New updates for ColdFusion 9, 9,0.1, 9.0.2 and 10 - Java 7 now supported

February 27, 2013 / Rakshith Naresh 58 Comments

  Security | Adobe ColdFusion | Announcements | Rapid Application Development | web application | web application development | web application security | web programming

[Update: All the technotes ( for CF10, CF9, CF9.0.1 and CF9.0.2) now have an update section to reflect the change that was made. The refreshed CHFs for ColdFusion 9 and the refreshed ColdFusion 10 update 8 contains a fix for the an issue in Google Maps. New CHFs have been released for CF9 and CF9.0.1 - Read the related post here]

 

The new cumulative hotfix for ColdFusion 9.0, 9.0.1, 9.0.2 includes support for Google Maps JavaScript API v3 and JDK 1.7 Update 15.These Cumulative Hotfixes consists of previously released cumulative hotfixes and security updates.

Details of cumulative hotfixes are here - 9.0, 9.0.1, 9.0.2

 

ColdFusion 10 Update 8 includes support for Google Maps JavaScript API v3, Mac OS X Mountain Lion 10.8 and JDK 1.7 Update 15. It includes all the bug fixes from previous updates of ColdFusion 10. 

You apply this update using the update mechanism within ColdFusion 10 Administrator.

For more details about the update, refer the link here.

 

 


58 comments so far ↓

  • 1 David Epler // Feb 27, 2013 at 7:26 AM
    Question regarding the CHF 2 for 9.0.0. Was BugID 81860 (http://kb2.adobe.com/cps/825/cpsid_82547.html) rolled into it? From the listing of bugs in CHF 2 it doesn't appear that was and is the only bug between releases of CHF 1 and CHF 2 for 9.0.0 that was releases as a separate hot fix.
  • 2 David Epler // Feb 27, 2013 at 8:26 AM
    Also could this page be updated to list the new CHFs for ColdFusion 9?

    http://helpx.adobe.com/coldfusion/kb/hot-fixes-coldfusion-9.html
  • 3 Bob Clingan // Feb 27, 2013 at 9:42 AM
    The auto-update feature does not work me on CF10.. we are getting an error that says it can't deploy the update for j2ee server.
  • 4 Ben Riordan // Feb 27, 2013 at 12:26 PM
    I think this update might break or change javascript functionality for ColdFusion.Map.getLatitudeLongitude?

    Uncaught ReferenceError: GClientGeocoder is not defined cfmap.js line 171

    In the meantime I've downgraded.
  • 5 shigemii // Feb 27, 2013 at 6:18 PM
    If the cumulative hotfix contains APSB13-03, I think we need to move hf900-00009.jar and hf901-0008.jar to a back up location?
  • 6 Rick Smith // Feb 27, 2013 at 7:20 PM
    Have to say the patch AND the switch over to Java 7 are working flawlessly! Thank you Adobe!
  • 7 Rakshith Naresh // Feb 27, 2013 at 11:46 PM
    @David: We will have someone from the team respond to your query. And yes, we will be updating the page that you have pointed out. Thanks for letting us know!

    @Bob: For a J2EE deployment, you will have to install the update from the command prompt. There is a great blog entry from one of our engineers who addresses this. Here's the link for the blog post. http://blogs.coldfusion.com/post.cfm/coldfusion-hotfix-installation-guide Scroll to the solution for the question posed in the entry that goes like this "How to apply the Hotfix in case of ColdFusion deployment to App Server/JEE Server?"

    @Ben: This looks like an issue. Can you please log a bug for this? http://bugbase.adobe.com

    @Shigemii: Yes. You will have to move those jars out. The instructions will be updated to mention that point. Thanks!

