Patch for ColdFusion Flex2 Remoting Access Level Issue (ColdFusion 8.0, 8.0.1)
Issue
Adobe ColdFusion component methods with public access can be invoked from flex2 remoting even if access level is set to remote in the remoting-config.xml.
Solution
An update is now available to enforce proper access restrictions. It allows public methods to be invoked only if the proper access level of public is configured in the flex configuration file.
Note: Before applying the update to production servers it should be confirmed that the remoting-config.xml access levels are properly configured to public.
ColdFusion 8.0
The installation process is the same for all platforms and installation choices. Use the ColdFusion 8 Administrator to install hot fix jar files.
- Download hf800-71471.zip (38k) and extract the hf800-71471.jar and administrator.cfc files.
- Open the ColdFusion 8 Administrator, and then select the System Information page.
- Next to the Update File box, click Browse and then browse to the extracted jar file.
- Select the hf800-71471.jar file, and then click Submit.
- Rename the cf_webroot/CFIDE/adminapi/administrator.cfc to *.bak. Replace with the new version from the attached zip file. The CFIDE directory is under the document root of the web server ColdFusion is running on. Alternatively, it is under coldfusion8/wwwroot for ColdFusion server and under jrun4/servers/ServerName/cfusion-ear/cfusion-war/ for ColdFusion multi-server installations if you are using the built-in ColdFusion/JRun web server.
- Restart ColdFusion.
The hf800-71471 hot fix JAR file does not need to be retained after installing it with the ColdFusion Administrator. The file has been copied into the correct location.
The hf800-71471.jar hot fix file will appear as a new entry in the System Information classpath list.
Hot fix jar files are installed in the cf_root\lib\updates directory. After stopping the ColdFusion 8 application server, delete a specific jar file from the updates directory in order to uninstall that hot fix. Removal of this hot fix will also require you to delete the new administrator.cfc file and to restore the original version.
ColdFusion 8.0.1
The installation process is the same for all platforms and installation choices. Use the ColdFusion 8 Administrator to install hot fix jar files.
- Download hf801-71471.zip (38k) and extract the hf801-71471.jar and administrator.cfc files.
- Open the ColdFusion 8 Administrator, and then select the System Information page.
- Next to the Update File box, click Browse and browse to the extracted jar file.
- Select the hf801-71471.jar file, and then click Submit.
- Rename the cf_webroot/CFIDE/adminapi/administrator.cfc to *.bak. Replace with the new version from the attached zip file. The CFIDE directory is under the document root of the web server ColdFusion is running on. Alternatively, it is under coldfusion8/wwwroot for ColdFusion server and under jrun4/servers/ServerName/cfusion-ear/cfusion-war/ for ColdFusion multi-server installations if you are using the built-in ColdFusion/JRun web server.
- Restart ColdFusion.
The hf801-71471 hot fix JAR file does not need to be retained after installing it with the ColdFusion Administrator. The file has been copied into the correct location.
The hf801-71471.jar hot fix file will appear as a new entry in the System Information classpath list.
Hot fix jar files are installed in the cf_root\lib\updates directory. After stopping the ColdFusion 8 application server, delete a specific jar file from the updates directory in order to uninstall that hot fix. Removal of this hot fix will also require you to delete the new administrator.cfc file and to restore the original version.
This content requires Flash
To view this content, JavaScript must be enabled, and you need the latest version of the Adobe Flash Player.
Download the free Flash Player now!
