Tuesday, June 12, 2012

Security Hot-Fix released for ColdFusion - June 2012

Today, a priority 2 update is released, addressing an important vulnerability in ColdFusion 9.0.1 and earlier. Adobe recommends to update the ColdFusion servers. Here is the link for security bulletin

This hot-fix addresses HTTP response splitting vulnerability in ColdFusion component browser - CVE-2012-2041

The details can be found at tech-note here.

Note: This issue does not affect ColdFusion 9.0.2 and 10

Tuesday, June 5, 2012

ColdFusion 10 & Image Enhancements

With ColdFusion 10 there are some image enhancements done. Here is a list of those enhancements -

1. Image Resize and interpolation: With ImageResize and ImageScaleToFit , interpolation is one of the parameters. This Interpolation argument control quality of resultant image. This has an impact on performance.  Higher the quality, slower the response time will be. Possible value for this argument are  highestQuality (default), highQuality, mediumQuality, highestPerformance, highPerformance, mediumPerformance, nearest, bilinear, bicubic, bessel, blackman, hamming, hanning, hermite, lanczos, mitchell, quadratic.  

With ColdFusion 10, this support is added in cfimage tag as well. Now for cfimage action="resize", interpolation is one of the possible attribute.  Default value is kept in sync with the function equivalents of this action.

2. ImageDrawText: ImageDrawText method will now return a struct containing the width of the text drawn and the height of the text drawn.

3. CMYK Image support: CMYK Images were not working for Mac and 64bit OS. we have added support for the same.

4. Fixed a bug in ImageGrayScale with TiFF images.

5. Captcha Creation: ImageCreateCaptcha method support is added. 
      ImageCreateCaptcha(int height, int width, String text)
      ImageCreateCaptcha(int height, int width, String text, String difficulty)
      ImageCreateCaptcha(int height, int width, String text, String difficulty, String fonts,  int fontSize)

6, Change in behavior for action="captcha":  Added name attribute to action="captcha" for cfimage tag. This new attribute name will contain the image variable object.Now inline captcha will be rendered only when name and destination are not specified. Else if name is specified, image will be saved in variable like other image functions. If destination is specified, captcha image will be saved at the location mentioned.

7. For cfimage action = "captcha", if user specified font is not found, it will fall back to system fonts

8. ImageMakeColorTransparent: New method ImageMakeColorTransparent  is added. This will create an image and set a transparent color

9. ImageMakeTranslucent: New method  ImageMakeTranslucent  is added. This will create a new translucent imagewith given percentage of translucence
     ImageMakeTranslucent (imgpercent)

10. New Parameters for ImageOverlay: New parameters rule and alpha are added for the function ImageOverlay.
     ImageOverlay(source1, source2, [rule, alpha]))

For detailed information on all these APIs refer to ColdFusion 10 documentation.

If you see memory leak you can explore using memory leak fix done by Jpedal for JAI. You can read about it and download from here.

Sunday, June 3, 2012

WebSphere & Cookie Expires Format

On IBM Websphere 7.0 all session cookie related test cases might fail. This happens because of the following bug in Websphere 

Here are some details : 
Based on RFCs, the cookie expire date format is  DD-Mon-YYYY HH:MM:SS GMT. (RFC 822RFC 850RFC 1036, and RFC 1123)

But in WebSphere 7 it comes as  DD-Mon-YY HH:MM:SS GMT

So on the browsers which doesn't recognize this expire date format, ColdFusion administrator and other session related stuffs (which uses session cookies) may break.

Friday, June 1, 2012

ColdFusion 9.0.2 is released

ColdFusion 9.0.2 is released this week. It is mainly to remove Verity bits. It also contains all hot-fixes ( Cumulative and Security ), so to me it sounds a great deal. You can download from here
Other supporting documentation can be found at -