Cumulative hot fix 1 | ColdFusion 9.0.2

ColdFusion 9.0.2 Cumulative hot fix 1 (release date: February 27 2013) includes support for Google Maps JavaScript API v3 and JDK 1.7 Update 15. This cumulative hot fix is specific to ColdFusion 9.0.2.


  • ColdFusion 9.0.2 cumulative hot fix 1 was refreshed on March 1 2013 at 6 AM Eastern time to fix an issue (Bug# 3508603) in the Google Maps JavaScript API. If you have already applied Cumulative hot fix 1, and are using the Google Maps JavaScript API or intend to use this feature, Adobe recommends that you download file again. Make a backup of the CFIDE folder before extracting the files in file to the web root directory with the {CFIDE-HOME} folder.
  • JDK 1.7 is only supported on Mac OS X 10.7 and above. See this article for more details. As ColdFusion 9.0.2 does not support Mac OS X 10.7, Cumulative hot fix 1 does not certify ColdFusion 9.0.2 with JDK 1.7 on Mac OS X.

What's new

  1. JDK 1.7: With ColdFusion 9.0.2 Cumulative hot fix 1, ColdFusion 9.0.2 is now certified on JDK 1.7 Update 15.
  2. Google Maps v3 Support:
    1. With ColdFusion 9.0.2 Cumulative hot fix 1, Google Maps JavaScript API library has been upgraded from v2 to v3.
    2. For Google Maps JavaScript API v3, the API key used for Google Maps API v2 no longer works.
    3. ColdFusion map functions and ColdFusion map related tags are backward compatible. If your ColdFusion application uses native Google Maps JavaScript APIs, ensure that the code base is updated to v3. For more information, see the Google Maps JavaScript API v3 migration document.

Cumulative hot fix 1 consists of previously released fixes for the Security issues mentioned in the bulletins APSB12-21, APSB12-26, and APSB13-03 and a bug fix (3085328).

Bug ID


Added in Cumulative hot fix


Security fix addresses vulnerabilities that could permit an unauthorized user to remotely circumvent authentication controls. These vulnerabilities could allow the attacker to take control of the affected server.



Security fix resolves a vulnerability, which could result in a sandbox permissions violation in a shared hosting environment.



Security fix resolves a vulnerability, which could result in a Denial of Service condition.



cfdocument tag throws an exception when generating PDF with textarea.


Installation instructions

The installation process is the same for all platforms and installation choices. Follow the instructions below to apply the fix.

Definition of ColdFusion-Home

In the following procedures, {ColdFusion-Home} indicates the following:

  • For Server installation: {ColdFusion-Home}
  • For Multiserver installation: {JRun-Home}/servers/{YourServer}/cfusion-ear/cfusion-war/
  • For JEE installation: {cfusion-ear-Home}/cfusion-war/
Note: and included in the hot fix contains only part of the CFIDE and WEB-INF files. Do not rename present CFIDE or WEB-INF folders to create a backup as per the instructions

  1. Download and Extract both zip files.
  2. In ColdFusion Administrator, select System Information page by clicking the icon "i" in the upper-right corner.
  3. In the "Update File" text box, browse and select chf9020001.jar under CF902/lib/updates.
  4. Click Submit Changes.
  5. Stop the ColdFusion instance.
  6. Go to {ColdFusion-Home}/lib/updates (for Server installation) or {ColdFusion-Home}/WEB-INF/cfusion/lib/updates (for Multiserver and J2EE installations) directory. If hf902-00001.jar, hf902-00002.jar, hf902-00003.jar exist, move them to a backup location. Otherwise, ignore this step.
  7. Go to {CFIDE-HOME} and take a backup of CFIDE folder.
  8. Extract all the files in to merge in the web root directory that has {CFIDE-HOME} folder.
  9. Go to your {ColdFusion-Home}/lib (for Server Install) and {ColdFusion-Home}/WEB-INF/cfusion/lib (for MultiServer and J2EE install) and take a backup of ib6core.jar, ib6http.jar, ib6swing.jar, and ib6util.jar.
  10. Go to CF902/lib directory and copy all the files to {ColdFusion-Home}/lib (for Server Install) and {ColdFusion-Home}/WEB-INF/cfusion/lib (for MultiServer and J2EE install).
  11. If you want to configure ColdFusion with JDK 1.7, see this article for further instructions. Otherwise, ignore this step.
  12. Start the ColdFusion Instance.
  13. If there are multiple instances, repeat steps 2 through 12 for each instance.

You could get the following error when starting a ColdFusion instance configured with JDK 1.7:

"MSVCR100.dll is missing."

To resolve this issue, copy msvcr100.dll from {JDK Home}\jre\bin to {ColdFusion-Home}\runtime\bin.

Uninstall cumulative hot fix 1

To uninstall the cumulative hot fix, do the following:

  1. Stop the ColdFusion instance.
  2. Delete the chf9020001.jar file at {ColdFusion-Home}/lib/updates. Revert to the backed up jar files mentioned in the Step 6 of the installation instructions above.
  3. Revert to the backed up CFIDE and lib directory files, mentioned in the Steps 7 and 9.


March 6 2013: Added Update section for this article.

Adobe logo

Sign in to your account