ColdFusion 10 Mandatory Update

There is a mandatory update to ColdFusion 10 that all ColdFusion 10 users need to apply on all platforms.

[Update: The mandatory update was refreshed. Take a look at the latest update here ]

You can download the update from here: http://www.adobe.com/support/coldfusion/downloads_updates.html

Detailed instructions on how to apply this update is available in the technote here: http://helpx.adobe.com/coldfusion/kb/coldfusion-10-mandatory-update.html

You can run the update from the command line either in the GUI or in the silent mode by following the steps outlined here: http://help.adobe.com/en_US/ColdFusion/10.0/Admin/WSe61e35da8d318518-33adffe0134c60cd31c-7ffe.html

 

 

All ColdFusion updates are now signed with the new code signing certificate because of a code signing certificate revocation. This mandatory Update ensures that your current installation of ColdFusion 10 is updated with the new code signing certificate. This update is also required for proper functioning of the auto update functionality in ColdFusion 10. Adobe strongly recommends that you apply this update.

For more details of the code signing revocation read the KB article here : http://helpx.adobe.com/x-productkb/global/certificate-updates.html

 

 

 

 

31 thoughts on “ColdFusion 10 Mandatory Update

  1. This is insane. The *whole point* of the new updates system in CF10 was *never needing to run weird stuff on the command line again*…

    No longer delivering security updates until manual action is taken is almost as bad as not having them at all.
    Does an alert at least show in the Admin ?

    PS Your captcha uses circles in the background, and also in the required text, and it’s impossible to know which is which…

  2. The ‘normal’ recovery procedure for a broken cert would be an update with the old one that installs the new one. Why can’t this be done ? It’s a lot better than leaving all your CF10 users unprotected from future updates…

  3. Key exchange and revocation is a solved problem.

    The obvious one is a back up key that is only used when the primary needs rotating.

    ” If tom sends this message with old KEY, it is not secure ”
    However, the chance of anyone being able to intercept it is very very low, and if the alternative is in the mean time that anybody can still use old KEY, that’s worse than trusting the old KEY to issue an update to NEW_KEY.

    I’m not Bruce Schneier though 🙂

  4. Hi Hemant,

    after successfully applying the mandatory update (at least the updater did not complain about anything) my CF install still shows version 10,282462. I am unable to install any update though the administrator, they all get checksum verification errors while downloading.

    System: Win7, CF10 Server config

    Do you have any recommendation what I might need to do?

    Thanks

    Chris

  5. Hi Hemant,

    as a follow up: I tried to install the mandatory update on a new CF10 standalone install unter SuSE Linux. It’s basically the same, CF Admin shows version 10,282462 after the update.

    Installer ran in console mode, I was using root to install it. The update log shows 61 Successes, 0 Warnings, 0 NonFatalErrors and 0 FatalErrors. Yet the version number still is like it was before the patch.

    Can I check any file to see if it has been updated? Anything else?

    Chris

  6. Hi Chris,

    Is it English or JP installation?
    It it is JP installation it is miss from our side we are going to refresh the build.
    If it is English -> Can you please tell whether the following file is installed or not?
    opt/coldfusion10/cfusion/lib/updates/hf1000-3332326.jar

    Are you able to download and install the Update 1/Update 2 now?

    Are you getting Signature verification failed error or Check sum verification failed error?

    1)If Mandatory Update is not applied properly Signature verification failed error will come.
    Or the download would have been corrupt -> Re-download for this case.

    2)If Checksum verification failure comes while downloading:
    There could be browser cache of the updates xml file. When there is modification to the updates file(refresh of the build), your browser might still be verifying the install jar’s checksum with cached updates file that lists the checksum.

    To workaround this, do Ctrl+F5 to clear cache in your browser and then click on ‘Check for Updates’. And now if you try to Download and Install, it should all be fine.

    Thanks,
    Krishna

  7. Last screen of installer contains this:

    Restarting the server(s) …This may take a while. Check the server status after sometime.

    The “sometime” is incorrect in this case and should be 2 words: “some time”.

    Thanks,
    -Aaron

  8. Windows 7sp1
    IIS 7.5
    CF10 Developer edition
    Hello,
    Attempted running cf10_mdt_updt.jar as per directions installer launches and stops CF services… proceeds to install then hangs early in progress bar. Need to shut it down using task manager. Three attempts same result. Attempted silent install more verbose logs… same result no successful update. Stumped…

  9. When i run it.. it gives me this:

    C:UsersAdministrator>C:UsersAdministratorDownloadscf10_mdt_updt.jar
    Exception in thread “main” java.lang.NoClassDefFoundError: C:UsersAdministrato
    rDownloadscf10_mdt_updt/jar
    Caused by: java.lang.ClassNotFoundException: C:UsersAdministratorDownloadscf
    10_mdt_updt.jar
    at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
    at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
    Could not find the main class: C:UsersAdministratorDownloadscf10_mdt_updt.ja
    r. Program will exit.

  10. @PV
    What is the md5 check sum of the jar file?
    It looks like, the jar file might have been an incomplete download. Do you want to try re-downloading and install and let me know?

    Thanks,
    Krishna

  11. @andrewp ,
    Hi,
    Can you please try the following?
    Create a new directory in any of your system drive(Basically the idea is that this directory shouldn’t contain many files.).
    For example: C:hotfix
    Then place the jar file cf10_mdt_updt.jar under C:hotfix.
    Then open a command prompt with ‘Run as Administrator’ option. Then do ‘cd’ to ‘C:hotfix’.
    Then launch the Hotfix by calling the following from command prompt.
    >java -jar cf10_mdt_updt.jar

    Please let me know whether this is working fine or not.

    Thanks,
    Krishna

  12. @Krishna,

    thanks for your efforts and sorry my reply took so long.

    Actually with the windows machines I had to reboot the server in order to get the download of Update 2 working. Before reboot I always got Checksum Verification Error.

    I did not reboot the Linux machine, but the download of Update 2 worked after I returned to the client about one week later.

    Still all three machines show Version 10,282462

    Best,

    Chris

  13. I tried the mandatory update but I keep getting ‘java’ is not recognized as an intyernal or external command. Does something else need to be installed first? thanks

  14. @Louis: Your path is broken, because it doesn’t contain a Java binary path. Java is incorrectly installed. With out knowing your O/S and environment we can’t help. Try posting to the forums.

  15. ColdFusion 10 Mandatory Update

    We are following the “For J2EE installations”
    On Windows
    In Silent mode (for unexploded EAR/WAR deployment)

    Here’s what our install_properties_file looks like…
    INSTALLER_UI=SILENT
    USER_INSTALL_DIR=C:TEMPCF10hotfix
    INSTALL_FILES_OUTSIDE_CF=true
    DONOT_START_SERVERS_POST_INSTALL=true

    Here’s the command we are using…
    C:TEMPCF10work> java -jar cf10_mdt_updt.jar -i silent -f install.props

    After running the command:
    1) The C:TEMPCF10hotfix dir is empty
    2) One new dir was created under work named TEMPCF10hotfix
    C:TEMPCF10workTEMPCF10hotfix
    3) The TEMPCF10hotfix dir is empty
    4) Two files were created under C:TEMPCF10work
    f553e11813c44c897f7.details
    f553e11813c44c897f7.notes
    5) The .notes file is empty
    6) The .details file is 2k in size
    no errors and the last line says…

    Install Directory: C:TEMPCF10hotfix
    Status: SUCCESSFUL

    Per the instructions…
    “First, install the hotfix files outside your EAR/WAR on your system and then manually update the EAR/WAR.”

    But there were no files after running the command…?

  16. These instructions are for applying any general Hotfix.
    Since Mandatory update is a one-time thing, some of the these general instructions are not taken care.
    So, for your current case, you can explode the EAR, apply the Hotfix using UI installation and EAR it back.

    OR
    To get the Hotfix files, you can do the following shortcut as well if you wish.
    cd to C:TEMPCF10hotfix
    then run the command
    >mkdir WEB-INFcfusionlibupdates

    Then run the command
    >java -jar C:TEMPCF10workcf10_mdt_updt.jar -i silent -DUSER_INSTALL_DIR=C:TEMPCF10hotfix

    Files will be properly laid out under C:TEMPCF10hotfixWEB-INF and you can update your EAR accordingly.

    Thanks,
    Krishna

  17. Wow..
    Windows 7sp1
    IIS 7.5
    CF10 Developer edition
    Hello,
    Attempted running cf10_mdt_updt.jar as per directions installer launches and stops CF services… proceeds to install then hangs early in progress bar. Need to shut it down using task manager. Three attempts same result. Attempted silent install more verbose logs… same result no successful update. Lol

  18. I notice that on here it says the mandatory update is no longer required with the latest download, but the cfadmin still tells you to do it, and if you read the install instructions it says
    “ColdFusion 10 users (build number 282482 or 283922) who have not applied any updates”

    And the current download is build 283922

    So there is conflicting instructions here.

    I have just done clean CF10 install and the mandatory update has broken CF, it will no longer start, and nothing is recorded in the logs either.

    If this update is no longer required and breaks CF (which seems to be the case), then you need to make this very clear and sort out these conflicting instructions.
    The updater needs to check whether it is required/installed and only tell you to install it if it is actually required.

  19. I find it rather poor that the Adobe CF10 installer still not has the “mandatory update” from back then baked in and we need to manually install this. Certainly not very user friendly.

  20. Hi – I installed CF10 on Mac OS X 10.9 )local dev machine) and accidentally tried to install Update 6 or 7, before applying the mandatory update. After that, the mandatory update would not install (“this is only for CF10!” – duh!). After uninstalling CF10 again and installing it under a new user name and applying the mandatory update first, I got it working. Thanks to this guy’s instructions that is: http://www.brilang.com/2012/06/installing-coldfusion-10-under-mamp-pro-2-on-os-x-lion/1137

  21. @Snake and Jonas: You can install CF10 updates 8, 9, 10 and 11 without installing the mandatory update. But mandatory update is needed to be installed in order to, install update 12 and 13 directly, in the new build of ColdFusion 10 (available to download at http://www.adobe.com) .Also, if you install the update 8 first, and then try to install the update 12 or 13, you will be able to do it successfully without applying the mandatory update.

    The conclusion is, Users who are at ColdFusion 10 Update 8 and above need not to apply mandatory update for updating to CF10 update 12 or 13. But the users on update 7 and below will have to apply the Mandatory Update to directly go to update 12 and 13.

    However, we haven’t found any scenario in which mandatory update is breaking CF10.

  22. Anit, as per my previous post, installing the mandatory update completely broke CF, I had to reinstall it and then install the latest update WITHOUT the mandatory update.
    All the instructions are contradictory.
    Rakshith said above “The latest installers for Windows has mandatory update baked in. There is no need to apply it if you are using the installers available post March 5th.”

    But the cfadmin says “”ColdFusion 10 users (build number 282482 or 283922) who have not applied any updates”

    You have now confused this further by saying the mandatory update is required before you can install update 12 or 13 but not if you install update 8 first? How would anyone know this ? And it did not work for me as stated.
    You need to make this more clear in the cfadmin, which needs to detect what is required and inform users, not require users to search your blog and forums to work out how to install updates, it rather defeats the point of the updater.

  23. Snake: We apologize for the inconvenience caused. Can you contact us at cfinstaladobecom regarding your concern. We will assist you.

    As far as Rakshith’s comment is concerned, it was from April 2013. That held absolutely correct till we had new installers for supporting Windows 8 and Server 2012. There were some issues, due to which Mandatory update was back in the scenarios, as discussed above.

    ColdFusion 10 mandatory update says, “If you have ColdFusion 10 on Update 8 or later, you need not apply this update.” And ColdFusion 10 Update 13 says, “If you have not already applied ColdFusion 10 Mandatory Update, apply it first. This step is not required if you have ColdFusion 10 Update 8 or later.”

    Both of these holds appropriate and justifies the point mentioned in my previous post. Please let us know, for any concerns further. We appreciate your involvement.

  24. This was a pain due to the multiple instructions. Just commenting what I did to make this work.
    1) Download the update
    2) Create a new folder, C:downloads
    3) Copy the cf10_mdt_updt.jar into the new folder
    4) click on the start button, right click on the command prompt icon, and run as administrator
    5) Copy this string, and paste it into the command prompt:
    C:ColdFusion10jrebinjava -jar C:downloadscf10_mdt_updt.jar
    6) That should load the GUI, you can take it from here.

Leave a Reply

Your email address will not be published. Required fields are marked *