The following fixes are contained in ColdFusion 9.0.1 Cumulative Hotfix 1 (CHF1). Adobe recommends that you apply CHF1 to ColdFusion 9.0.1 only if you are experiencing one or more of the issues listed in the following table. This cumulative hotfix is specific to ColdFusion 9.0.1 and you don't have to apply it to any other releases.
What's covered
| Bug ID | Description | Added in Cumulative Hot Fix |
| APSB10-18 | Security Fix for the directory traversal vulnerability that could lead to information disclosure. | 1 |
| 83598 | Setting default locale to en_GB results in Invalid Date Format error when you run a scheduled task. | 1 |
| 83638 | serializeJSON converts integer to string. | 1 |
| 83650 | Submitting a form inside a cflayout type=”hbox|vbox” results in a JavaScript error. | 1 |
| 83671 | If named arguments with implicit structs and arrays use local variables, it results in ‘variable is undefined’ error. | 1 |
| 83689 | cfdump does not display the changes to the functions for a CFC object. | 1 |
| 83694 | cfgrid sorting does not function as desired for static and dynamic data except when the data is retrieved from the database. | 1 |
| 83725 | If you send mails with inline images, the source image is deleted. | 1 |
| 83747 | ColdFusion ORM preUpdate event handler is called twice when a persistent entity is updated within a cftransaction. Note: This issue has been fixed for one data source per request use-case. |
1 |
| 83818 | ColdFusion debugger can fail if the file being debugged is repeatedly revised. | 1 |
| 83829 | cfwindow onShow method is called twice. | 1 |
| 83836 | serializeJSON incorrectly serializes nested objects. Also, in the case of circular references, for example, when handling bidirectional ORM relationship, repeating entities are represented as empty strings instead of empty objects. | 1 |
The installation process is the same for all platforms and installation choices.
Definition of ColdFusion-Home
In the following procedures, {ColdFusion-Home} indicates the following:
- For Server installation: {ColdFusion-Home}
- For Multiserver installation: {JRun-Home}/servers/{YourServer}/cfusion-ear/cfusion-war/
- For J2EE installation: {cfusion-ear-Home}/cfusion-war/
Note: If the security fix mentioned in the bulletin APSB10-18 is already applied, you need not back up the files {CFIDE-Home}\administrator\cftags\l10n.cfm and {CFIDE-Home}\administrator\cftags\l10n_testing.cfm.
After installation, you can delete the ColdFusion 9.0.1 cumulative hot fix JAR file. The file has been copied to the correct location.
The ColdFusion 9.0.1 cumulative hotfix JAR file appears as a new entry in the System Information list.
You can uninstall ColdFusion hotfix JARs by stopping the ColdFusion application server and deleting the respective JARs from cf_root/lib/updates. You can then revert to the backed up CFM and JavaScript files.
Keywords:
cpsid_86263
Twitter™ and Facebook posts are not covered under the terms of Creative Commons.
