How to Apply ColdFusion Updates/Hotfixes

ColdFusion
1

Adobe ColdFusion Updates/Hotfixes

Adobe regularly released updates for ColdFusion Server containing anything from minor hotfixes to critical security vulnerabilities. It is imperative that your ColdFusion Server remains fully up to date for both ColdFusion and Java updates. Practicing these guidelines will ensure your server remains performant and secure from the latest ColdFusion vulnerabilities.

Please review the details below for steps on how to update your ColdFusion Server. If you’d feel more comfortable with our ColdFusion experts applying an update for you, please don’t hesitate to contact our ColdFusion team.

Sanity Checks

Before ever applying a ColdFusion Hotfix you should review the prerequisites for the hotfix. There be required steps to properly apply the update such as updating the ColdFusion JDK version being used or upgrading your ColdFusion connector.

You can view details for each ColdFusion update below:

Steps

  1. First, we need to see if your ColdFusion Server has any updates available. To do this, sign into your ColdFusion Administrator and navigate to the ‘Package Manager’. In ColdFusion versions before 2021, this will be located in the Server Updates section of your ColdFusion Administrator.

  2. Within your Package Manager you should see a drop-down section for Core Server. This will show the available updates for your ColdFusion Server.

image
image2291×988 319 KB

  1. In this example, we will download the updated JAR directly onto the server by clicking the Download button. After the download completes we will receive a notification that the file has been downloaded successfully to a path specified in the notification.

image

  1. Next, we will open file explorer and navigate to the update file directory specified in the above screenshot.

  2. Once you’ve located the hotfix JAR in your explorer, you will have the option to double-click it and open ColdFusion’s hotfix application.

NOTE: If you get an error that the file extension is unrecognized it’s likely that you do not have a JDK installed on your server. A workaround for this would be to open the JAR file with ColdFusion’s default JRE via the command line. This can be achieved by executing the following command in an elevated command prompt.

C:\ColdFusion2021\bundles\updateinstallers> C:\ColdFusion2021\jre\bin\java.exe -jar .\hotfix-006-330132.jar

  1. Upon opening ColdFusion’s executable jar file for the Hotfix you will see an interface similar to the following:

image

  1. Navigate through the prompts and verify that the ColdFusion path is correct when asked where it is located.

image

  1. Finally, click the install button to begin the update process. IMPORTANT NOTE: The ColdFusion update will restart your ColdFusion application and you should expect anywhere from 5-10 minutes of unavailability in your ColdFusion web applications located on the server.

  2. After a few minutes you should see a notification in the installer interface that the update has been installed successfully.

image

Don’t stop yet!

You’re probably thinking we’re done here, but we are not :slight_smile: Hold tight and lets go through a few more sanity checks. We should

  1. Lets verify that the ColdFusion Server update actually installed successfully. You can do this by viewing the installation log file for the hotfix in the following path: C:\ColdFusion2021\cfusion\hf-updates\{hotfix-number}\Adobe_ColdFusion_2021_Update_6_Install_03_14_2023_09_44_35.log

  2. Open this file and take close note of the Summary section. You should see output similar to the following:

1546 Successes
0 Warnings
0 NonFatalErrors
0 FatalErrors
  1. Next, you should verify that your ColdFusion Applications are operating normally. Here are some questions you should be asking yourself:
  • Is my Application loading as it was before I applied the update?
  • Do my ColdFusion queries still work as expected?
  • Are remote CFHTTP requests still processing HTTP/HTTPS requests?
  • Is my Application performing as expected?
  • Do my ColdFusion collections still work?
  • Are my functions still operating as expected?

…You get the idea :slight_smile:

Help! The Update Broke My Site

In the event you need to urgently revert a ColdFusion update and do not have time to troubleshoot the issue further Adobe conveniently provides an uninstaller JAR for ColdFusion updates. This can be found and executed in the following directory: C:\ColdFusion2021\cfusion\hf-updates\{hf-update-number}\uninstall.

Simply run the Uninstaller.jar file to uninstall the latest update you applied to the server. After running the executable you can verify that the Uninstall completed successfully by referring to the Uninstaller logs located at: C:\ColdFusion2021\cfusion\hf-updates\{hf-update-number}\Adobe_ColdFusion_2021_Update_6_Uninstall_03_15_2023_12_11_49.log

Uninstallation: Successful.

17 Successes
0 Warnings
0 NonFatalErrors
0 FatalErrors

Require Our Assistance?

Again, please don’t hesitate to contact our ColdFusion team if you’re uncomfortable with any of these steps or would just feel better knowing our team assisted you and is experienced in this process.