ColdFusion Hot Fixes (MX through MX 6.1)Products affected
Hot fixes are quick, downloadable code fixes to specific issues. From time to time, Adobe may add additional hot fixes to this page when problematic issues are identified and testing of the hot fix is completed. Hot fixes are meant to be interim solutions to issues that will be included in an upcoming Updater or product release.
Adobe strongly recommends installing hot fixes in your test/staging environment prior to deployment in your live production systems.
Click on the TechNote article number for full instructions. Hot fixes for ColdFusion MX 7 and higher can be found in "ColdFusion hot fixes (MX 7 and higher)" (TechNote tn_17883). Hot fixes for ColdFusion 5 and earlier can be found in "ColdFusion Hot Fixes (version 5 and earlier)" (TechNote b9f0ff6c).
 ColdFusion MX 6.1 Updater |
| ColdFusion MX 6.1 |
| ColdFusion MX |
| ColdFusion MX 6.1 Updater Hot Fixes | |
| Date Issued | Hot Fix Description |
| 1/3/07 | Hot fix for NullPointer Exceptions after upgrading to 1.4.2_06 JDK/JRE or higher ( Article kb400232 ) |
| Download Files: hf58766_611.zip
After upgrading to a JDK/JRE version 1.4.2_06 or higher, NullPointerExceptions will be seen when running templates that include cfldap or cfservlet. |
|
| 09/19/07
(updated) |
Hot fix issued for expired certificate on cfform controls (TechNote b9c2d61c) |
| Download Files: cfapplets.jar
This hot fix addresses the expired certificate error with the cfform applets in ColdFusion MX 6.1 Updater. The new certificate is valid until May 2010. |
|
| 9/12/06 | Hot fix available for cross-site scripting fulnerability in forms ( Article dcf966be ) |
| Download Files: hf64586_611.zip
Resolves a possible cross-site scripting (XSS) vulnerability in ColdFusion's handling of forms. |
|
| 11/15/05 | Hot fix available for null, null errors ( Article b3c51ba1 ) |
| Download Files: hf45343_611.jar
Resolves additional variations of corrupt or missing cfid/cftoken. |
|
| 10/18/05 | Hot fix available for JRun4 Updater 6, IIS 6.0 redirect response truncation ( Article 5c9389c8 ) |
| Download Files: wsconfig.jar
Page redirects cause truncated response output with JRun 4 Updater 6 and the IIS 6.0 connector. This problem began in Updater 6 and affects ColdFusion MX using cflocation, if JRun4 Updater 6 is used in the underlying server. |
|
| 10/12/05 | Hot fix available for cfchart output not displaying with IIS 6 ( Article 38824ea2 ) |
| Download Files: hf60827_611.jar
This hot fix explicitly generates HTTP headers before the chart data. |
|
| 6/13/05
(updated) |
Hot fix for client variables ( Article 19590 ) |
| Download Files: hf59993_611.zip
This hot fix resolves multiple issues with client variables in ColdFusion MX 6.1. |
|
| 5/13/05 | 'StringIndexOutOfBoundsException' (Article 28ff60b6 ) |
| Download Files: jrun4-hotfix-55200.zip
Resolves issue when running ColdFusion MX 6.1 with the embedded JRun server (option 1 and option 2 installation) on a non-English locale OS, when using J2EE sessions. |
|
| 4/7/05
(updated) |
Hot Fix to upgrade web server connectors ( Article 238944b1 ) |
| Download Files: wsconfig_611.zip
Hot fix rollup for the most reported connector issues for the ColdFusion MX 6.1 Updater. |
|
| 3/24/05 | Hot fix for JRun 4.0 and JRun 4.0-based servers ( Article f7736ad ) |
| Download Files: jrun-hotfix-57510-updater4.zip
JRun 4.0 can hang and refuse to service requests, even under light load, when the thread pool reaches 0. This hotfix for JRun 4.0 and JRun 4.0 Updater 3 and Updater 4-based products addresses several related issues. |
|
| 3/22/05 | Hot fix to resolve slow memory leak when enabling Debug Logging ( Article 1ea55f4a ) |
| Download Files: hf59763_611.zip
Resolves slow memory leak when debug logging is enabled from the ColdFusion Administrator console. |
|
| 3/21/05 | Hot fix to upgrade DataDirect Sequelink ODBC Server to version 5.4 ( Article e917887 ) |
| Download Files: cfmx61_slserver54.zip
This hot fix updates SequeLink to version 5.4. |
|
| 2/9/05 | Verity and C++ CFX Support on Red Hat 9 ( Article 54fb8a44 ) |
| Download Files: hf53361_611.zip | hf53361_611.jar
Hot fix for Verity to support additional versions of Linux. |
|
| 12/17/04 | Hot fix for cfdump throwing unknown type error for cfcatch structure ( Article 1a9c83c ) |
| Download Files: hf56580_611.zip
This hot fix addresses an "unknown type" error thrown by cfdump for cfcatch structure after applying ColdFusion MX 6.1 Updater. |
|
| 10/19/04
(updated) |
Hot fix for ColdFusion not responding to requests ( Article 19536 ) |
| Download Files: hf55681_611.zip
This hot fix addresses a problem with ColdFusion MX 6.1 Updater in the server configuration (which uses an internal version of JRun 4) or the J2EE configuration running on JRun. |
|
| 10/7/04 | Hot fix for ColdFusion Administrator navigation frame on an SSL site ( Article 19597 ) |
| Download Files: navserver_611.zip
When running the ColdFusion MX 6.1 Updater 1 Administrator under an SSL site, the Administrator is unable to load the left navigation frame. |
Note: The ColdFusion MX 6.1 hot fixes and security patches described and linked from this TechNote below are included in the ColdFusion MX 6.1 Updater.
| ColdFusion MX 6.1 Hot Fixes | |
| Date Issued | Hot Fix Description |
| 11/15/05 | Hot fix available for null, null errors ( Article b3c51ba1 ) |
| Download Files: hf45343_61.jar
Resolves additional variations of corrupt or missing cfid/cftoken. |
|
| 10/18/05 | Hot fix available for JRun4 Updater 6, IIS 6.0 redirect response truncation ( Article 5c9389c8 ) |
| Download Files: wsconfig.jar
Page redirects cause truncated response output with JRun 4 Updater 6 and the IIS 6.0 connector. This problem began in Updater 6 and affects ColdFusion MX using cflocation, if JRun4 Updater 6 is used in the underlying server. |
|
| 10/1/04
(updated) |
Hot fix for client variable purging (Article 19279 ) |
| Download Files: hf56991_61.zip
This hot fix resolves multiple issues with client variable purging in ColdFusion MX 6.1 |
|
| 6/30/04
(updated) |
Hot fix for Crystal Reports (Windows only) ( Article 18931 ) |
| Download Files: cfcrystal.zip
This hot fix addresses issues with cfreport in ColdFusion MX 6.1. |
|
| 5/19/04 | Verity support for Linux ( Article 19339 ) |
| Download Files: hf50943.zip
Hot fix for Verity to support additional versions of Linux. |
|
| 5/6/04
(updated) |
Hot Fix for duplicate, GetHTTPRequestData and DateDiff functions ( Article 19202 ) |
| Download Files: hf53813_61.zip
This hot fix addresses issues with the duplicate, GetHTTPRequestData, and dateDiff functions. |
|
| 3/31/04
(updated) |
100% CPU utilization and other issues using DataDirect 3.2 JDBC drivers ( Article 18807 ) |
| Download Files: macromedia_drivers.zip
This TechNote provides updated DataDirect JDBC version 3.3 drivers. The new drivers in this TechNote should replace the 3.2 drivers shipped in CFMX 6.1 or the 3.1+ drivers previously available in this TechNote. |
|
| 1/15/04 | Hot fix for cfquery/cfqueryparam ( Article 19108 ) |
| Download Files: hf53852_61.zip
This hot fix addresses issues with cfquery and cfqueryparam. |
|
| 12/19/03 | Hot fix for setting domain cookies with cfapplication ( Article 19060 ) |
| Download Files: hf53797_61.zip
In ColdFusion MX 6.1, when using the cfapplication tag with the setDomainCookies attribute set to yes, the wrong domain may be set on multihomed servers. |
|
| 12/1/03
(updated) |
Hot fix for cfform controls ( Article 18951 ) |
| Download Files: cfform.zip
This hot fix addresses issues with the cfform controls in ColdFusion MX 6.1. |
|
| 12/1/03
(updated) |
Hot fix for using COM objects ( Article 18960 ) |
| Download Files: cfmx61_com_hotfix.zip
This hot fix addresses several issues with using COM objects in ColdFusion MX 6.1. |
|
| 11/14/03
(updated) |
Hot fix for cfinsert/cfupdate ( Article 18952 ) |
| Download Files: hf53257_61.zip
This hot fix addresses several issues with cfinsert and cfupdate in ColdFusion MX 6.1. |
|
| 11/12/03 | Web Service Headers with ColdFusion MX ( Article 18939 ) |
| Download Files: See TechNote 18939
This TechNote provides a patch to Apache Axis to allow users to retrieve the response headers from a web service request, as well as a hot fix to allow users to create a SOAP header in a request that has the "mustUnderstand" attribute set to be true. |
|
| 10/30/03 | Hot fix for data source connection pooling ( Article 18980 ) |
| Download Files: hf53486_61.zip
With ColdFusion MX 6.1, if a data source is configured to maintain connections and the number of connections are limited (under Advanced Settings in the data source), it may cause the server to hang when trying to get a new connection, particularly if the server is under load. |
|
| 8/26/03 | Hot fix for ColdFusion Administrator navigation frame on an SSL site ( Article 18844 ) |
| Download Files: navserver.zip
When running the ColdFusion MX 6.1 Administrator under an SSL site, the Administrator is unable to load the left navigation frame. |
|
| ColdFusion MX 6.1 Security Patches | |
| Note: Additional configuration changes may be needed for a completely secure environment. Please refer to the full list of Security Bulletins available in the Security Zone. | |
| Date Issued | Security Patch Description |
| 4/15/04 | MPSB04-06 - Security Patch available for ColdFusion MX 6.1 File Upload Denial of service ( Bulletin MPSB04-06 ) |
| Download Files: mpsb04-06.zip
ColdFusion MX 6.1 is vulnerable to a denial of service attack if a malicious user repeatedly uploads files and interrupts each upload before it completes. |
|
| 3/15/04 | MPSB04-04 Security Patch available for ColdFusion MX and JRun 4.0 Web Services DoS ( Bulletin MPSB04-04 ) |
| Download Files: mpsb04-04.zip
ColdFusion MX and JRun 4.0 Web Services may be vulnerable to a Denial-of-Service attack from maliciously constructed SOAP requests. |
|
| 1/28/04 | MPSB04-02 Security Patch available for ColdFusion MX 6.1 form fields Denial of service ( Bulletin MPSB04-02 ) |
| Download Files: mpsb04-02.zip
ColdFusion MX 6.1 is vulnerable to a denial of service attack if a malicious user creates a ficticious request containing a large number of form fields. |
|
| 1/28/04 | MPSB04-01 Security Patch available for ColdFusion MX sandbox security (Enterprise and J2EE editions only) ( Bulletin MPSB04-01 ) |
| Download Files: mpsb04-01.zip
ColdFusion MX 6.1 sandbox security can be compromised by creating Java objects without using CreateObject() or cfobject even if these features are disabled. |
|
| 12/9/03 | MPSB03-07 Security Patch available for ColdFusion MX and JRun 4.0 Web Services DoS ( Bulletin MPSB03-07 ) |
| Download File: mpsb03-07.zip
Download File (CFMX J2EE for WebSphere only): mpsb03_07_was5.zip ColdFusion MX Web Services may be vulnerable to a Denial-of-Service attack because they use the default Apache Crimson XML parser to process Web Service SOAP requests. |
|
