Current hot fix level: chf7020001
The following fixes are contained in ColdFusion MX 7.0.2 Cumulative Hot Fix 1 (CHF1). Adobe recommends that CHF1 only be applied to ColdFusion MX 7.0.2 if you are experiencing one or more of the specific fixed issues listed below, and then only to ColdFusion MX 7.0.2 (specifically). Cumulative Hot Fixes for ColdFusion MX 7.0 can be found in TechNote fd71533 and Cumulative Hot Fixes for ColdFusion MX 7.0.1 can be found in TechNote aae43964. Individual hot fixes can be found in TechNote tn_17883.
|ID Number||Description|| Added in Cumulative
|62335||Hot fix to resolve cfdocument text being cut off and additional text cut off issues when using various fonts and sizes.||1|
|63695||cfftp/listdir no longer fails on subdirectories under the the root directory.||1|
|64046||Data source entries in the ColdFusion administrator are no longer case-sensitive when using sandbox security.||1|
|52712||ColdFusion MX 7.0.2 can now use named parameters when calling stored procedures using the dbvarname attribute within the cfprocparam tag.||1|
|64411||JSP processing performance has been significantly increased.cfimport no longer checks for a valid license every time, which was causing the resource bundle to load off of the disk every time a JSP was called.||1|
|When setting a request variable in Application.cfm equal togetBaseTemplatePath and that variable is returned from a CFC function, ColdFusion MX 7.0.2 will now correctly return the CFC file system path and not the Application.cfm file system path.||
|Duplicating very large structures now works as expected. Previously, duplicating a very large structure would sometimes result in an inaccurate duplicate of the original structure.||
|64063||When using Dreamweaver to work with an Access data source through RDS, Dreamweaver will now properly display just the table name and not the entire file path to the table.||1|
|64796||ColdFusion will no longer return a NullPointerException error when trying to consume a web service using a JSP servlet located in the same server instance as ColdFusion.||1|
|64364||As of ColdFusion MX 7.0.2, cfreport would not recognize query columns added with QueryAddColumn. This issue has been resolved.||1|
|65135||When using cfchart, ColdFusion will now include the required file CF_RunActiveContent.js without including/CFIDE at the beginning of the source path.||1|
|65255||ColdFusion no longer requires write permissions to the directory when using <cfdirectory action="list" .../> with sandbox security.||1|
|64586||Hot fix to resolve a possible cross-site scripting (XSS) vulnerability in ColdFusion's handling of forms.||1|
|64430||Hot fix to resolve 'Method can be only called once' exception for any SQL update when using third party Informix and Sybase drivers, and issue where same ResultSet is returned when a query is called twice, first with MaxRows attribute set to specific value and later with no value.||1|
ColdFusion MX 7.0.2 cumulative hot fixes are installed in the ColdFusion MX Administrator. The installation process is the same for all platforms and installation choices.
The ColdFusion MX 7.0.2 cumulative hot fix JAR file does not need to be retained after installing it with the ColdFusion Administrator. The file has been copied into the correct location.
The ColdFusion MX 7.0.2 cumulative hot fix JAR file will appear as a new entry in the System Information list.
Note: Any individual hot fixes previously installed that are now contained in this cumulative hot fix should be removed.
The following updates require that the files be installed directly to the operating system and not through the standard hot fix procedure. The URL included with each description is a link to an Adobe page providing download and installation instructions along with a detailed explanation of the issue.
|64991||This hot fix updates the expired certificate used withcfform applets in ColdFusion MX 7.
ColdFusion MX 7 TechNote:Update for expired certificate on CFForm controls
|APSB06-17||A potential vulnerability in a third party library could allow a malicious local user to execute arbitrary code with the privilege level of the local SYSTEM. A malicious user must first be able to run code locally on the server to take advantage of the vulnerability. The following security bulletin and update will secure this vulnerability.
Security Bulletin:Patch available for ColdFusion MX 7 local privilege escalation
|N/A||Issues in earlier versions of the DataDirect JDBC drivers have been resolved with DataDirect JDBC drivers 3.5. The following TechNote contains a link to download the DataDirect 3.5 drivers and instructions to properly install them.
ColdFusion MX 7 TechNote:Updated DataDirect JDBC drivers (version 3.5)
|64641||This hot fix resolves an issue where ColdFusion MX 7.0.2 returns a structure as an object to Flash via Flash Remoting. This causes the Flash data provider to not display the structure properly. After applying the hot fix, ColdFusion will return a structure as a MixedArray which will work properly with Flash.
ColdFusion MX 7 TechNote:Displaying structures with the Flash data provider when using Flash Remoting