30 thoughts

  1. I just installed security update APSB10-11 my local machine and now whenever I try to access any of my datasources I get this error:
    "Datasource ExceptionLog could not be found."
    where ExceptionLog is the datasource name.
    I am running Windows 7 64 bit with Coldfusion 8.0.1 64 bit Developer Edition with Cumulative Hotfix 4, all hot fixes not in CHF4, and all security patches.
    Removing security update APSB10-11 fixed the problem

  2. I just installed security update APSB10-11 my local machine and now whenever I try to access any of my datasources I get this error:
    "Datasource ExceptionLog could not be found."
    where ExceptionLog is the datasource name.
    I am running Windows 7 64 bit with Coldfusion 8.0.1 64bit Developer Edition with Cumulative Hotfix 4, all hot fixes not in CHF4, and all security patches.
    Removing security update APSB10-11 fixed the problem

  3. When I applied the hotfix, it didn’t break anything, but in the system information, the update level is still showing the previous one that was installed.

  4. We just tried applying the 8.01 HF on 2 different dev machines and after restarting CF could no longer connect to any datasources using <cfquery>. MySQL connections gave the error message "Datasource X could not be found", for SQL Server it was "coldfusion.sql.Executive.getDatasource1(Ljava/lang/String;)Ljavax/sql/DataSource;"
    Verifying the datasources in the CF Administrator worked ok, though.

  5. Thanks, Alison … having the same trouble here. Luckily installed it first on my dev machine and not one of the servers. 8.0.1 on Windows XP, 32-bit, but same issue on every datasource. The DSNs validate fine in CF Admin, but apps can’t find them.

  6. I have received the same issue, after removing the hotfix the issue was resolved, I re-applied the hotfix and received the same error.
    On with Adobe now to create a support incident.

  7. Looks like there is an issue with CF8.0.1 64-bit with Hotfix 4 applied, where it doesn’t like the filename convention of the security update. Only CF8.0.1 64-bit with Hotfix 4 is impacted, so if you’re using that version don’t apply the update yet.
    — Ben

  8. Just wanted to chime in that our Win2003 Server which is 32-bit is also experiencing this epic failure as well…
    CFMX 8.0.1 Rollup-4 running on 32bit windows and Java 1.6.0_20.

  9. Given the problems with the fix, I want to wait a bit. The second and third vulnerability do not seem that critical, at least for my installations, how serious is the first one? Realistically.

  10. Ahem, rather disappointing Adobe released a security hotfix without having tested it on their own most recent cumulative hotfix. I expect more rigorous QA.

  11. Chris, I agree completely! This was a screw-up, and the team is going to have to figure out how the heck it happened, and how to ensure that it does not happen again.
    — Ben

  12. I have tried the latest hotfix update and I still get the following error. unexpected constant #353 96
    I can’t even get the Administrator login page. I have tried to roll back and then I get this error unexpected constant #55 0
    Anyone have any ideas about what may be going on here? I would really hate to have to re-install CF 8, to bad we don’t have CF9 bought yet I would just install it!

  13. @Becky, you don’t have to reinstall CF8! Just go into C:ColdFusion8libupdates and remove the file ‘shf8010001.jar’. Then stop / start the CF Application Service and you should be back to your previous update.

  14. Can somone confirm if this security patch applies to 7.0.2? I contacted adobe phone support and they forward me to forums.adobe.com and stated there is no phone support for server products.

  15. "no phone support for server products" is a lie, I’ve had several myself with Adobe support over ColdFusion.
    Try again, it’s ‘well known’ to be hard to explain you are not calling about a desktop system 🙂

  16. Even the updated patch is still causing issues for me: CF9 Enterprise on Windows Server 2008 64-bit. Most things work, but the transfer framework will not initiate. It bombs when coldspring tries to create the transferFactory:
    Bean creation exception during init() of transfer.TransferFactory : <br>The error occurred on line 817.
    Aargh! Had to remove the jar file to have my site running smoothly again.

  17. I too had to roll back this morning. Most things worked, but I discovered today that our install of the CommonSpot demo site (version 6.0) was broken. Line 51 of database.cfm was failing:
    dsn = dsservice.getDataSource(arguments.dsname);

  18. This technote and the attachments have been updated on 05/21/2010
    "Vulnerability CVE-2010-1294, included in this security fix, now prevents unauthorized access to datasources via the Service Factory. This may have caused issues with certain frameworks/applications that were accessing datasources without proper authentication. The fix has been updated to correct these issues by allowing unauthenticated access to only the datasource connection. Details of the datasource are only allowed with authenticated access."

  19. @Ben, any follow up to this patch? Sounds like a good one to implement, but not with the datasource issues that many of us hit. I know the tech team was working on it, but wondering if you’ve got a progress report.

Leave a Reply to Marc Cancel reply