Entries Tagged as 'ColdFusion'

This post is to announce the release of the following ColdFusion updates:

ColdFusion 2016 Update 4

ColdFusion 2016 Update 4 introduces support for Windows Server 2016, upgrades Tomcat to version 8.5.11.0 and fixes 115 bugs (including 52 external bugs) in areas such as Security, Language, Charting and Performance. This update also addresses vulnerabilities mentioned in the security bulletin APSB17-14.  For details and instructions on how to apply this update refer this technote.

ColdFusion 11 Update 12

ColdFusion 11 Update 12 upgrades Tomcat to version 7.0.75. It also addresses vulnerabilities mentioned in the security bulletin APSB17-14 and fixes 59 bugs (including 28 external bugs) related to areas such as AJAX, Charting and Language. For details and instructions on how to apply this update refer this technote.

ColdFusion 10 Update 23

ColdFusion 10 Update 23 upgrades Tomcat version to 7.0.75. This update addresses vulnerabilities mentioned in the security bulletin APSB17-14 and includes a total of 17 bug fixes (including 7 external bugs) related to Language, Charting, Scheduler, Document Management and certain other areas. For details and instructions on how to apply this update refer this technote.

 

Read more...

I made a post last week regarding this and now would like to pass this on to wider audience, as well.

The “Core Support” for ColdFusion 10 ends on May 16, 2017. That means, no more Security patches/updates by Adobe for this version of ColdFusion after mid of May 2017. The detailed timelines are mentioned here in the EOL Matrix.

What is Core Support then? Core support is the time frame wherein the product and the support programs are available. This provides, five years of product support from the general availability date of a product.

General availability  is the date when the product and the support programs are announced and available for purchase.

Extended support provides an additional two years of Platinum Maintenance and Support services after the end of Core Support. Extended Maintenance and Support provides the extra time you may need, to plan your migration to Adobe’s latest technology. Here is the source.

So, if you are on version 10 or prior then, its the correct time for you to upgrade. This will ensure your eligibility of getting Security updates and patches timely from Adobe, for the supported versions of ColdFusion, as and when released.

This post is to announce the release of ColdFusion 11 Update 11 and ColdFusion 10 Update 22.
Update 11 and Update 22 fix approximately 164 and 45 bugs respectively. For the list of bugs fixed in these updates, refer the following documents:
Bugs fixed with Update 11
Bugs fixed with Update 22

Follow the steps below to apply the updates:

  1. Navigate to ColdFusion Administrator -> Server Updates -> Updates.
  2. Switch to the "Settings" tab.
  3. Ensure that the update site URL is set to the right value by clicking on the "Restore Default URL" button.
  4. Click on "Submit changes" to save your changes.
  5. Switch to "Available Updates" tab. Click on "Check for Updates".
  6. "ColdFusion 11 Update 11" or "ColdFusion 10 Update 22" should be listed under the "Available updates" tab. 
  7. Click on the "Download and Install" button to install the update.

Refer the following technotes for instructions and other details related to the updates:

ColdFusion 11 Update 11 technote 
ColdFusoin 10 Update 22 technote

To apply these updates manually, download the required update by clicking on one of the applicable links below:

ColdFusion 11 Update 11 jar
ColdFusoin 10 Update 22 jar
 
To run the downloaded jar, execute the following command:
java -jar <jar-file-dir>/hotfix_0xx.jar
You should use the JRE used by ColdFusion for running the update jar (for standalone CF, it should be <cf_root>/jre/bin)
For further details on the manual application of the updater follow this help article.
 
The build number after applying this update should be:
11,0,11,301867 for ColdFusion 11;
10,0,22,301868 for ColdFusion 10.

An important security fix for ColdFusion Builder 3 is now available for download. For more information on the vulnerability refer APSB16-44.

You can download the patch from here (md5 checksum : b67914e27ca4fb8e0fc5ecd354e9a330). Apply this patch to secure your ColdFusion Server and Builder installation. Follow the installation instructions detailed at this technote

The server and express installers for Adobe ColdFusion (release 2016) have been refreshed. The installers are available for download at the ColdFusion product page at www.adobe.com. The new installer includes the following changes:

  • The API Manager installer is decoupled from the ColdFusion Server installer.
  • The new API Manager installer incorporates certain new features such as multi-tenancy, enhanced security, configurable policies, a dedicated update mechanism and support for Redis cluster and request/response compression. For a detailed description of these new features follow the links embedded in this technote. The API Manager installer would be made available very soon. We will update this post to share the location where the installer would be hosted.
  • The ColdFusion installer incorporates ColdFusion 2016 Update 3 and updates JDK to version 1.8.0_112. For details on the changes that went out with Update 3 refer the Update 3 Release Notes document. The build number for this installation should be 2016,00,03,301771.
  • The features listed below have been retired from the product and no longer ship with ColdFusion. For a detailed overview of the affected areas, refer the "Portlets" and "YUI and Spry" sections of the coldfusion-deprecated-features technote. In case you need to use any of these libraries you can download them from locations mentioned below.
    • Portlets. download (md5 checksum : 93273a7b4ab8c650e5fa9cece518e099);
    • YUI. download (md5 checksum : 827e0f8395d176ac28f46ed5e78004fd);
    • Spry. download (md5 checksum : 750c275c20b291f00c1ba92c855a09d7).

 To integrate the downloaded library, follow the instructions below:

  1. Stop ColdFusion sever.
  2. Download the libraries from the links mentioned above.
  3. Extract the downloaded files to the following locations:
    • Extract portlets.zip file to <cf_root>/cfusion directory. Update the web.xml file at <CF_HOME>/cfusion/wwwroot/WEB-INF to re-introduce the mappings mentioned in the "Portlets" section of this technote.
    • Extract yui.zip and spry.zip to ColdFusion's webroot at <cf_root>/cfusion. If your scripts directory is mapped to a non-default location (setting at CF admin > Settings > Default ScriptSrc Directory), unpack the zipped package manually and place it in the custom location following the structure in the package.
  4. Restart ColdFusion server.

If you are restoring just the YUI or Spry libraries, restarting the ColdFusion server is not required.

Revisions

20 Dec, 2016 -  added the web.xml mappings step in restoring portlets instruction. added reference to coldfusion-deprecated-features article.