ColdFusion (2021 release) Update 1

Caution:

On Windows, if ColdFusion is running as a service with a non-default custom service name, shut down ColdFusion, and then apply the Update using ColdFusion package manager on all applicable ColdFusion instances with the command:

cfpm.bat update all

What's new and changed

ColdFusion (2021 release) Update 1 (release date, 22 March, 2021) features the following:

  • Address vulnerabilities mentioned in the document APSB21-16.
  • Activation and deactivation of Virtual Core licenses. To accommodate virtual core licensing, few changes were done in the license validation workflow. This can result in signature validation errors when the server comes up after the update is applied. If the server is online, activation will be re-attempted and server will continue as usual if the activation is successful. If the server is offline, users will need to offline-activate the server once again as the server could have reverted to the Trial or Developer mode. This is a one-time activity and will not be needed to be done when future updates are released.
  • Introduced support for RHEL 8.3, WildFly 23, Tomcat 9.0.43, PostgreSQL 13, Oracle 19c (2018), and MS SQL Server 2019.
  • Bug fixes.

Note: After installing this update, you might encounter the message after updating all packages using the ColdFusion Package Manager. The message is purely cosmetic and does not impact the installation of the packages.

Bugs fixed in this release

Bug ID Description Component
CF-4210917 In the CF Administrator, the name of the instance gets truncated in the upper right tab. Administrator
CF-4207245 The recent update to cfajax.js uses defineProperty method, which is not available in IE 11 document mode 5. AJAX
CF-4202859 ColdFusion uses unsynchronized WeakHashMap in Remote Method Invocation during cache replication. This occasionally leads to infinite looping, hence 100% CPU usage. Caching : General
CF-4201599 In Colfusion (2016 release), there is an issue with cfchart. Charting/Graphing
CF-4210921 Inconsistencies in the mask parameter format of the function DateFormat. ColdFusion Package : Core
CF-4210906 Automatic import of CAR files to on start of Docker container doesn't work as expected. Containers: CF Docker Image
CF-4204706

When you run the command below for ColdFusion 2018 Docker image, there is an error for web.xml file. 

docker run --rm -it -e acceptEULA=YES -v D:\dockerroot\wwwroot:/app eaps-docker-coldfusion.bintray.io/cf/coldfusion:2018.0.4 cli test.cfm

Containers: CF Docker Image
CF-4209859 Session replication does not work as expected in Update 8 of ColdFusion 2018. Core Runtime : Session Management
CF-4210953 Unable to rename a Datasource. Database : General
CF-4210952 Oracle/MSSQL Driver is affected by Proxy Settings in JVM Arguments. Database : Oracle
CF-4209891 Servers continually go down due to a "user logged out" error.
Database : Oracle
CF-4210954 Query of Queries fails with result set in ColdFusion scopes. Database : Query-of-Query(IMQ)
CF-4211021 ColdFusion is unable determine OpenOffice Installation. Document Management : Office Integration
CF-4204280 Issues with form fields in a PDF. Document Management : PDF Form
CF-4205907 When converting text to html, if invalid URL in text, cfdocument works expectedly. Document Management : PDF generation
CF-4211061 The SpreadsheetFormat function does not accept colors. Document Management : Spreadsheet
CF-4210999  If an empty string is passed into DirectoryExists, you encounter an error.
File Management
CF-4211081 Uncompressed contents cross maximum permissible size varies. File Management : CFZip
CF-4204901 Cannot Perform File Operations Between VFS (RAM) AND S3 File Management : VFS-S3
CF-4210948 Static member initialization doesn't consider imports. Language
CF-4210919 result.weeks[1][1].value runs in ColdFusion 2018, but not in ColdFusion 2021. Language
CF-4209576 An error occurs while assigning UDF as single-expression arrow function. Language
CF-4206046 UDF instances are not thread safe to execute in separate threads. Language
CF-4206045 Closure instances are not thread safe to execute in separate threads. Language
CF-4210899 ColdBox MVC app templates broken on 2021.0.0 release. Language : Application Framework
CF-4211056 There are errors on form submissions.
Language : Application Framework : ApplicationCFC
CF-4210927 Implicit syntax for case sensitive struct with "var" keyword triggers an "Invalid CFML construct" error. Language : CF Component
CF-4207025 Application.cfc will not recursively resolve cfinclude. Language : CF Component
CF-4211138 A var with bracket inside CFC throws invalid CFML exception. Language : CFSCRIPT
CF-4210941 VARIABLES scope modify after "include" in "savecontent" of a closure. Language : Closures
CF-4210912 Error when using named parameters in a closure. Language : Closures
CF-4204632 Invalid Set-Cookie Header Date Format Language : Cookie
CF-4211084 REReplace ClassCastException class java.lang.Integer cannot be cast to class coldfusion.runtime.UDFMethod. Language : Functions
CF-4211071 "argumentCollection=" in the DEFAULT parameter of CFARGUMENT no longer works. Language : Functions
CF-4210925 The toScript function does not preserve case when converting to JavaScript. Language : Functions
CF-4210924 Undocumented _format() appears to be a proxy of dateTimeFormat(). Language : Functions
CF-4211048 In cfloop, there is no increment of the index.
Language : List Functions
CF-4210947 DeserializeJSON uses custom serializer regardless of arguments. Language : Serialization
CF-4205377 CFLDAP exception shows up in exception.log Net Protocols : LDAP
CF-4210931 In Performance Monitoring Toolset, on non-Windows platforms, the process memory value displays 0. PMT
CF-4210930 In Performance Monitoring Toolset Dashboard, the copyright info location is not properly represented in the Azure blob page. PMT : Azure Blob
CF-4210932 In Performance Monitoring Toolset, CPU Usage/ Process Memory data does not appear as expected on Solaris platforms. PMT : Non-Request Metrics
CF-4202597 Per app mappings don't exist in REST CFCs. REST Services
CF-4211053 Request Timeout Setting In CF Admin Is Not Retained After Saving Task Settings Scheduler
CF-4208840 When editing a scheduled task in ColdFusion Admin, the start defaults to today's date even when it was set to something on creation. Scheduler
CF-4211077 Web services no longer scoped as expected. Web Services
CF-4206375 Wildcard Certificate causes SSL Peer Unverified exception.
Web Services
CF-4199597 WebSocket messages sent to client are truncated at semi-colons. Web Socket : WebSocket Proxy

Known issues in this release

Bug ID Description Component
CF-4211388

While installing the Hotfix, the following error message displays:

"Error occurred while installing PMT update. Please try again."

Installation
CF-4211353

When trying to update/install packages in ColdFusion (2021 release), and your CF is a standalone one, and  you see this message,

"One or more packages require the server to be at update 1. Since the server is at update 0, you must install the update 1 of the server. After upgrading the server update, the packages can be installed."

Try the workaround below:

  1. Navigate to [CF Home]\cfusion\license.properties.
  2. Add a key, installtype=standalone.
  3. Save the file, and restart your ColdFusion server as well as the cfpm utility.
Update workflow
CF-4211352
If you are trying to update your ColdFusion server using the hotfix and the cfpm process becomes unresponsive (for more than 30 minutes), it may be an issue with the hotfix installation. As a workaround, kill the cfpm process and try restarting the ColdFusion process.
Update workflow
CF-4211348
If installing or updating the package cfajax, restart the ColdFusion server for the changes to take effect.
Administrator UI
CF-4211347
When applying Update 1 of ColdFusion (2021 release), do not enable the check-box to update the instances from cfusion itself. Apply the update to each instance.
Administrator
CF-4211329
On IE and Safari browsers, you are unable to copy and paste the license key. Licensing
CF-4211138
Using variable name in brackets, [varName], in a CFC throws an invalid CFML exception. Language

Prerequisites

  1. On 64-bit computers, use 64-bit JRE for 64-bit ColdFusion.
  2. If the ColdFusion server is behind a proxy, specify the proxy settings for the server to get the update notification and download the updates. Specify proxy settings using the system properties below in the jvm.config for a stand-alone installation, or corresponding script file for JEE installation.
    • http.proxyHost
    • http.proxyPort
    • http.proxyUser
    • http.proxyPassword
  3. For ColdFusion running on JEE application servers, stop all application server instances before installing the update.

Installation

ColdFusion Administrator

In Package Manager > Packages, click Check for Updates in Core Server.

After it detects an update, click Update. The core package gets updated the the latest update.

All installed packages also get updated.

Restart ColdFusion for the changes to take effect.

Install the update manually

  1. Click the link to download the JAR.
  2. Execute the following command on the downloaded JAR. You must have privileges to start or stop ColdFusion service and full access to the ColdFusion root directory.

    Windows: <cf_root>/jre/bin/java.exe -jar <jar-file-dir>/hotfix-001-325996.jar

    Linux-based platforms: <cf_root>/jre/bin/java -jar <jar-file-dir>/hotfix-001-325996.jar

Ensure that the JRE bundled with ColdFusion is used for executing the downloaded JAR. For standalone ColdFusion, this must be at, <cf_root>/jre/bin.

Install the update from a user account that has permissions to restart ColdFusion services and other configured webservers.

For further details on how to manually update the application, see the help article.

Post installation

Note:

After applying this update, the ColdFusion build number should be 2021,0,01,325996.

Uninstallation

To uninstall the update, perform one of the following:

  • In ColdFusion Administrator, click Uninstall in Server Update Updates Installed Updates.
  • Run the uninstaller for the update from the command prompt. For example, java -jar {cf_install_home}/{instance_home}/hf_updates/hf-2021-00001-325996/uninstall /uninstaller.jar

If you can't uninstall the update using the above-mentioned uninstall options, the uninstaller could be corrupted. However, you can manually uninstall the update by doing the following:

  1. Delete the update jar from {cf_install_home}/{instance_name}/lib/updates.
  2. Copy all folders from {cf_install_home}/{instance_name}/hf-updates/{hf-2021-00001-325996}/backup directory to {cf_install_home}/{instance_name}/