ColdFusion (2018 release) Update 7
If you are updating via ColdFusion Administrator:
The minimum update versions are Update 4 or higher for ColdFusion (2018 release), due to a recent change in code signing certificate.
These are mandatory pre-requisites before updating.
To install previous updates, see ColdFusion (2018 release) Updates.
ColdFusion (2018 release) Update 7 (release date, 10 Dec, 2019) addresses vulnerabilities that are mentioned in the security bulletin, APSB19-58.
The update includes a fix for the ColdFusion Administrator UI. The vulnerability affects Windows platform only. Users on non-Windows platform need not apply this update.
For the detailed list of bugs fixed in this update, refer to Bugs fixed list.
Windows: <cf_root>/jre/bin/java.exe -jar <jar-file-dir>/hotfix-007-316715.jar
Linux-based platforms: <cf_root>/jre/bin/java -jar <jar-file-dir>/hotfix-007-316715.jar
Ensure that the JRE bundled with ColdFusion is used for executing the downloaded JAR. For standalone ColdFusion, this must be at, <cf_root>/jre/bin.
Install the update from a user account that has permissions to restart ColdFusion services and other configured webservers .
For further details on how to manually update the application, see the help article.
After applying this update, the ColdFusion build number should be 2018,0,07,316715
To uninstall the update, perform one of the following:
If you can't uninstall the update using the above-mentioned uninstall options, the uninstaller could be corrupted. However, you can manually uninstall the update by doing the following: