates from ColdFusion Administrator.
Hotfix needs two things to be installed properly from ColdFusion Administrator.
1)
The user that is configured for ColdFusion Service should be permitted to
Start/Stop the service. More on this to setup is explained below.
2) Since ColdFusion runs with the user you have setup for ColdFusion service, that user should have write/delete/update permissions for some of the ColdFusion directories. Notably, till now (Hotfix 9) the update files are there for the following directories:
<CFHome>\cfusion\bin\ (Write)
<CFHome>\cfusion\hf-updates\ (Write)
<CFHome>\cfusion\lib\ (Write)
<CFHome>\cfusion\lib\updates\ (Write + Delete)
<CFHome>\cfusion\runtime\lib\ (Write)
<CFHome>\cfusion\wwwroot\CFIDE\adminapi\ (Write)
<CFHome>\cfusion\wwwroot\CFIDE\administrator\ (Write)
<CFHome>\cfusion\wwwroot\CFIDE\componentutils\ (Write)
<CFHome>\cfusion\wwwroot\CFIDE\scripts\ (Write)
Note: New directories may or may not get added in the future Hotfixes but the above set will always be there for ColdFusion 10.
If you are running multi-instace scenario you have to set the same for all child instance folders and their service accounts
When lockdown guide is being imposed the above two requirements should also be implemented in order to be able to apply Hotfixes from the ColdFusion administrator.
Setting up the ColdFusion Service user as required in #1:
Down load and Install Windows tool named SubInACL.exe (Installer name is SubInACL.msi) to give service start/stop permissions from
http://www.microsoft.com/en-us/download/confirmation.aspx?id=23510
Once you install it, the tool subinacl.exe gets installed
under
C:\Program Files (x86)\Windows Resource Kits\Tools
Then, run the tool as follows from command prompt by
replacing <MachineName> and <username> with your username and machine
name.
a) For machine’s local user
C:\Program Files (x86)\Windows Resource Kits\Tools>subinacl.exe /service "\\<MachineName>\ColdFusion 10 Application Server" /grant=<username>=TO
b) If the user is a Domain user you have to replace <Domainname> as well along with <MachineName>, <username> in the following command.
C:\Program Files (x86)\Windows Resource Kits\Tools>subinacl.exe /service "\\<MachineName>\ColdFusion 10 Application Server" /grant=<Domainname>\<username>=TO
More details on this are explained in the below resource.
http://support.microsoft.com/default.aspx?scid=kb;en-us;288129
This is a one-time setup that you have to do.
Once this is done -> Restart ColdFusion service -> Open ColdFusion server Administrator -> Apply Update -> You should be able to apply the Hotfix successfully now.
Video on Hotfix Installation in ColdFusion 10
Administrator | ColdFusion | Hotfix | Updates
Here is a quick video on the various Hotfix installation mechanisms in ColdFusion 10 by Adobe engineer Krishna Reddy
You can know more about how to download and install ColdFusion 10 hotfixes directly from this link
For more information on the hotfix installation mechanism ,please refer to the hotfix installation guide
-Viny
New ColdFusion security update for version 9 and above
Security | Adobe ColdFusion | Adobe ColdFusion 10 | Announcements | Updates | web application security
An important security update for ColdFusion is now available for versions 10, 9, 9.0.1 and 9.0.2.
If you are on ColdFusion 10, you will see a new update 9 within the ColdFusion administrator for you to download and install.
Adobe recommends users update their product installation with this update. Here's a link to the related security bulletin.
Note: It is recommended that, request related functionality is not used with CFThread.
ColdFusion 10 Hotfix Installation Guide
Administrator | Adobe ColdFusion 10 | ColdFusion | Updates
ColdFusion 10 featured a Hotfix Notification and auto-installation facility from ColdFusion administrator.
This
eases the hassle of manually applying, misplacing the Hotfix files, or
mistakenly applying the HotFixes to wrong versions of ColdFusion.
This can be the trouble shoot reference for any kind of Hotfix installations.
Cumulative Hot-fix 2 released for ColdFusion9.0.1
Updates
Cumulative Hot-Fix 2 is released for CF9.0.1. Cumulative Hotfix 2 consists of previously released fixes for the Security issues mentioned in the bulletins APSB11-04, APSB11-14, APSB11-15 along with the cumulative hotfix 1 and the new bug fixes. This cumulative hot fix also has the new session invalid fix added to the Security hot fix. The complete instructions and list of issues fixed can be found at - http://kb2.adobe.com/cps/918/cpsid_91836.html