Download chf9010001.zip and then extract chf9010001.jar, CFIDE-901.zip, and WEB-INF-901.zip.
Last updated on
Apr 27, 2021
The following fixes are contained in ColdFusion 9.0.1 Cumulative Hotfix 1 (CHF1). Adobe recommends that you apply CHF1 to ColdFusion 9.0.1 only if you are experiencing one or more of the issues listed in the following table. This cumulative hotfix is specific to ColdFusion 9.0.1 and you don't have to apply it to any other releases.
| Bug ID | Description | Added in Cumulative Hot Fix |
| APSB10-18 | Security Fix for the directory traversal vulnerability that could lead to information disclosure. | 1 |
| 83598 | Setting default locale to en_GB results in Invalid Date Format error when you run a scheduled task. | 1 |
| 83638 | serializeJSON converts integer to string. | 1 |
| 83650 | Submitting a form inside a cflayout type=”hbox|vbox” results in a JavaScript error. | 1 |
| 83671 | If named arguments with implicit structs and arrays use local variables, it results in ‘variable is undefined’ error. | 1 |
| 83689 | cfdump does not display the changes to the functions for a CFC object. | 1 |
| 83694 | cfgrid sorting does not function as desired for static and dynamic data except when the data is retrieved from the database. | 1 |
| 83725 | If you send mails with inline images, the source image is deleted. | 1 |
| 83747 | ColdFusion ORM preUpdate event handler is called twice when a persistent entity is updated within a cftransaction. Note: This issue has been fixed for one data source per request use-case. |
1 |
| 83818 | ColdFusion debugger can fail if the file being debugged is repeatedly revised. | 1 |
| 83829 | cfwindow onShow method is called twice. | 1 |
| 83836 | serializeJSON incorrectly serializes nested objects. Also, in the case of circular references, for example, when handling bidirectional ORM relationship, repeating entities are represented as empty strings instead of empty objects. | 1 |
Install ColdFusion 9.0.1 Cumulative Hotfix 1 (CHF1)
The installation process is the same for all platforms and installation choices.
Definition of ColdFusion-Home
In the following procedures, {ColdFusion-Home} indicates the following:
- For Server installation: {ColdFusion-Home}
- For Multiserver installation: {JRun-Home}/servers/{YourServer}/cfusion-ear/cfusion-war/
- For J2EE installation: {cfusion-ear-Home}/cfusion-war/
-
-
Open the ColdFusion 9.0.1 Administrator and then click the icon System Information in the upper-left corner.
-
In the System Information page, click Browse Server (next to Update File) and then browse to the extracted file chf9010001.jar.
-
Select the file and then click Apply.
-
In the System Information page, click Submit Changes.
-
Back up dump.cfm located in the directory {ColdFusion-Home}/wwwroot/WEB-INF/cftags (for Server installation) or {ColdFusion-Home}/WEB-INF/cftags (for Multi-server or J2EE Installation).
-
Extract the file in the WEB-INF-901.zip to the directory {ColdFusion-Home}/wwwroot (for Server installation) or {ColdFusion-Home} (for Multi-server or J2EE Installation).
-
Back up the files {CFIDE-Home}\administrator\scheduler\scheduletasks.cfm, {CFIDE-Home}\scripts\ajax\package\cfwindow.js files, {CFIDE-Home}\administrator\cftags\l10n.cfm, and {CFIDE-Home}\administrator\cftags\l10n_testing.cfm.
-
Extract the files in CFIDE-901.zip to the web root directory that consists of CFIDE folder.
-
(For multiple ColdFusion instances) Repeat steps 3 - 9 for each instance.
-
Restart all the ColdFusion instances.
Note: If the security fix mentioned in the bulletin APSB10-18 is already applied, you need not back up the files {CFIDE-Home}\administrator\cftags\l10n.cfm and {CFIDE-Home}\administrator\cftags\l10n_testing.cfm.
After installation, you can delete the ColdFusion 9.0.1 cumulative hot fix JAR file. The file has been copied to the correct location.
The ColdFusion 9.0.1 cumulative hotfix JAR file appears as a new entry in the System Information list.
Uninstall Cumulative Hotfix 1
You can uninstall ColdFusion hotfix JARs by stopping the ColdFusion application server and deleting the respective JARs from cf_root/lib/updates. You can then revert to the backed up CFM and JavaScript files.
