ColdFusion 10 Update 23

Note:

Core support for ColdFusion 10 ends on May 16, 2017. There shall be no more updates or bug fixes to ColdFusion 10. For more information and dates, see the EOL matrix for ColdFusion.

Read the ColdFusion team's blog for further information.

ColdFusion 10 Update 23 (release date April 25, 2017) includes bug fixes and an updated Tomcat.

In this update, We have added a new file quartz.cluster.properties, located in cfusion/lib/quartz.

This file can be used to configure properties related to scheduler when setting up a cluster. These are the default properties and their default values in the file:

org.quartz.scheduler.rmi.export: false
org.quartz.scheduler.rmi.proxy: false
org.quartz.scheduler.wrapJobExecutionInUserTransaction: false

org.quartz.threadPool.class: org.quartz.simpl.SimpleThreadPool
org.quartz.threadPool.threadCount: 13
org.quartz.threadPool.threadPriority: 5

org.quartz.threadPool.threadsInheritContextClassLoaderOfInitializingThread: true
org.quartz.jobStore.misfireThreshold: 60000

Note:

This update also addresses vulnerabilities mentioned in the security bulletin APSB17-14.

This update is cumulative and includes fixes from previous ColdFusion 10 updates.

This update is specific to ColdFusion 10.

To see a list of all previous ColdFusion 10 updates, refer to the update page.

Bugs fixed

For the detailed list of bugs fixed in this update, refer to the list of bugs fixed.

Known issues

In Solaris OS, after installing the update from the administrator, the server does not stop, although the update is applied.

As a workaround, for the applied update to take effect, restart the server manually.

Prerequisites

  1. If you have not already applied ColdFusion 10 Mandatory Update, apply it first. This step is not required if you have ColdFusion 10 Update 12 or later.
  2. On 64-bit computer, use 32-bit JRE for 32-bit ColdFusion and 64-bit JRE for 64-bit ColdFusion.
  3. If the ColdFusion server is behind a proxy, specify the proxy settings for the server to get the update notification and download the updates. Specify proxy settings using the system properties below in the jvm.config for a stand-alone installation, or corresponding script file for JEE installation.
    • http.proxyHost
    • http.proxyPort
    • http.proxyUser
    • http.proxyPassword
  4. For ColdFusion running on JEE application servers, stop all application server instances before installing the update.

Installation

For instructions on how to install this update, see Server Update section. For any questions related to updates, see this FAQ

  • The update can be installed from the Administrator of a ColdFusion instance or through the command-line option.
  • Windows users can launch the ColdFusion Administrator using Start > All Programs > Adobe > Coldfusion 10 > Administrator.
  • Microsoft Windows 7, Windows 8, Windows 10, Windows Server 2008, and Windows Server 2012 users must use the “Run as Administrator” option to launch wsconfig tool at {cf_install_home}/{instance_name}/runtime/bin.
  • You could encounter a Signature Verification Failed error when downloading and installing this update. To resolve this issue, download and install the ColdFusion 10 Mandatory Update first, before installing ColdFusion 10 Update 23. For more information, see this article. If this error persists, then download ColdFusion 10 Update 23, afresh. This error is primarily due to certain issues with download.
  • If you get the following error when installing the update using the Download and Install option, ensure that the folder {cf_install_home}/{instance_name}/hf_updates has write permission: "An error occurred when performing a file operation write on file {cf_install_home}/{instance_name}/hf-updates/hotfix_00023.properties".
  • If you are upgrading to JDK 8 after installing ColdFusion 10 Update 23, copy tools.jar manually from {JDK_Home}/lib to {cf_install_home}/cfusion/lib/. Overlooking this step can result in the failure of ColdFusion Web Services.

Installing the update manually

  1. Click the link to download the update JAR.
  2. Execute the following command on the downloaded JAR. Launch the command prompt to apply the update. You must have privileges to start or stop ColdFusion service and full access to the ColdFusion root directory.

            Windows: <cf_root>/jre/bin/java.exe -jar <jar-file-dir>/hotfix_023.jar

            Linux-based platforms: <cf_root>/jre/bin/java -jar <jar-file-dir>/hotfix_023.jar

Ensure that the JRE bundled with CF is used for executing the downloaded JAR. For standalone ColdFusion, this must be at, <cf_root>/jre/bin

Post installation

After applying this update, ColdFusion build number should be 10,0,23,302580.

Uninstallation

To uninstall the update, do one of the following:

  • In ColdFusion Administrator, click Uninstall in Server Update > Updates > Installed Updates.
  • Run the uninstaller for the update from the command prompt. For example, java -jar {cf_install_home}/{instance_home}/hf_updates/hf-10-00023/uninstall /uninstaller.jar

If you can't uninstall the update using the above-mentioned uninstall options, the uninstaller could be corrupted. However, you can manually uninstall the update by doing the following:

  1. Stop ColdFusion application service.
  2. Delete the update jar from {cf_install_home}/{instance_name}/lib/updates.
  3. Copy all folders from {cf_install_home}/{instance_name}/hf-updates/{hf-10-00023}/backup directory to {cf_install_home}/{instance_name}/

Remember

  1. In the ColdFusion Administrator, if you see the update listed in both Available Updates and Installed Updates, it could be a caching issue. Do the following.
  2. Navigate to Server Update > Updates > Available Updates and click Check For Updates.
  3. Press Ctrl+F5 to remove the bulb notification from the top banner of the ColdFusion Administrator.
  4. If ColdFusion server doesn't start automatically (ps -ef | grep -i coldfusion command indicates ColdFusion is running, but the ColdFusion Administrator cannot be accessed), restart the server manually after applying the update. This issue is rare and occurs on few Unix or Linux-based operating systems (when buffer allocation size of the machine console is almost zero).

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy