I am required to continue to support an Adobe ColdFusion 8.01 server for several more months, or more. I've come across a bug with the CFImage tag, Missing Huffman code table which causes certain JPG images to fail. This is reported as being fixed in hot fix 4 however Adobe in the failed wisdom chose to take all CF8 hotfixes offline. Guess where I won't be spending anymore of my money.
I've tried desperately to find a support site or even offline archive that has the chf8000004.zip file I need. Anyone happen to have a copy?
I am not sure if Stack Overflow is the correct venue for this question. You might get better responses on Server Exchange. However since we are here I was in a very similar situation and found this site very useful. I know they have a large folder of CF8 hotfixes
http://www.cfmlrepo.com
Edit: I believe this link will bring you right to the CH4 for 8.0.1
https://www.amazon.com/clouddrive/share/QBUXJCtMDDIKRZEDO4UAPFjOatzj3ajH1bHbopRJTWy/folder/NfK85LpTQu2hCpH2VqShPQ
Related
We have a very strange issue. We have a large CF application that was originally written in CF9, upgraded to CF2016, then onto CF2021. There is a invoicing job that runs as a scheduled task everyday. This invoicing job does many steps (creates, checks, and pays) invoices. There are many components (functions) that are used during this process. We went live with this new server in late November of 2021 and since we have done that, the invoicing job has had issues about 4 or 5 times so far.
The errors I am seeing are usually something like:
Could not find the ColdFusion component or interface components/distributor.distribcontroller.
I say usually, because even the "missing" component changes and they are different each time.
I have checked every component for errors, so that should not be it and most days this invoice job runs fine.
CF2021 is running on Ubuntu 20.04 LTS, 4 CPU.4GB ram. other than this invoice job, application is fine (users never experience missing components)
I also do not use mappings, I have a custom mechanism where I set the compent path in a cfm file and use the "request" structure like: <cfset request.components.distributor = 'components/distributor'> in a file that gets included in the Application.cfc - its may not be ideal, but it is just the was it was build years ago and too much work to change it. (i think).
Any ideas? Any help would be appreciated.
I have a custom mechanism
Feels like a red flag. Especially since it uses the request structure.
How many CFCs are you dealing with? Would it be worth looking at WireBox to handle CFC configuration and creation? Might be overkill for the current issue, but worth looking into.
https://wirebox.ortusbooks.com/
Are you caching component paths? It may be that unchecking the component cache could address this issue.
You might post this issue over on the CFML Slack workspace. Some of the Adobe CF Engineers hang out there.
https://cfml.slack.com/
Signup: https://cfml-slack.herokuapp.com/
I am trying to install ColdFusion 5 but it looks like data2.cab file is missing from my copy. I understand on Adam Cameron's Dev Blog he had a copy of Coldfusion 5 from the document he wrote about installing it on Windows 7 64bit. Does anyone have a copy of the software please?
You can find installers for older versions of ColdFusion on a community maintained site: http://www.cfmlrepo.com/
I doubt you'll be able to get it up and running reliably as it's a 32-bit installer and won't run on modern Windows. It's pre-Java, so you'll also have issues with C compatibility for things like custom CFX tags. If you've got an old OS on a server somewhere, maybe you can do something with it.
What problem are you trying to address? Working on a legacy application? CF 5 should no longer be running any kind of production sites as there are a world of security issues given the modern Internet.
If possible, I'd suggest trying to run the code on the open source Lucee CFML engine https://www.lucee.org/. Depending on the complexity of your application, it won't just be a matter of setting up data sources and running the code. But in the long run, if this app needs to exist for a while more, it'll be a safer and less expensive solution.
If you have more questions about CF 5, you'll probably find more help on the CFML Slack channel. You can get an invite here: https://cfml-slack.herokuapp.com/
We experienced strange behaviour. Especially under chrome, some items are missing. Anyone ?
Which version are you using? You should always pin the version you use, which means that once it's published, it will never change.
The code is open source, you can check yourself from the github repository and there are other more appropriate channels than Stack Overflow, IMO:
The Django weblog, where a post is published each time there is a new release.
The Django users mailing list/google group is another place where you can keep up to date.
PyPI gives you the release history.
Finally, with any open source software, don't be afraid of digging into the source code and see what has changed. Github has a great way of comparing between 2 tags, for instance for the latest 2 1.11.x relases: https://github.com/django/django/compare/1.11.16...1.11.17
There was 2 new bugfix relases published on each 2.1.x and 1.11.x branches yesterday, so if your dependencies aren't pinned, you might have auto-updated, but without further details it's hard to tell you more.
From last few day , I was searching for static code analysis tool for ColdFusion. I have not got a good one till now. I found two.
YASCA
https://code.google.com/p/cf-metrics/
From YASCA I was getting only XSS alerts and some alerts for session mgmt, nothing more than that. I have tried with my entire project.
I am not even able to properly install cf-metrics using ColdFusion10 , After putting the required jar file in the lib folder I was not able to access any one my IIS site
because of some isapi redirect isse.
Any other tools available?
If you're still looking for a ColdFusion Linter, I would recommend CFLint. It's hosted on GitHub and Maven. The parser was updated to use ANTLR4, so it's much faster than previous editions. We're also making it easier to customize than JSLint.
I've looked at this a couple of times in the past, as I maintain a large CF application.
Each time I looked I was unable to find anything suitable. I spent a while looking into using the Railo CFML parser (because it's open source) to build something ourselves and concluded at the time that it was possible, but was no small task.
You may be able to re-examine the Railo approach, but feed the AST from Railo into an existing code analysis tool. I never got that far, but it may be possible to an extent.
I'd love to hear different, but the short answer is that there's not much out there.
We recently had a hacker gain access to our system. They dumped some Coldfusion templates and included them in random pages on our sites.
The files they dump start with Allaire Cold Fusion Template and then contain what appears to be "garbage", but I believe that this is some kind of pre-compiled Coldfusion code.
We've cleared out the hacks, but I saved off the files because I was hoping that there would be some way to de-compile them and maybe make some sense of them. Although I think the hack is dealt with, I am a little worried about what this code was doing. (When I looked at the source of a page that included this code, it created no output, so something had to be going on in the background.)
If there isn't a way, that's cool, I just thought I would at least investigate the possibility of seeing what these files were doing. Thanks in advance for any help.
Wow, you have awakened some of my "old" brain cells... Way back when you could encrypt your ColdFusion templates and they could still be run on a ColdFusion server. This encryption was not very secure as the decrypting algorithm was readily available. It was/is an easy way to "hide" your code from the unknowing (I guess).
I did a quick Google search and found an old reference to a decrypt function on Adobe's site that may help "crack" that code. AB Positive Encrypt and Decrypt I believe their code would have to be encrypted this way otherwise the ColdFusion server would not be able to read the files either. This download includes the cfdecrypt.exe and cfencode.exe programs.
If that tool does not work and if I remember correctly, the ColdFusion encryption before CFMX was done using something called CFCrypt.exe. That was an older versions of ColdFusion I think but you can try using that too. I couldn't find it but I'm sure if you Google for it can be found.
Please post back with your results. I'm interested to see what they were doing.
There is a program out there cfdecrypt that will help you decompile them. I haven't used it in years, but here is a link I found to a github project:
https://github.com/disccomp/cfdecrypt