ColdFusion 2016 features a Hotfix Notification and auto-installation facility from ColdFusion administrator.This prevents misplacing the Hotfix files or applying the HotFixes to wrong versions of ColdFusion.
The HotFix installer is an executable jar file. Since ColdFusion runs on Java runtime, there is only one Hotfix installer for all platforms.
Which version of ColdFusion can you apply this hotfix to?
How to apply this hotfix?
If you are opening the page for the first time, configure the fields under the Settings tab. However, do not change the Site URL field as the URL represents the hotfix. If you are setting up a local site:
Under the Available Updates tab, you can see the following:
- Download and Install - This will download and then install the hotfix.
- Download - This will just download the file. This is useful if you are planning to install the hotfix from command prompt in GUI or console mode or even silent mode using a script.
Where is the location of the downloaded file?
Do I need to start/stop the server for before applying the hotfix?
No. Log in to ColdFusion Administrator first. Then use the Download and Install option which stops the servers and applies the hotfix. The server automatically starts.
Once you log in again, you can see that installed hotfix is listed under Installed Updates tab and Available Updates do not list any update.
Does start/stop automatically take care of multi-server instance?
In case of multi-server instance, how do I optimize the process of applying the hotfix to all instances?
When I click the Install button, nothing seems to happen. How do I confirm whether the installation progresses or not?
There seems to be a bug in ColdFusion Administrator when you click of Download and Install, the download happens, but the installation does not start.
Linux: When you run ps -ef | grep hf, you should see the following in the console:
/opt/coldfusion2016/jre/bin/java -jar /opt/coldfusion2016/cfusion/hf-updates/hotfix_002.jar -i silent -f /opt/coldfusion2016/cfusion/hf-updates/hf-10-00002.properties
When can installation or un-installation become unresponsive?
All efforts are taken to ensure that it does not happen. However,there could be external factors that influence your system.
As soon as hotfix installation starts, stopping the sever(s) first is the core thing that happens before hotfix files are applied on the server(s). The same must happen for un-installation as well. Unless this is done, nothing proceeds. If the server is in a state where you cannot stop the server, installation/un-installation can become unresponsive.
ColdFusion server(s) use ports 8007 and above to shut itself down. If for some reason, another service or server occupies the ports, then you cannot stop the ColdFusion server unless you kill the process.
Do I need any user privileges before applying the hotfix from ColdFusion Administrator?
If you apply the hotfix from ColdFusion Administrator, ensure that the ColdFusion server starts only with appropriate start/stop privileges. The hotfix installer runs with the same privileges and server start/stop happens automatically in the background.
When the server starts using /bin/coldfusion script, the script starts the server with the RUNTIME USER that the ColdFusion start/stop script mentions. The default user that is shown while installing ColdFusion is nobody. If you have any other user while installing, the server runs as that user.
When you apply the hotfix from the ColdFusion Administrator, it restarts the server with the same user as it was running with which makes your server secure. If your server runs as nobody before the hotfix, the server starts with the user nobody even after applying the hotfix.
There is an exception. On few *INX-based operating systems, when a machine console’s buffer allocation size is almost zero, the server start might not be proper even though grep command would say ColdFusion is running but actually ColdFusion Administrator cannot be accessed.
Do I need any user privileges before I apply the hotfix from the command prompt?
Launch the command prompt with Administrator privileges to start/stop the ColdFusion Windows Services.You know if have enough privileges when you run the JAR installer from the command prompt.
Open a terminal and switch to Administrator privileges. You know if you have enough privileges when you run the installer.
If you are a sudo user, execute the installation. Enter the following command:
> sudo /opt/coldfusion2016/jre/bin/java -jar /opt/coldfusion2016/cfusion/hf-updates/hotfix_001.jar
How do I apply the hotfix in case of ColdFusion deployment to App Server/JEE server?
Install it from the command prompt. There is no option to install it from ColdFusion Administrator. However, you can view the Available updates and Installed updates in the ColdFusion Administrator.
Download the hotfix from ColdFusion Administrator's Server Updates section. Since installing hotfix on J2EE server is a manual process, stop the ColdFusion instance first from your JEE application server.
The hotfix installer file is located at: <CFHome>\cfusion.war\WEB-INF\cfusion\hf-updates.
Open the command prompt and navigate to the directory named hf-updates. Type the command,
> C:\Program files\Java\jre\bin\java -jar hotfix_001.jar
This opens the installer which guides you through the installation of hotfix.
While invoking the installer from command prompt, use the 32-bit jre for 32-bit ColdFusion and 64-bit jre for 64-bit ColdFusion installations.
A caveat when you run the hotfix Installer from command prompt:
When you open the command prompt, it generally opens up with User Home directory. But if this directory has lot of files/directories under it (recursively), you have to cd to any other directory that has very few or no files/directories under it for launching the installer fast. If there are many files/directories, then Introduction screen will be shown a bit slowly and it might even just be stuck at Installer splash screen if your command prompt is at drive roots like C:\ or E:\
To avoid confusion, cd to the directory wherever hotfix installer jar (Ex:- hotfix_001.jar) is downloaded and then invoke the installation from command prompt.
> cd C:\ColdFusion2016\cfusion\hf-updates\
> C:\ColdFusion2016\jre\bin\java -jar C:\ColdFusion10\cfusion\hf-updates\hotfix_005.jar
When should just the Download option in Administrator be used compulsorily?
- If you want to run the hotfix installer from the command prompt, run the following command whenever you wish to install later in GUI or Console mode.
>C:\ColdFusion2016\jre\bin\java -jar C:\ColdFusion10\cfusion\hf-updates\hotfix_001.jar
- This is a mandatory step for applying hotfix to JEE CF instance.
- If you want to apply the hotfix using your organization's customary methods. Details on how to get it worked with customary methods is explained later.
In case of JEE deployment, should I also stop the base application server apart from ColdFusion instance before applying the hotfix?
Can hotfix be applied to both Exploded and Unexploded EAR/WAR ColdFusion JEE deployments?
You can apply Hotfix using the above said command prompt installer only to the exploded ear/war deployments.
For applying the hotfix to unexploded ear, you have to first explode it and then apply it using the command prompt installer.
Once you apply it, you have to create a EAR/WAR file and then deploy it back.
For stand-alone and multi-server instances, how are the servers started?
How do I know changes that are applied by the hotfix installer?
The installer puts the log files under: C:\ColdFusion2016\cfusion\hf-updates\hf-10-00001\
Any modified/added/removed files are listed in the file named: hotfix_filelist.log in the above directory.
And the installation log with the name Adobe_ColdFusion_2016_Update_1***.log is also in the same directory.
What should I do if I get the error Signature verification failed while trying to install?
Manually apply the update from the command prompt.
- Download the updater manually from the above URL and place the update JAR file in a directory.
- Open the command prompt.
- cd to C:\ColdFusion2016 and then run the command as follows:
> C:\ColdFusion2016\jre\bin\jre\java -jar cf10_mdt_updt.jar
Give full path of the file cf2016_mdt_updt.jar depending on where it is downloaded and follow the on-screen instructions.
What should I do if the install application launches but on the splash screen, the progress bar does not move while installing the mandatory update?
What should I do if I get the error checksum verification failed while trying to download?
Whenever there is modification to the updates file (due to build refresh), your browser might still be verifying the install jar's checksum with cached updates file that lists the checksum.
As a workaround, Ctrl+F5 to clear cache in your browser and then click Check for Updates.
And now, if you try to Download and Install, it will all be fine.
When I click on "Check for Updates" button, no updates are shown and it says that no updates were found. Why?
What should I do if the ColdFusion server is behind a proxy server and cannot access Adobe's Update site URL?
If the ColdFusion server is behind a proxy, specify the proxy settings for the server to get the update notification and download the updates. Proxy settings can be specified using the below-mentioned system properties in the jvm.config (<ColdFusion_Home>\cfusion\bin\jvm.config) in case of stand-alone installation or corresponding script file for JEE installation.
What should I do if the ColdFusion server is behind the firewall and cannot access the Adobe's Update site URL?
As an option, set up your own local site. From a different machine where you can open http://www.adobe.com/go/coldfusion-updates/, first download the file http://download.adobe.com/pub/adobe/coldfusion/xml/updates.xml from your browser (Open it and use "Save Page as" option).
Then download the file http://download.adobe.com/pub/adobe/coldfusion/hotfix_001.jar from your browser.
Say, you want to use ColdFusion Server itself which is behind firewall for hosting these two files for making the local site:
Create a directory named updates under C:\ColdFusion2016\cfusion\wwwroot\. Then place the files hotfix_001.jar and updates.xml under C:\ColdFusion2016\cfusion\wwwroot\updates\
Then open the file updates.xml and update the value of the tag cfhf_downloadlink to your local URL (say http://<MachineIP>:<Server Port>/updates/hotfix_001.jar )
Then open the ColdFusion Administrator for which you want to apply the hotfix.
And navigate to SERVER UPDATE -> Updates
Then change the Update Site/Site URL "http://www.adobe.com/go/coldfusion-updates/" to your local networks updates.xml path(http://<MachineIP>:<Server Port>/updates/updates.xml).
Once this is done you can use this URL instead of the default URL from any ColdFusion Administrator running within your local network.
Whenever hotfix is released, you will have to update this xml file and place the new hotfix JAR on your local site.
Then verify that whatever you have done is working fine. To do this go to Available Updates under Updates link and click on Check for Updates . It should show you update depending on the Updates that are listed in the updates.xml file. Then try downloading the file by clicking on Download button.
This should download the file hotfix_001.jar (assuming the hotfix file name is that) to the Directory
Once I click Install, how do I know what is going on behind the scenes?
The Administrator first creates the file named hf-10-00001.properties file at the same location as hotfix jar file. This file is used to invoke the hotfix installer. Once the installation is started, first thing it does is trying to stop the ColdFusion servers. Then it applies the hotfix and then restarts all the servers for stand-alone and multi-instance installations.
If you open your Task Manager window (Choose the option Show processes from all users in the Task Manager) in Windows machine, it has coldfusion.exe running and if you are running as service then both coldfusion.exe and coldfusionsvc.exe are there.
So, if you have three ColdFusion 2016 services running, then there are total of six ColdFusion-related processes.
This hotfix installer stops one server after the other when 'coldfusion.exe stop' command is issued to the server. Even this process comes up in the Task Manager. Once the installation starts, you can view the processes in the Task Manager.
How do I know that the hotfix installation has completed?
How do I know that the hotfix installation is properly completed/applied?
- In Server Update > Updates > Installed Updates tab, the newly installed hotfix Update Level displays. If it is Update 1, it displays as 01.
- In Server Settings > Settings Summary, the version gets updated to the new build number. (for example, the first update shows as 01)
- Make sure the log file, Adobe_ColdFusion_2016_Update_1***.log in C:\ColdFusion2016\cfusion\hf-updates\hf-10-00001\, contains no errors.
- When log in to the newly hotfix-applied ColdFusion Administrator, you should be asked for credentials to log in, which indicates that the server starts again after the hotfix.
Which hotfixes are shown under Available Updates?
Under Available Updates, only the latest (not yet applied) HotFixes are listed.
For example, if hotfix update level 10 is applied on the server, and now say hotfix 12 is available and you have not applied Update 11, it shows only the hotfixes whose update level is more than 10. (that is, Update levels 11, 12 are shown)
How do I proceed further if there are errors in the Update Installation log?
You can find the hotfix installation log in C:\ColdFusion2016\cfusion\hf-updates\hf-10-00002\Adobe_ColdFusion_10_Update_2_Install*.log depending on the instance you have applied the hotfix from.
If there are errors logged in this file, and if you want to re-run the installer to fix them you have can do the following:
After rectifying the root cause (like base app server stop for jee installation if files are locked by base app server), you can uninstall and then install it again or do the following.
In the following example is for update 2 change it according to your update.
Copy the file C:\ColdFusion2016\cfusion\hf-updates\hf-10-00002\backup\hf-updates\updates.xml
This will make the update level to previous level and so you will be allowed to run the installation again. It is equivalent to updating the updates.xml file by removing the <item> node corresponding to the current hotfix.
If the steps above do not work, you can install the hotfix from command prompt.
> cd C:\ColdFusion2016\cfusion\hf-updates\
> C:\ColdFusion2016\jre\bin\java -jar C:\ColdFusion10\cfusion\hf-updates\hotfix_005.jar
What should I do when I am unable to download the hotfix from ColdFusion Administrator?
- Confirm whether the hotfix is getting downloaded by checking the file hotfix_006.jar at C:\ColdFusion2016\cfusion\hf-updates (File names and instance paths as per your case)
- If this file exists, this means the hotfix installer is downloaded.
- If you have any issues downloading the file, download the hotfix by entering: http://download.adobe.com/pub/adobe/coldfusion/hotfix_001.jar (Change the Hotfix Jar name according to your Hotfix) and try installing from command prompt.
