ColdFusion (2016 release) Update 5
The update is cumulative and contains all previous updates applied to ColdFusion (2016 release).
This security update requires ColdFusion to be on JDK 8u121 or higher.
Adobe recommends that you must manually update your ColdFusion JDK/JRE to the latest version.
In case you do not update the JDK/JRE, simply applying the update would NOT secure the server.
For Application Servers
Additionally, on JEE installations, set the following JVM flag, "-Djdk.serialFilter=!org.mozilla.** ", in the respective startup file depending on the type of Application Server being used.
For examples ,
Set the JVM flags on a JEE installation of ColdFusion, not on a standalone installation.
ColdFusion (2016 release) Update 5 ( release date September 12, 2017) includes the following changes:
For more information, refer to the release notes.
Note: This update is specific to ColdFusion (2016 release)
To view all ColdFusion (2016 release) updates, see the Updates page.
For the detailed list of bugs fixed in this update, refer to Bugs fixed list.
Windows: <cf_root>/jre/bin/java.exe -jar <jar-file-dir>/hotfix-005-303689.jar
Linux-based platforms: <cf_root>/jre/bin/java -jar <jar-file-dir>/hotfix-005-303689.jar
Ensure that the JRE bundled with ColdFusion is used for executing the downloaded JAR. For standalone ColdFusion, this must be at, <cf_root>/jre/bin.
Install the update from a user account that has permissions to restart ColdFusion services and other configured webservers .
For further details on how to manually update the application, see the help article.
After applying this update, the ColdFusion build number should be 2016,0,05,303689.
After installation, point the JDK to JDK 8u121 or higher.
To uninstall the update, perform one of the following:
If you can't uninstall the update using the above-mentioned uninstall options, the uninstaller could be corrupted. However, you can manually uninstall the update by doing the following: