ColdFusion 10 Update 15

Search

ColdFusion 10 Update 15 (release date December 9 2014) addresses a vulnerability mentioned in the security bulletin APSB14-29. This update is cumulative and includes fixes from previous ColdFusion 10 updates.

Important

This update has been refreshed to address an issue (bug #3865403) specific to JEE installation of ColdFusion. Stand-alone installations are not affected. Users on JEE platform who have already applied this update (build number 10,0,15,292549) need not reapply it. This issue affects the update uninstallation process only and does not, in any way, affect the functionality of the server.
After applying the refreshed update, ColdFusion build number should change to 10,0,15,292620.

Note:

This update is specific to ColdFusion 10.

Prerequisites

  1. If you have not already applied ColdFusion 10 Mandatory Update, apply it first. This step is not required if you have ColdFusion 10 Update 8 or later.
  2. On 64-bit computer, use 32-bit JRE for 32-bit ColdFusion and 64-bit JRE for 64-bit ColdFusion.
  3. If the ColdFusion server is behind a proxy, specify the proxy settings for the server to get the update notification and download the updates. Specify proxy settings using the system properties below in the jvm.config for a stand-alone installation, or corresponding script file for JEE installation.
    • http.proxyHost
    • http.proxyPort
    • http.proxyUser
    • http.proxyPassword
  4. For ColdFusion running on JEE application servers, stop all application server instances before installing the update.

Installation

For instructions on how to install this update, see Server Update section. For any questions related to updates, see this FAQ

  • The update can be installed from the Administrator of a ColdFusion instance or through the command-line option.
  • Windows users can launch the ColdFusion Administrator using Start > All Programs > Adobe > Coldfusion 10 > Administrator.
  • Microsoft Windows 7, Windows 8, Windows Server 2008, and Windows Server 2012 users must use the “Run as Administrator” option to launch wsconfig tool at {cf_install_home}/{instance_name}/runtime/bin.
  • You could encounter a Signature Verification Failed error when downloading and installing this update. To resolve this issue, download and install the ColdFusion 10 Mandatory Update first, before installing ColdFusion 10 Update 15. For more information, see this article. If this error persists, then download ColdFusion 10 Update 15, afresh. This error is primarily due to certain issues with download.
  • If you get the following error when installing the update using the Download and Install option, ensure that the folder {cf_install_home}/{instance_name}/hf_updates has write permission: "An error occurred when performing a file operation write on file {cf_install_home}/{instance_name}/hf-updates/hotfix_015.properties".
  • If you are upgrading to JDK 8 after installing ColdFusion 10 Update 15, copy tools.jar manually from {JDK_Home}/lib to {cf_install_home}/cfusion/lib/. Overlooking this step can result in the failure of ColdFusion Web Services.

Post Installation

After applying the update, reconfigure the connector using the wsconfig tool. It is available at {cf_install_home}/{instance_name}/runtime/bin. On Windows, It can be launched by choosing Start > All Programs > Adobe > ColdFusion 10 > Web Server Configuration Tool. 

Important Note: Adobe recommends that you take a backup of all connector configuration files before you consider reconfiguring the connector. Connector-related configuration files are available at {cf_install_home}/config/wsconfig/. Add back any custom changes made to the worker.properties file after reconfiguring the connector.

Uninstallation

To uninstall the update, do one of the following:

  • In ColdFusion Administrator, click Uninstall in Server Update > Updates > Installed Updates.
  • Run the uninstaller for the update from the command prompt. For example, java -jar {cf_install_home}/{instance_home}/hf_updates/hf-10-00015/uninstall /uninstaller.jar

If you can't uninstall the update using the above-mentioned uninstall options, the uninstaller could be corrupted. However, you can manually uninstall the update by doing the following:

  1. Stop ColdFusion application service.
  2. Delete the update jar from {cf_install_home}/{instance_name}/lib/updates.
  3. Copy all folders from {cf_install_home}/{instance_name}/hf-updates/{hf-10-00015}/backup directory to {cf_install_home}/{instance_name}/

Remember

  1. In the ColdFusion Administrator, if you see the update listed in both Available Updates and Installed Updates, it could be a caching issue. Do the following:
    1. Navigate to Server Update > Updates > Available Updates and click Check For Updates.
    2. Press Ctrl+F5 to remove the bulb notification from the top banner of the ColdFusion Administrator.
  2. If ColdFusion server doesn't start automatically (ps -ef | grep -i coldfusion command indicates ColdFusion is running, but the ColdFusion Administrator cannot be accessed), restart the server manually after applying the update. This issue is rare and occurs on few Unix or Linux-based operating systems (when buffer allocation size of the machine console is almost zero).

Revision History:

December 10, 2014: Added "Important Note" under What's covered section.

Adobe logo

Sign in to your account

Quick links

View all your plans Manage your plans

Legal Notices    |    Online Privacy Policy