ColdFusion (2016 release) Update 17
Core support for ColdFusion (2016 release) ended on Feb 16, 2021. There shall be no more updates or bug fixes to ColdFusion (2016 release). For more information and dates, see the EOL matrix for ColdFusion.
If you are applying Update 17 without applying Update 14, follow the Post Installation steps mentioned for Update 14.
Note: If you are already on Update 14, you can install Update 17 without any intermediate procedure.
If you are updating via ColdFusion Administrator:
The minimum update versions are Update 11 and higher for ColdFusion (2016 release), due to a recent change in code signing certificate.
The updates below are cumulative and contains all updates from previous ones. If you are skipping updates, you can apply the latest update, not those you are skipping. Further, you must take note of any changes that are implemented in each of the updates you are skipping.
To install previous updates, see ColdFusion (2016 release) Updates.
ColdFusion (2016 release) Update 17 (release date, 22 March, 2021) includes fixes for the the security vulnerabilities that were reported in APSB21-16, and few other fixes.
|CF-4205372||When running code analyzer, it will come back with an incorrect error for <cfcollection> when the "path" attribute is absent".
||Administrator : Code Analyzer|
|CF-4206044||The Richtext editor does not display on Chrome.
||AJAX : UI Components|
|CF-4205358||ColdFusion 2016 update 12 is unable to read jpg image.
|CF-4205355||cfimage can no longer read mismatched file extension/mimetype after installing Update 12.
|CF-4204356||After applying CF 2018 update 2 and above, a url does not work as expected on client-side CFChart (format="html").
||Charting/Graphing : Client|
|CF-4209142||There is a bug in CFChart type=JPG url attribute.||Charting/Graphing : Server|
|CF-4205181||The Server side charting does not work as expected on a few OS.||Charting/Graphing : Server|
|CF-4207294||Referencing an undefined struct value in a <cfif> statement causes a crash in unreachable code in some cases.
|CF-4198194||Invalid cfsqltypes are ignored.||Database : CFQuery|
|CF-4210952||Oracle/MSSQL Driver affected by Proxy Settings in JVM Arguments.||Database : Oracle|
|CF-4206454||An error occurs when using 'word-break: break-all;' used inside <cfdocument> tag.||Document Management : PDF generation|
|CF-4198342||cfdocument stops working intermittently in some cases.||Document Management : PDF generation|
|CF-4209480||After updating Java JRE/JDK to 1.8.0_261, there is an issue with CFPDF's ability to generate PDF files using the processddx option.
||Document Management : PDF manipulation|
|CF-4211081||The maximum permissible size for uncompressed contents varies.||File Management : CFZip|
|CF-4207423||A file with colon in name breaks DirectoryList() and DirectoryDelete().||File Management : VFS-RAM|
|CF-4204857||The June 2019 updates of CF 2018, 2016, and 11 blocks upload of files with no extension.
|CF-4205224||While running cfinfo.bat/cfinfo.sh, a warning appears.
||Installation/Config : Scripts|
|CF-4208310||The Elvis Operator is not thread safe and returns unexpected results.||Language|
|CF-4208572||Validation for a variable in the underlying Coldfusion engine is occurring for a variable in an unreached branch BEFORE determining if that branch is reachable if the variable exists inside of an inline struct that's inside of a function call that's inside of a CFIF statement (that also has a CFELSE statement) that's surrounded by CFOUTPUT tags.
|CF-4204882||An argument is not treated as a struct by Query functions.||Language|
|CF-4204992||When using safe navigation on an object that has keys which are considered "reserved keywords", ColdFusion will throw an error.
|CF-4206403||Certain CFML syntax causes unexpected behavior.||Language : Application Framework|
|CF-4206329||After installing Update 13, the component initialization does not work as expected.||Language : CF Component|
|CF-4197194||There is a scoping issue in a nested arrayEach function.||Language : Closures|
|CF-4204632||There are issues with cookie expiration dates.||Language : Cookie|
|CF-4210721||Executing isValid( "email", emailAddress ) returns true for two patterns, which are not valid email addresses.
||Language : Functions|
|CF-4205457||Issues with REST service after updating the last update.||REST Services|
|CF-4202597||Per-app mappings don't exist in REST CFCs.||REST Services|
Windows: <cf_root>/jre/bin/java.exe -jar <jar-file-dir>/hotfix-017-325979.jar
Linux-based platforms: <cf_root>/jre/bin/java -jar <jar-file-dir>/hotfix-017-325979.jar
Ensure that the JRE bundled with ColdFusion is used for executing the downloaded JAR. For standalone ColdFusion, this must be at, <cf_root>/jre/bin.
Install the update from a user account that has permissions to restart ColdFusion services and other configured webservers .
For further details on how to manually update the application, see the help article.
After applying this update, the ColdFusion build number should be 2016,0,17,325979.
Post installation, we recommend rebuilding or reconfiguring your connector.
Note: This holds true only if you have applied Update 16 without applying Update 14.
If you see Error 503 or Error 403 when firing up your websites, see the troubleshooting steps in the tech notes for Update 14.
To uninstall the update, perform one of the following:
If you can't uninstall the update using the above-mentioned uninstall options, the uninstaller could be corrupted. However, you can manually uninstall the update by doing the following: