[transfer-dev] APSB10-11 hotfix breaks transfer?

3 views
Skip to first unread message

mark mazelin

unread,
May 14, 2010, 10:53:46 AM5/14/10
to transfer-dev
I'm running CF9 Enterprise on Windows Server 2008 64-bit. I just tried
installing the APSB10-11 hotfix (the latest updated version of it):
http://kb2.adobe.com/cps/841/cpsid_84102.html

Most things work, but the transfer framework will not initiate. It
bombs when coldspring tries to create the transferFactory:

<code>
Bean creation exception during init() of transfer.TransferFactory :
<br>The error occurred on line 817.
</code>

I had to remove the patch to get my app to work again. Anyone else
experiencing this? Any ideas on a fix for this?

Thanks,
Mark

--
Before posting questions to the group please read:
http://groups.google.com/group/transfer-dev/web/how-to-ask-support-questions-on-transfer

Try out the new Transfer ORM Custom Google Search:
http://www.google.com/cse/home?cx=002375903941309441958:2s7wbd5ocb8

You received this message because you are subscribed to the Google Groups "transfer-dev" group.
To post to this group, send email to transf...@googlegroups.com
To unsubscribe from this group, send email to transfer-dev...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/transfer-dev?hl=en

Tom McNeer

unread,
May 14, 2010, 11:12:44 AM5/14/10
to transf...@googlegroups.com
I had to remove the patch to get my app to work again. Anyone else
experiencing this?

Yep. Just did the same thing on my dev server: Server 2008, but 32-bit.

--
Thanks,

Tom

Tom McNeer
MediumCool
http://www.mediumcool.com
1735 Johnson Road NE
Atlanta, GA 30306
404.589.0560

mark mazelin

unread,
May 14, 2010, 2:52:14 PM5/14/10
to transfer-dev
Tom:

Are you also running ColdSpring? I'm trying to track down the
responsible framework. My app is running Transfer 1.1.g, ColdSpring
1.2 RC1 and ColdSpring Bean Utils 1.2. I have 3 statements for
coldspring.beans.DefaultXmlBeanFactory that call
loadBeansFromXmlFile(). It's dying on one that instantiates my
transfer gateways and service objects. I'm wondering if this is more
of a ColdSpring/BeanUtils issue than a Transfer issue.

Mark

On May 14, 11:12 am, Tom McNeer <tmcn...@gmail.com> wrote:
> > I had to remove the patch to get my app to work again. Anyone else
> > experiencing this?
>
> Yep. Just did the same thing on my dev server: Server 2008, but 32-bit.
>
> --
> Thanks,
>
> Tom
>
> Tom McNeer
> MediumCoolhttp://www.mediumcool.com
> 1735 Johnson Road NE
> Atlanta, GA 30306
> 404.589.0560
>
> --
> Before posting questions to the group please read:http://groups.google.com/group/transfer-dev/web/how-to-ask-support-qu...

mark mazelin

unread,
May 14, 2010, 3:48:41 PM5/14/10
to transfer-dev
This is confirmed: The hotfix does in fact break transfer
applications. I've been in discussions with the Adobe technical
response team who confirmed this (their engineering team has been able
to reproduce my error). Transfer will need to be updated in some way
before anyone should install this patch. Here is the next text from
the security bulletin:

Vulnerability CVE-2010-1294, included in this security fix, now
prevents unauthorized access to datasources via the Service Factory.
This may cause issues with certain frameworks/applications that are
accessing datasources without proper authentication.

Tom McNeer

unread,
May 14, 2010, 3:48:51 PM5/14/10
to transf...@googlegroups.com
Hi Mark,

On Fri, May 14, 2010 at 2:52 PM, mark mazelin <markm...@gmail.com> wrote:
Are you also running ColdSpring?

Yep. Hard to run Transfer properly without it. Or do much else. I've gotten very dependent on ColdSpring.
 
I'm trying to track down the
responsible framework.

Good luck.
 
My app is running Transfer 1.1.g, ColdSpring
1.2 RC1 and ColdSpring Bean Utils 1.2.

My versions of Transfer and ColdSpring are the same as yours. I'm using Brian Kotek's Bean Utilities, but I'm not sure that's the same as your ColdSpring Bean Utils.
 
I have 3 statements for
coldspring.beans.DefaultXmlBeanFactory that call
loadBeansFromXmlFile(). It's dying on one that instantiates my
transfer gateways and service objects. I'm wondering if this is more
of a ColdSpring/BeanUtils issue than a Transfer issue.

I'm not sure there's any way to tell, short of a long, painful dig through many, many framework files.

When I ran into it, I had recently made changes to my Transfer config file and figured I just made a mistake. After commenting out pieces of the file till I had nothing left, I realized it wasn't me. I then wondered about the only _other_ thing that had changed - the hotfix - and tried removing it, since it's caused other, different problems for folks.

I have not had time to go any further with this. It concerns me, because it's a pretty important hotfix. But unfortunately, the error messages in ColdSpring leave a lot to be desired, and sometimes point in the wrong direction.

I'm going to add mention of this issue in a couple of places: there's a thread on CF-Talk regarding other problems with the hotfix, and there's a string of comments about the issues on Ben Forta's blog. Perhaps letting Adobe know about the problem through Ben will at least get them to look at it, even though they certainly can't support CS or Transfer.


--
Thanks,

Tom

Tom McNeer
MediumCool
http://www.mediumcool.com
1735 Johnson Road NE
Atlanta, GA 30306
404.589.0560

--
Before posting questions to the group please read:

Tom McNeer

unread,
May 14, 2010, 3:52:33 PM5/14/10
to transf...@googlegroups.com
Mark,

Thanks for making the contact. I answered your other note. But you're obviously ahead of me.

Thanks for the explanation. Let's hope Mark (the other one) will be able to help out with a Transfer patch. He's awfully busy with ColdSpring these days.



--
Thanks,

Tom

Tom McNeer
MediumCool
http://www.mediumcool.com
1735 Johnson Road NE
Atlanta, GA 30306
404.589.0560

--
Before posting questions to the group please read:

Mark Mandel

unread,
May 14, 2010, 6:29:25 PM5/14/10
to transf...@googlegroups.com
So I'm just setting up a test bed here, but the SVN version of Transfer shouldn't access the Service Factory - it should go through <cfdbinfo>

Has anyone tried the latest SVN version of Transfer, outside of a framework context?

Mark
--
E: mark....@gmail.com
T: http://www.twitter.com/neurotic
W: www.compoundtheory.com

Hands-on ColdFusion ORM Training
www.ColdFusionOrmTraining.com

Mark Mandel

unread,
May 14, 2010, 7:37:38 PM5/14/10
to transf...@googlegroups.com
So I just ran through the Unit Tests with CF9 + SQL Server, with the patch applied, and all passed.

Make sure you have the latest version of Transfer from SVN.

Just so you know, the delay in a CF9 stable release is that the full set of unit tests can take ~ an hour to run, and I have to do it on 3 different CF versions, and 4 different databases, so it takes a while.

Mark

Tom McNeer

unread,
May 15, 2010, 8:02:00 PM5/15/10
to transf...@googlegroups.com
Mark,

Thanks for the quick service. I'll try the SVN version.

mark mazelin

unread,
May 17, 2010, 8:44:31 AM5/17/10
to transfer-dev
Agreed--Thanks Mark [Mandel] for your quick work on this. I'll try the
latest versions sometime this week...

On May 15, 8:02 pm, Tom McNeer <tmcn...@gmail.com> wrote:
> Mark,
>
> Thanks for the quick service. I'll try the SVN version.
>
> --
> Thanks,
>
> Tom
>
> Tom McNeer
> MediumCoolhttp://www.mediumcool.com
> 1735 Johnson Road NE
> Atlanta, GA 30306
> 404.589.0560
>
> --
> Before posting questions to the group please read:http://groups.google.com/group/transfer-dev/web/how-to-ask-support-qu...

David Mineer Jr

unread,
May 19, 2010, 6:08:43 PM5/19/10
to transf...@googlegroups.com
Upgrading to the latest svn fixed it for me.  I am using model-glue with it so it's not outside of a framework context.
--
David Mineer Jr
---------------------
The critical ingredient is getting off your
butt and doing something. It's as simple
as that. A lot of people have ideas, but
there are few who decide to do
something about them now. Not
tomorrow. Not next week. But today.
The true entrepreneur is a doer.

Dennis Clark

unread,
May 19, 2010, 7:31:32 PM5/19/10
to transf...@googlegroups.com
Hey Mark, I've already done regression testing of our apps with SVN revision 689 of Transfer in preparation of upgrading our production servers to CF9. Is that revision likely to work with the new hotfix, or am I going to have to upgrade and do the regression testing all over again?

-- Dennis

Mark Mandel

unread,
May 19, 2010, 8:51:47 PM5/19/10
to transf...@googlegroups.com
689 is the latest revision ;o) so there is nothing after that to test on.

Mark
cf.Objective(ANZ) - Nov 18, 19 - Melbourne Australia
http://www.cfobjective.com.au
Reply all
Reply to author
Forward
0 new messages