To confirm if there is any error for downloading the file you can see the log at:
What happens to the hotfixes that are already applied to Server that are received privately from Adobe Support for a bug when publicly released hotfix is applied?
If the bug fix is included in the publicly released Hotfix, you don't need to do anything. Hotfix installer itself takes care of all clean-up required. In general, it is always intended to be included.
However, for some reason (say, due to timing of release), if a bug fix is not included into public hotfix, you have to apply back the fix manually to your ColdFusion Servers. But it is a rare case.
When the uninstallation is done from Installed Updates of ColdFusion Administrator, what is the state of servers?
Uninstaller removes the files from all the server instances to whichever it is applied. If you have applied the hotfix to ColdFusion instances cfusion,cfusion1,cfusion2 at one go, when you invoke uninstallation from any of these instances it will uninstall from all the instances(cfusion,cfusion1,cfusion2). However, backup directory containing the original backed up files is left back for debug/backup purposes.
How can you uninstall a hotfix from command prompt?
1. If you have installed from command prompt in Console or UI mode, you can run the following command.
First cd to C:\ColdFusion2016 and then run the following.
> C:\ColdFusion2016\jre\bin\java -jar \opt\coldfusion10\cfusion\hf-updates\hf-10-00002\uninstall\uninstaller.jar
(Modify the command according to your path/OS/Hotfix)
2. If you have installed it from ColdFusion Administrator you can run the following command
First cd to C:\ColdFusion2016 and then run the following.
> C:\ColdFusion2016\jre\bin\java -jar \opt\coldfusion10\cfusion\hf-updates\hf-10-00002\uninstall\uninstaller.jar -i SILENT
3. If you have installed the hotfix using silent installation on your own, uninstallation can also be done silently. Run the following command: > C:\ColdFusion2016\jre\bin\java -jar \opt\coldfusion10\cfusion\hf-updates\hf-10-00002\uninstall\uninstaller.jar
Even though you have installed hotfix to five instances using a single script, there is only one hotfix uninstaller for all these five instances for a given update (Usually this is under cfusion instance. It could be under other instance if cfusion was not opted for HF ). And when you invoke the above command it will uninstall hotfix from all the five instances.
How is the hotfix backup directory helpful?
The directory backs up all the files that are modified and removed. Even after un-installation this directory is kept back for any of your debug purposes.
This is also helpful when uninstaller does not work due to a corrupt uninstaller jar. You still a choice to revert the hotfix applied to previous state.
Is the hotfix cumulative?
Is the hotfix cumulative even for security hotfixes?
When there is Apply Hotfix option in Server Manager AIR application, how this is different?
How many instances can you apply hotfix at one go?
Can the hotfix be applied to some other machine's remote instance clustered to a server instance on some other machine?
No, you can apply the Hotfix to any number of instances of same installation on the same machine from the cfusion server instance's Administrator, but you cannot apply the hotfix to any ColdFusion instance on some other machine. You have to access that machine's default server instances' ColdFusion administrator to apply the hotfix to any ColdFusion instance.
Can I apply the hotfix to any instance from child instance?
No, you cannot. You can apply the hotfix to any child instance only from default server (cfusion)'s Administrator.
However, you can apply to only that child instance from child instance's ColdFusion Administrator.
There was a bug before Update 3 and it is now fixed. The fix is effective only from Update 4 onwards. If update 3 is not applied, it is advised to apply the hotfix to child instances from the ColdFusion Administrator of default server instance (cfusion).
How long does the hotfix installer take to complete?
When does the hotfix installer take more time to install?
Can I stop the installation at any time?
What can I do if the hotfix installation is stopped?
Re-run the installation. If the installer shows that it is already applied then you just copy the file C:\ColdFusion201610\cfusion\hf-updates\hf-10-00001\backup\hf-updates\updates.xml(Change the path according to your current Hotfix level) to C:\ColdFusion2016\cfusion\hf-updates\updates.xml by replacing it and then re-run the installation from ColdFusion Administrator or from command prompt.
What kind of files does the hotfix include?
How do I know whether hotfix installation/uninstallation has started once install/uninstall is invoked from ColdFusion Administrator?
A new java process starts in the background.
In case of Windows, you can see it in the Task Manager.
For Unix/Linux platforms you can use ps -ef | grep hf to find out.
For installation it displays as /opt/coldfusion2016/jre/bin/java -jar /opt/coldfusion10/cfusion/hf-updates/hotfix_002.jar -i silent -f /opt/coldfusion2016/cfusion/hf-updates/hf-10-00002.properties.
For uninstallation it displays as /opt/coldfusion2016/jre/bin/java -jar /opt/coldfusion2016/cfusion/hf-updates/hf-10-00002/uninstall/uninstaller.jar -i SILENT
Do I need to perform any manual steps after applying the hotfix?
Unless any specific hotfix needs any extra step there, you do not need any manual intervention.
For example, in case of Update 1, re-run the connector for external web servers.
If you have not applied Update 1 and are applying the Update 2, perform the manual steps after applying the Update 2.
List of special manual steps to be performed for each Update for ColdFusion 2016:
Update 1 (General) - http://helpx.adobe.com/coldfusion/kb/coldfusion2016-update-01.html
Rerun(Remove and add back) the connector for external Web servers.
Update 2 (Security) - http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb12-21.html
Do nothing. (But If you have not done the steps of Update 1 then Update 1 steps are required to be performed after applying Update 2).
What if an organization has other customary methods to apply/automate hotfixes and wants only the Hotfix files that are modified/added/deleted to be applied?
Method 1(File Management with your Custom Scripts):
If your organization has Scripts/Other Methods rather than applying from ColdFusion Administrator or from GUI/Console Installation and wants only the Hotfix files that are Added/Modified/Deleted, you can do that as well.
Step 1: Using your own customary scripts, first of all, you always will have to clear all the files under CF Instance\lib\updates from all your server instances.
Step 2: Then get the modified and added file list (of hotfix).
After downloading the Hotfix from the ColdFusion Administrator,
1. Open the command prompt
2. cd to C:\ColdFusion2016\cfusion\hf-updates.
3. Run the following:
> C:\ColdFusion2016\jre\bin\java -jar hotfix_001.jar -DINSTALL_FILES_OUTSIDE_CF=true
This will put up the files under a location that you would have selected while installing.
In this example I have selected the path as C:\CF2016_HF1_Files while installing.
Under the directory C:\CF2016_HF1_Files\hf-updates\hf-10-00001 all the added and modified files are there. These files are maintained with the target directory structure required. So, you just have to drop this directory into your ColdFusion Instance Root (Say, C:\ColdFusion2016\cfusion\)
Combine the steps 1 and 2 in your scripts and move these wherever you want them to be moved by replacing the target files with always file-overwrite option.
If there are any changes for JVM.config file or to some of configuration XML files which has the chance of being modified by end customers themselves, those files are not laid out as said above.
For Update 1 there are no such changes.
Method 2 ( Hotfix Silent Installation) :
Depending on your requirements sometimes even silent installation could also be useful.
After downloading the Hotfix from ColdFusion Administrator you can use that Hotfix installer jar file for silent installation on your own also.
Create a properties file and fill up with the following key/values depending on your installation.
INSTANCE_LIST value can be a list of comma-separated server instances that are created under a particular ColdFusion installation.
#COMMAND_INSTALL applies only to *INX based systems.
The parameter COMMAND_INSTALL=true makes sure that the server is started as ColdFusion runtime user(default is nobody) rather the root user. So, make sure to pass this param in Unix/Mac/Solaris machines.
On Non-Windows, value of USER_INSTALL_DIR looks as: $/$opt$/$coldfusion2016 ($/$ makes the installer to interpret the path properly depending on whether it is Windows or Non-Windows platform)
For JEE installation, USER_INSTALL_DIR value is the WAR directory containing CFIDE, WEB-INF and META-INF under it. An example is as follows:
And the key INSTANCE_LIST is NOT required at all for JEE.
You are ready to run the silent installation now.
1. While running the above Hotfix installer from command prompt please make sure that the jar installer runs on 32-bit jre for 32-bit ColdFusion and 64-bit jre for 64-bit ColdFusion installations. Beware that if you don't follow this, if the Hotfix contains platform-specific DLL files then the installed ones would be the bit reverse of what is actually desired.
2. Stopping and restarting the servers should be taken care by you.
cd to the directory containing hotfix_001.jar in your command prompt and run the following command.
> C:\ColdFusion2016\jre\bin\java -jar hotfix_001.jar -f <hotfix_properties_file_path>
There are no other extra manual steps required here unless a specific Hotfix requires some extra steps. Including Server Start/Stop every behaviour is same as if you are applying the Hotfix from ColdFusion Administrator. So, start/stop is also automatically taken care.