If you have
ColdFusion (2016 release) Update 11
The updates below are cumulative and contains all updates from previous ones. If you are skipping updates, you can apply the latest update, not those you are skipping. Further, you must take note of any changes that are implemented in each of the updates you are skipping.
To see a list of all previous ColdFusion updates, refer to the update page.
ColdFusion (2016 release) Update 11 (release date, 11 June, 2019) includes the following changes:
Remote access to the Adobe LiveCycle Data Management feature has been disabled.
To mitigate potential security risks, admins are recommended to first implement access controls to the RMI port via the host or network firewall.
If you want to enable LCDS after installation, follow the steps below:
If you have
Not enabled the option Enable Remote Adobe LiveCycle Data Management access before applying the update,
After the update, if you enable the option Enable Remote Adobe LiveCycle Data Management access, the following error message appears::
Error attempting to update settings:
RMI for LCDS has been disabled. Set coldfusion.rmi.enable and coldfusion.rmi.enablelcds JVM flags as true in jvm.config file and restart the server.
NOTE: The error message only appears if you did not set the flags in jvm.config, as mentioned in the previous step.
Enabled the option Enable Remote Adobe LiveCycle Data Management access before applying the update,
LCDS may not work as expected. See the section above for more information.
Updates to JNBridge
In this update, remote access to .NET to Java side for JNBridge has been disabled.
To mitigate potential security risks, admins are recommended to first implement access controls to the JNBridge port via the host or network firewall.
To grant access to the port,
For the security fixes in Update 7 and above to take effect, ColdFusion must be on JDK 1.8.0_121 or higher.
To view all ColdFusion (2016 release) updates, see the Updates page.
For the detailed list of bugs fixed in this update, refer to Bugs fixed list.
Windows: <cf_root>/jre/bin/java.exe -jar <jar-file-dir>/hotfix-011-314546.jar
Linux-based platforms: <cf_root>/jre/bin/java -jar <jar-file-dir>/hotfix-011-314546.jar
Ensure that the JRE bundled with ColdFusion is used for executing the downloaded JAR. For standalone ColdFusion, this must be at, <cf_root>/jre/bin.
Install the update from a user account that has permissions to restart ColdFusion services and other configured webservers .
For further details on how to manually update the application, see the help article.
After applying this update, the ColdFusion build number should be 2016,0,11,314546.
To uninstall the update, perform one of the following:
If you can't uninstall the update using the above-mentioned uninstall options, the uninstaller could be corrupted. However, you can manually uninstall the update by doing the following: