An important security fix for ColdFusion Builder 3 is now available for download. For more information on the vulnerability refer APSB16-44.
You can download the patch from here (md5 checksum : b67914e27ca4fb8e0fc5ecd354e9a330). Apply this patch to secure your ColdFusion Server and Builder installation. Follow the installation instructions detailed at this technote.
The server and express installers for Adobe ColdFusion (release 2016) have been refreshed. The installers are available for download at the ColdFusion product page at www.adobe.com. The new installer includes the following changes:
- The API Manager installer is decoupled from the ColdFusion Server installer.
- The new API Manager installer incorporates certain new features such as multi-tenancy, enhanced security, configurable policies, a dedicated update mechanism and support for Redis cluster and request/response compression. For a detailed description of these new features follow the links embedded in this technote. The API Manager installer would be made available very soon. We will update this post to share the location where the installer would be hosted.
- The ColdFusion installer incorporates ColdFusion 2016 Update 3 and updates JDK to version 1.8.0_112. For details on the changes that went out with Update 3 refer the Update 3 Release Notes document. The build number for this installation should be 2016,00,03,301771.
- The features listed below have been retired from the product and no longer ship with ColdFusion. For a detailed overview of the affected areas, refer the "Portlets" and "YUI and Spry" sections of the coldfusion-deprecated-features technote. In case you need to use any of these libraries you can download them from locations mentioned below.
- Portlets. download (md5 checksum : 93273a7b4ab8c650e5fa9cece518e099);
- YUI. download (md5 checksum : 827e0f8395d176ac28f46ed5e78004fd);
- Spry. download (md5 checksum : 750c275c20b291f00c1ba92c855a09d7).
To integrate the downloaded library, follow the instructions below:
- Stop ColdFusion sever.
- Download the libraries from the links mentioned above.
- Extract the downloaded files to the following locations:
- Extract portlets.zip file to <cf_root>/cfusion directory. Update the web.xml file at <CF_HOME>/cfusion/wwwroot/WEB-INF to re-introduce the mappings mentioned in the "Portlets" section of this technote.
- Extract yui.zip and spry.zip to ColdFusion's webroot at <cf_root>/cfusion. If your scripts directory is mapped to a non-default location (setting at CF admin > Settings > Default ScriptSrc Directory), unpack the zipped package manually and place it in the custom location following the structure in the package.
- Restart ColdFusion server.
If you are restoring just the YUI or Spry libraries, restarting the ColdFusion server is not required.
20 Dec, 2016 - added the web.xml mappings step in restoring portlets instruction. added reference to coldfusion-deprecated-features article.
NOTE: THIS POST has been made obsolete with the final release of these updates in Dec 2016. Please see the post announcing that.
The information below, this post and its comments, is left for history sake.
ColdFusion 11 Update 11 and ColdFusion Update 22 early access builds are now available for your testing and feedback. Please note that these are test builds and should not be used in a production environment.
For the list of bugs fixed with these updates, refer the following documents:
Follow the steps below to apply the update.
- Navigate to ColdFusion Administrator -> Server Updates -> Updates.
- Under Settings tab, check "Automatically Check for Updates" check box
- Change the Site URL to https://cfdownload.adobe.com/pub/adobe/coldfusion/PR/updates.xml.
- Click Submit to save your changes.
- Under the "Available Updates" tab, click on the “Check for Updates” button.
- "ColdFusion 11 Update 11" or "ColdFusion 10 Update 22" should be listed under the "Available updates" tab.
- Click on the "Download and Install" button to install the update.
To apply this update manually, download the required update by clicking on one of the applicable links below:
To run the downloaded jar, execute the following command:
java -jar <jar-file-dir>/hotfix_0xx.jar
You should use the JRE used by CF for running the update jar (for standalone CF, it should be <cf_root>/jre/bin)
For further details on the manual application of the updater follow this help article.
The build number after applying this update should be
11,0,11,300779 (Pre-Release) for ColdFusion 11;
10,0,22,300783 (Pre-Release) for ColdFusion 10.
In case, you have configured local site for receiving the update notifications, then please take back up of the URL before changing it to the prerelease URL.
We will look forward to your valuable feedback and suggestions.
Thank you to everyone that attended Adobe ColdFusion Summit 2016!
We hope you enjoyed the conference both for networking and awesome session content that our presenters provided. Though we have published many of the slide decks already, many of you have been asking for the actual PDF downloads to review on your own. The download link for the session decks is available on the FTP site below.
We hope to see you again next year!
Slide decks online: http://www.slideshare.net/ColdFusionConference
Dropbox share is available here
Nginx is a high-performance and open-source web server that is widely used in the web community. It can now be configured with ColdFusion 2016. With this post we are making available the prerelease build of the web-server connector for testing purposes.
The prerelese build is in the form of an Linux 64-bit installer that packages the following 2 components:
- The Nginx web server installer. This installer is a variant of the standard Nginx installer that packages the AJP modules that enbable the communication between the webserver and ColdFusion.
- WSconfig.jar. This is a modified version of the library present in ColdFusion's <cf_root>/cfusion/lib directory, that is required by the WSConfig tool when configuring a web server connector.
For detailed instructions on installing the webserver and configuring the connector, refer this document.
We will look forward to your suggestions and feedback.
Click on this link to download the source for the Ngnix Connector.
Revision (09 Jan 2017): The download link for Ngnix Connector source added.