ColdFusion 10 Update 12 (release date, November 12 2013) addresses a vulnerability mentioned in the security bulletin APSB13-27. It also includes several other important bug fixes (see Issues fixed section). It includes all the bug fixes from previous updates of ColdFusion 10 as well.

If you can't apply the hot fix from the administrator, download the hot fix manually and run “java –jar <path to the downloaded jar file>” to update ColdFusion. For example, Adobe has noticed that on WebSphere 7 with IBM JRE 1.6, automatic download does not work.

Issues fixed

Prerequisites

1. If you have not already applied ColdFusion 10 Mandatory Update, apply it first. This step is not required if you have ColdFusion 10 Update 8 or later.
   
2. On 64-bit computer, use 32-bit JRE for 32-bit ColdFusion and 64-bit JRE for 64-bit ColdFusion.
3. If the ColdFusion server is behind a proxy, specify the proxy settings for the server to get the update notification and download the updates. Specify proxy settings using the system properties below in the jvm.config for a stand-alone installation, or corresponding script file for JEE installation.
   • http.proxyHost
   • http.proxyPort
   • http.proxyUser
   • http.proxyPassword
4. For ColdFusion running on JEE application servers, stop all application server instances before installing the update.

Installation

For instructions on how to install this update, see Server Update section.

• Microsoft Windows 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 users must use the “Run as Administrator” option.
• The update can be installed from the Administrator of a ColdFusion instance or through the command-line option (For further details, see the link above).
• Windows users can launch the ColdFusion Administrator using Start > All Programs > Adobe > Coldfusion 10 > Administrator.
• After applying the update, reconfigure the connectors using wsconfig tool. It is available at {cf_install_home}/{instance_name}/runtime/bin. On Windows, It can be launched  by choosing Start > All Programs > Adobe > ColdFusion 10 > Web Server Configuration Tool. However, you can choose to ignore this step if you are on ColdFusion 10 Update 5 or later.
  
• You can encounter a Signature Verification Failed error when downloading and installing this update. To resolve this issue, download and install the ColdFusion 10 Mandatory Update first, before installing ColdFusion 10 Update 12. For more information, see this article. If this error persists, then download ColdFusion 10 Update 12, afresh. This error is primarily due to certain issues with download.
  
• If you get the following error when installing the update using the Download and Install option, ensure that the folder {cf_install_home}/{instance_name}/hf_updates has write permission: "An error occurred when performing a file operation write on file {cf_install_home}/{instance_name}/hf-updates/hotfix_012.properties".

Uninstallation

To uninstall the update, do one of the following:

• In ColdFusion Administrator, click Uninstall in Server Update > Updates > Installed Updates.
• Run the uninstaller for the update from the command prompt. For example, java -jar {cf_install_home}/{instance_home}/hf_updates/hf-10-00012/uninstall /uninstaller.jar

If you can't uninstall the update using the above-mentioned uninstall options, the uninstaller could be corrupted. However, you can manually uninstall the update by doing the following:

1. Delete the update jar from {cf_install_home}/{instance_name}/lib/updates.
2. Copy all folders from {cf_install_home}/{instance_name}/hf-updates/{hf-10-00012}/backup directory to {cf_install_home}/{instance_name}/

Remember

1. In the ColdFusion Administrator, if you see the update listed in both Available Updates and Installed Updates, it could be a caching issue. Do the following:
   1. Navigate to Server Update > Updates > Available Updates and click Check For Updates.
   2. Press Ctrl+F5 to remove the bulb notification from the top banner of the ColdFusion Administrator.
2. If ColdFusion server doesn't start automatically (ps -ef | grep -i coldfusion command indicates ColdFusion is running, but the ColdFusion Administrator cannot be accessed), restart the server manually after applying the update. This issue is rare and occurs on few Unix or Linux-based operating systems (when buffer allocation size of the machine console is almost zero).