ColdFusion (2018 release) Update 2

ColdFusion (2018 release) Update 2


This updates below are cumulative and the later ones contain all updates from previous ones. If you are skipping updates, you can apply the latest update, not those you are skipping. Further, you must take note of any changes that are implemented in each of the updates you are skipping.

To see a list of all previous ColdFusion updates, refer to the update page.

ColdFusion (2018 release) Update 2 (release date, 12 February 2019) includes the following changes:

  • Support for Java 11. To download installers for Java 11 and Java 8, see Downloads.
  • Several important bug fixes in security, language, core runtime, document management, AJAX, and several other areas.
  • Addresses security vulnerabilities as mentioned in the security bulletin APSB19-10.
  • New installer for Server Auto-Lockdown for macOS. To download the installer for macOS, see Server Lockdown downloads.
  • Updates to Performance Monitoring Toolset. When you install Update 2, the Performance Monitoring Toolset Hotfix also gets downloaded. The Hotfix is located in [CF_HOME]\cfusion\hf-updates\hf-2018-00002-313919\PMT-hotfix.
  • Support for additional functions and tags for CFML mobile development.
  • New attributes mobileServer and validationCFC in cfclientsettings.
  • New actions create and modify in cfschedule .
  • New parameter calendar in dayOfWeek.
  • Updated the following OEMs:
    • Jetty 9.4.12
    • ExtJS for AJAX UI components
    • JPedal 8.6.2 for Document Management
    • PDFgServlet 9.4.12
  • Support for script variant of cfloop over an array, list, struct, or query. For more information, see the following:
  • There is a new field, Shared Secret, while creating a ColdFusion instance.
  • This update also introduces support for the following:
    • OS
      • Windows Server 2019
      • Solaris 11.3
      • OSX 10.14
    • Application Servers
      • WildFly 14.0
      • WebSphere
    • Web Server 
      • Apache HTTPD 2.4.37
    • Databases
      • Oracle 18c
      • PostGreSQL11 
      • IBM DB2 v11.1
      • Apache Derby-10.14.2 
    • External Services
      • Microsoft Exchange 2016
      • Microsoft SharePoint 2016

For more information, refer to the release notes.


To view all ColdFusion (2018 release) updates, see the Updates page.

Applying update for Server Auto-Lockdown


ColdFusion must always be running as a service.

If you want to apply Update 2 in case your server has been locked down using Server Auto-Lockdown, here's how you can do so:

Update using ColdFusion Admin in Windows

Updating via ColdFusion Administrator will not proceed as expected as the required permissions will not be present with a few folders.

In Linux, you can apply the update via the Administrator.

Update using java -jar in Windows

  1. Lock down the ColdFusion instance.
  2. Download the latest update and install it using the java -jar command as an administrator.

Update via java -jar in Linux

Lock down the ColdFusion instance.

Download the latest update and install it using the java -jar command.

The update installer changes the file permissions of all the files inside the directory of the instance.

As a workaround, run the following:

  • sudo chown -R [ColdFusion Runtime User] [Path to ColdFusion instance]

Bugs fixed

For the detailed list of bugs fixed in this update, refer to Bugs fixed list.

Known issues

For known issues in this release, refer to Known issues.


  1. On 64-bit computers, use 64-bit JRE for 64-bit ColdFusion.
  2. If the ColdFusion server is behind a proxy, specify the proxy settings for the server to get the update notification and download the updates. Specify proxy settings using the system properties below in the jvm.config for a stand-alone installation, or corresponding script file for JEE installation.
    • http.proxyHost
    • http.proxyPort
    • http.proxyUser
    • http.proxyPassword
  3. For ColdFusion running on JEE application servers, stop all application server instances before installing the update.


For instructions on how to install this update, see  Server Update section. For any questions related to updates, see this FAQ

  • The update can be installed from the Administrator of a ColdFusion instance or through the command-line option.
  • Windows users can launch the ColdFusion Administrator using Start > All Programs > Adobe > Coldfusion 2018 > Administrator.
  • Microsoft Windows 8.1, Windows 10, Windows Server R2 2012, and Windows Server 2016 users must use the “Run as Administrator” option to launch  wsconfig  tool at {cf_install_home}/{instance_name}/runtime/bin.
  • If you get the following error when installing the update using the Download and Install option, ensure that the folder {cf_install_home}/{instance_name}/hf_updates has write permission: "An error occurred when performing a file operation write on file {cf_install_home}/{instance_name}/hf-updates/".
  • The connector configuration files are backed up at {cf_install_home}/config/ wsconfig /backup. Add back any custom changes made to the file after reconfiguring the connector.

Connector configuration

This update upgrades the connector library to a newer version. For the upgrade to be applied to the web server connector, it must be upgraded.

In ColdFusion, you can remove a connector using the WSCONFIG utility. Once a connector is removed, verify that there are no residual files/settings/configuration remains. To access WSCONFIG, navigate to <CF_HOME>\cfusion\runtime\bin, and launch wsconfig.exe.

To create a connector manually, see ColdFusion IIS manual tuning.

To configure the connector using the GUI, see Using GUI mode.

Connector configuration
Connector configuration

Installing the update manually

  1. Click the link to download the JAR.
  2. Execute the following command on the downloaded JAR. You must have privileges to start or stop ColdFusion service and full access to the ColdFusion root directory.

    Windows: <cf_root>/jre/bin/java.exe -jar <jar-file-dir>/hotfix-002-313961.jar

    Linux-based platforms: <cf_root>/jre/bin/java -jar <jar-file-dir>/hotfix-002-313961.jar

Ensure that the JRE bundled with ColdFusion is used for executing the downloaded JAR. For standalone ColdFusion, this must be at, <cf_root>/jre/bin.

Install the update from a user account that has permissions to restart ColdFusion services and other configured webservers .

For further details on how to manually update the application, see the help article.

Post installation

After applying this update, the ColdFusion build number should be 2018,0,02,313961.


To uninstall the update, perform one of the following:

  • In ColdFusion Administrator, click Uninstall in Server Update Updates Installed Updates.
  • Run the uninstaller for the update from the command prompt. For example, java -jar {cf_install_home}/{instance_home}/hf_updates/hf-2018-00002-313961/uninstall /uninstaller.jar

If you can't uninstall the update using the above-mentioned uninstall options, the uninstaller could be corrupted. However, you can manually uninstall the update by doing the following:

  1. Delete the update jar from {cf_install_home}/{instance_name}/lib/updates.
  2. Copy all folders from {cf_install_home}/{instance_name}/hf-updates/{hf-2018-00002-313961}/backup directory to {cf_install_home}/{instance_name}/

Connector configuration

2018 Update

Connector recreation required

Update 2




Få hjälp snabbare och enklare

Ny användare?

Adobe MAX 2024

Adobe MAX

14–16 okt i Miami Beach och online

Adobe MAX


14–16 okt i Miami Beach och online

Adobe MAX 2024

Adobe MAX

14–16 okt i Miami Beach och online

Adobe MAX


14–16 okt i Miami Beach och online