ColdFusion (2018 release) Update 14

ColdFusion (2018 release) Update 14

Obs!

If you are applying Update 14 without applying Update 8, follow the Post Installation steps mentioned for Update 8.

Obs!

If you are updating via ColdFusion Administrator:

The minimum update versions are Update 4 or higher for ColdFusion (2018 release), due to a recent change in code signing certificate.

These are mandatory pre-requisites before updating.

The updates below are cumulative and contain all updates from previous ones. If you are skipping updates, you can apply the latest update, not those you are skipping. Further, you must take note of any changes that are implemented in each of the updates you are skipping.

To install previous updates, see ColdFusion (2018 release) Updates.

What's new and changed

ColdFusion (2018 release) Update 14 (release date, 10 May, 2022) addresses vulnerabilities that are mentioned in the security bulletin APSB22-22.

This release also contains the following library upgrades:

  • Tomcat 9.0.60
  • jQuery 3.6.0
  • jQuery UI 1.13.1
  • Log4j 2.17.2

We are aware of scanners flagging cf-logging.jar as vulnerable. After analyzing the vulnerability, we are confident that ColdFusion installation is safe from any possible attack vectors.

Known issues in this release

  • When applying Update 14 on ColdFusion with no built-in Add-ons, jetty folder is created with updated log4j jars which can be used in remote add-on installations.
  • The Hotfix installation fails when addons installed in the default location , for example, /opt/coldfusionadd-onservices, and ColdFusion does not have a jetty installation. To avoid the failure, rename the folder ,coldfusionadd-onservices, where jetty is installed or uninstall the jetty service.

Prerequisites

  1. On 64-bit computers, use 64-bit JRE for 64-bit ColdFusion.
  2. If the ColdFusion server is behind a proxy, specify the proxy settings for the server to get the update notification and download the updates. Specify proxy settings using the system properties below in the jvm.config for a stand-alone installation, or corresponding script file for JEE installation.
    • http.proxyHost
    • http.proxyPort
    • http.proxyUser
    • http.proxyPassword
  3. For ColdFusion running on JEE application servers, stop all application server instances before installing the update.

Installation

For instructions on how to install this update, see  Server Update section. For any questions related to updates, see this FAQ

  • The update can be installed from the Administrator of a ColdFusion instance or through the command-line option.
  • Windows users can launch the ColdFusion Administrator using Start > All Programs > Adobe > Coldfusion 2018 > Administrator.
  • Windows 10, Windows Server R2 2012, and Windows Server 2019 users must use the “Run as Administrator” option to launch  wsconfig  tool at {cf_install_home}/{instance_name}/runtime/bin.
  • If you get the following error when installing the update using the Download and Install option, ensure that the folder {cf_install_home}/{instance_name}/hf_updates has write permission: "An error occurred when performing a file operation write on file {cf_install_home}/{instance_name}/hf-updates/hotfix_014.properties".
  • The connector configuration files are backed up at {cf_install_home}/config/ wsconfig /backup. Add back any custom changes made to the workers.properties file after reconfiguring the connector.

Installing the update manually

  1. Click the link to download the JAR.
  2. Execute the following command on the downloaded JAR. You must have privileges to start or stop ColdFusion service and full access to the ColdFusion root directory.

    Windows: <cf_root>/jre/bin/java.exe -jar <jar-file-dir>/hotfix-014-330003.jar

    Linux-based platforms: <cf_root>/jre/bin/java -jar <jar-file-dir>/hotfix-014-330003.jar

Ensure that the JRE bundled with ColdFusion is used for executing the downloaded JAR. For standalone ColdFusion, this must be at, <cf_root>/jre/bin.

Install the update from a user account that has permissions to restart ColdFusion services and other configured webservers .

For further details on how to manually update the application, see the help article.

Post installation

Obs!

After applying this update, the ColdFusion build number should be 2018,0,14,330003.

After applying this update, you must reinstall any custom hotfixes that might have been applied earlier. The hotfixes are located in the folder /ColdFusion2018/cfusion/hf-updates/hf-2018-00014-330003/backup/lib/updates.

Uninstallation

To uninstall the update, perform one of the following:

  • In ColdFusion Administrator, click Uninstall in Server Update Updates Installed Updates.
  • Run the uninstaller for the update from the command prompt. For example, java -jar {cf_install_home}/{instance_home}/hf_updates/hf-2018-00014-330003/uninstall /uninstaller.jar

If you can't uninstall the update using the above-mentioned uninstall options, the uninstaller could be corrupted. However, you can manually uninstall the update by doing the following:

  1. Delete the update jar from {cf_install_home}/{instance_name}/lib/updates.
  2. Copy all folders from {cf_install_home}/{instance_name}/hf-updates/{hf-2018-00014-330003}/backup directory to {cf_install_home}/{instance_name}/

Connector configuration

2018 Update Connector recreation required
Update 14 No
Update 13

No.

You need not upgrade the connectors if you had already upgraded the connectors in Update 12.

Update 12 Yes
Update 11 Yes
Update 10 Yes
Update 9 No
Update 8 Yes
Update 7 No
Update 6 Yes
Update 5 Yes
Update 4 No
Update 3 No
Update 2 Yes
Update 1 Yes

 

 Adobe

Få hjälp snabbare och enklare

Ny användare?

Adobe MAX 2024

Adobe MAX
Kreativitetskonferensen

14–16 okt i Miami Beach och online

Adobe MAX

Kreativitetskonferensen

14–16 okt i Miami Beach och online

Adobe MAX 2024

Adobe MAX
Kreativitetskonferensen

14–16 okt i Miami Beach och online

Adobe MAX

Kreativitetskonferensen

14–16 okt i Miami Beach och online