ColdFusion (2023 release) Update 9

ColdFusion (2023 release) Update 9

Security recommendations

Adobe recommends applying the security configuration settings outlined in the respective Lockdown guides for all security updates.  

Оповещение:

Check if you need to create and configure connectors after installing the update. View the section Connector Configuration Table for more information.

Примечание.

The updates below are cumulative and contain all updates from previous ones. If you are skipping updates, you can apply the latest update, not those you are skipping. Further, you must note any changes implemented in each update you are skipping.

To install previous updates, see ColdFusion (2023 release) updates.

What's new and changed

In ColdFusion (2023 release) Update 9 (release date: August 20, 2024), we’ve upgraded Tomcat from version 9.0.85 to version 9.0.93.

Prerequisites

  1. On 64-bit computers, use 64-bit JRE for 64-bit ColdFusion.
  2. If the ColdFusion server is behind a proxy, specify the proxy settings for the server to get the update notification and download the updates. Specify proxy settings using the system properties below in the jvm.config for a stand-alone installation, or corresponding script file for JEE installation.
    • http.proxyHost
    • http.proxyPort
    • http.proxyUser
    • http.proxyPassword
  3. For ColdFusion running on JEE application servers, stop all application server instances before installing the update.

ColdFusion JDK flag requirements

COLDFUSION 2023 (version 2023.0.0.330468) and above

For Application Servers

On JEE installations, set the following JVM flag, "-Djdk.serialFilter=!org.mozilla.**;!com.sun.syndication.**;!org.apache.commons.beanutils.**;!org.jgroups.**;!com.sun.rowset.**", in the respective startup file depending on the type of Application Server being used.

For example:   

  • Apache Tomcat Application Server: edit JAVA_OPTS in the ‘Catalina.bat/sh’ file   
  • WebLogic Application Server:  edit JAVA_OPTIONS in the ‘startWeblogic.cmd’ file   
  • WildFly/EAP Application Server:  edit JAVA_OPTS in the ‘standalone.conf’ file   

Set the JVM flags on a JEE installation of ColdFusion, not on a standalone installation.  

Installation

ColdFusion Administrator

In Package Manager > Packages, click Check for Updates in Core Server.

After it detects an update, click Update. The core package gets updated the the latest update.

All installed packages also get updated.

Restart ColdFusion for the changes to take effect.

Install the update in offline mode manually

  1. Download the hotfix installer and repository from the link.
  2. Unzip to a place where all ColdFusion server instances can access it.
  3. Update "packagesurl" in cfusion/lib/neo_updates.xml of cfusion and all its child instances to point to <InstallerReposityUnzippedPath>/bundles/bundlesdependency.json present inside the downloaded folder.

You must have privileges to start or stop ColdFusion service and full access to the ColdFusion root directory.

  • Windows: <cf_root>\jre\bin\java.exe -jar <InstallerReposityUnzippedPath>\bundles\updateinstallers\hotfix-009-330677.jar
  • Linux-based platforms: <cf_root>/jre/bin/java -jar  <InstallerReposityUnzippedPath>/bundles/updateinstallers/hotfix-009-330677.jar

If the core server hotfix installation is successful and if there are errors  or issues with packages, packages can be installed/updated from the package manager client(cfusion\bin\cfpm.bat|cfpm.sh).

Ensure that the JRE bundled with ColdFusion is used for executing the downloaded JAR. For standalone ColdFusion, this must be at, <cf_root>/jre/bin.

Install the update from a user account that has permissions to restart ColdFusion services and other configured webservers .

For further details on manually updating the application, see the help article.

Примечание.

If you are on Java 17.0.8 or higher and want to apply the Hotfix manually, use the flag java -Djdk.util.zip.disableZip64ExtraFieldValidation=true -jar hotfix.jar.

However, if you are applying the update from the Administrator, you do not require any flag.

Post installation

Примечание.

After applying this update, the ColdFusion build number should be 2023,0,09,330677.

Uninstallation

To uninstall the update, perform one of the following:

  • In ColdFusion Administrator, click Uninstall in Server Update Updates Installed Updates.
  • Run the uninstaller for the update from the command prompt. For example, java -jar {cf_install_home}/{instance_home}/hf_updates/hf-2023-00009-330677/uninstall /uninstaller.jar

If you can't uninstall the update using the above-mentioned uninstall options, the uninstaller could be corrupted. However, you can manually uninstall the update by doing the following:

  1. Delete the update jar from {cf_install_home}/{instance_name}/lib/updates.
  2. Copy all folders from {cf_install_home}/{instance_name}/hf-updates/{hf-2023-00009-330677}/backup directory to {cf_install_home}/{instance_name}/

Connector configuration

2023 Update Connector recreation required
Update 9

No

However, upgrading from Update 4 and earlier requires you to recreate the connector.

View the following for more information on creating and configuring connectors:

Update 8

No

However, upgrading from Update 4 and earlier requires you to recreate the connector.

View the following for more information on creating and configuring connectors:

Update 7
No

However, upgrading from Update 4 and earlier requires you to recreate the connector.

View the following for more information on creating and configuring connectors:

Update 6

No

However, upgrading from Update 4 and earlier requires you to recreate the connector.

View the following for more information on creating and configuring connectors:

Update 5 Yes
Update 4 No
Update 3 No
Update 2 No
Update 1 No

Package updates

Update Packages updated
Update 9 No
Update 8 Yes
Update 7 Yes
Update 6 No
Update 5 Yes
Update 4 No
Update 3 No
Update 2 No
Update 1 No

 Adobe

Получайте помощь быстрее и проще

Новый пользователь?