| 9/18/03 | MPSB03-06 Security Patch available for ColdFusion MX/ColdFusion cross-site scripting vulnerability with default error handlers ( Bulletin MPSB03-06 ) |
| Download File: mpsb03-06_6_1.zip
ColdFusionMX Web Sites that use the default ColdFusionMX Site-Wide Error Handler page or the default ColdFusionMX Missing Template Handler page may be susceptible to a cross-site scripting attack using the HTTP Referer[sic] header field. |
|
| 7/8/03 | MPSB03-04 Patch for Apache 1.3.x, 2.0 View Source Vulnerability in ColdFusion MX and JRun 4.0 on Windows ( Bulletin MPSB03-04 ) |
| Download File: mpsb03-04.zip
ColdFusion MX will show source code while browsing .cfm, .cfc,.cfml (ColdFusion MX) or .jsp (JRun) pages if the user appends an encoded space to the end of a URL. This vulnerability only affects Apache 1.3.x and 2.x versions on Windows platforms. |
| ColdFusion MX Hot Fixes (with Updater 3 installed) | |
| Date Issued | Hot Fix Description |
| 09/19/07
(updated) |
Hot fix issued for expired certificate on cfform controls ( Article b9c2d61c ) |
| Download Files: cfapplets.jar
This hot fix addresses the expired certificate error with the cfform applets in ColdFusion MX. The new certificate is valid until May 2010. |
|
| 7/17/02 | Using double-byte data with C++ CFX tags ( Article 18270 ) |
| Download File: Hot Fix
In order to use double-byte data in a C++ CFX with ColdFusion MX English, French, or German version, you must download and replace the CFXNeo.dll file. |
|
| 6/27/02 | Patch available to support Apache 2.0.39 with ColdFusion MX ( Security Bulletin MPSB02-07 ) |
| Download File: Files available through bulletin linked above
Application servers that provide Apache 2.0 modules, such as ColdFusion MX, must provide recompiled modules in order to work with Apache 2.0.39 because the Apache internal Major Version number has changed. |
|
| ColdFusion MX Security Patches | |
| Note: Additional configuration changes may be needed for a completely secure environment. Please refer to the full list of Security Bulletins available in the Security Zone. | |
| Date Issued | Security Patch Description |
| 3/15/04 | MPSB04-04 Security Patch available for ColdFusion MX and JRun 4.0 Web Services DoS ( Bulletin MPSB04-04 ) |
| Download Files: mpsb04-04.zip
ColdFusion MX and JRun 4.0 Web Services may be vulnerable to a Denial-of-Service attack from maliciously constructed SOAP requests. |
|
| 12/9/03 | MPSB03-07 Security Patch available for ColdFusion MX and JRun 4.0 Web Services DoS ( Bulletin MPSB03-07 ) |
| Download File: mpsb03-07.zip
Download File (CFMX J2EE for WebSphere only): mpsb03_07_was5.zip ColdFusion MX Web Services may be vulnerable to a Denial-of-Service attack because they use the default Apache Crimson XML parser to process Web Service SOAP requests. |
|
| 9/18/03 | MPSB03-06 Security Patch available for ColdFusion MX/ColdFusion cross-site scripting vulnerability with default error handlers ( Bulletin MPSB03-06 ) |
| Download File: mpsb03-06_6_1.zip
ColdFusionMX Web Sites that use the default ColdFusion MX Site-Wide Error Handler page or the default ColdFusionMX Missing Template Handler page may be susceptible to a cross-site scripting attack using the HTTP Referer[sic] header field. |
|
| 7/8/03 | MPSB03-04 Patch for Apache 1.3.x, 2.0 View Source Vulnerability in ColdFusion MX and JRun 4.0 on Windows ( Bulletin MPSB03-04 ) |
| Download File: mpsb03-04.zip
ColdFusion MX will show source code while browsing .cfm, .cfc,.cfml (ColdFusion MX) or .jsp (JRun) pages if the user appends an encoded space to the end of a URL. This vulnerability only affects Apache 1.3.x and 2.x versions on Windows platforms. |
Doc ID
(b3a939ce)
Last updated
2007-09-18
Products affected