    @Rick: Great to hear this! Thanks!
  • 8 Tom Chiverton // Feb 28, 2013 at 6:24 AM
    This is great news; is CF9.01 now supported on any 1.7.x release going forward, just like 1.6.x was or do we have to wait for each to be certified ?
  • 9 Tom Chiverton // Feb 28, 2013 at 7:15 AM
    Oh, except it appears CF 9.0.1 CHF3 breaks some cfscript syntax : Bug id #3508592
  • 10 Carl Meyer // Feb 28, 2013 at 3:36 PM
    Can CF product updates web page be edited to inform CF9.0.2 has CHF1 available? Refer:
    http://www.adobe.com/support/coldfusion/downloads_updates.html
  • 11 Rakshith Naresh // Mar 1, 2013 at 4:17 AM
    @Tom: Thanks for reporting.

    @Carl: Yes, the page will be updated
  • 12 Rakshith Naresh // Mar 1, 2013 at 4:45 AM
    @Tom: Yes, We will continue to support 1.7.x just like what we had for 1.6
  • 13 Bob Clingan // Mar 1, 2013 at 5:20 AM
    So the auto-update feature is not supported on J2EE installs?
  • 14 Ron Stewart // Mar 1, 2013 at 8:58 AM
    Mac OS X 10.7, CF9.0.1 Developer Edition updated to CHF3 running under Apache; Oracle Java 7 JDK 1.7.0_15 installed (in addition to the stock Apple Java 6 JRE).

    I am unable to convince ACF9 to use the installed Java 7 JRE. I have tried to point ACF at the Java 7 JRE through the CF Administrator UI, by manually editing ../runtime/bin/jvm.config to point to the Java 7 JRE, and by setting and exporting environment variable JAVA_HOME before starting ACF9 from the command-line. In all cases, the "Settings Summary" within the CF Administrator continues to list the Apple Java 6 JRE installed in /System/Library/Java/JavaVirtualMachines/1.6.0.jdk as the JRE in use. If I have the ../runtime/bin/jvm.config specify java.home=/Library/Java/JavaVirtualMachines/jdk1.7.0_15/Contents/Home, that path shows on the "Java and JVM" settings page within the CF Administrator but the "Settings Summary" continues to list the Apple Java 6 JRE as what is in use.

    So with all of that, it appears that I am unable to tell ACF9 to use a different JRE. The behavior leads me to believe that the java.home setting in jvm.config is ignored for ACF9 on Mac OS X.
  • 15 piyush // Mar 1, 2013 at 10:23 AM
    @Tom, with ref to bug 3508592, we are working on diagnosing the cause.
  • 16 David Epler // Mar 1, 2013 at 11:56 AM
    @Ron

    I can confirm the same. I cannot get ACF 9.0.1 with CHF3 on OS X 10.7.5 to start with Oracle Java 1.7.0_15. Stepped through the same things. Also changed JAVA_HOME in {cf_install}/bin/coldfusion to point to Java 7. The {cf_install}/bin/coldfusion is just a wrapper for {cf_install}/runtime/bin/coldfusion9.

    My best guess is that {cf_install}/runtime/bin/coldfusion9 is hardwired to use the Apple installed JVM (probably ALL the executables in that directory are) since there is a string contained inside the executable referencing /System/Library/Frameworks/JavaVM.framework/Versions/A/JavaVM
  • 17 Christian // Mar 4, 2013 at 9:38 AM
    subscribe
  • 18 David Epler // Mar 4, 2013 at 5:57 PM
    Where CFIDE9.zip, CFIDE-901.zip, and CFIDE-902.zip of the respective CHFs updated? The hashes I have for the files from Feb 27 are now different and appear to have been updated on March 1st?

    Seems like CFIDE/scripts/ajax/package/cfmap.js was updated on 02-28-13 19:51.
  • 19 Adam Cameron // Mar 4, 2013 at 7:43 PM
    Just subscribing...
  • 20 Rakshith Naresh // Mar 5, 2013 at 3:11 AM
    @David: You are right. But there is no announcement yet about it as we are in process of making another update. This has got to with a few issues that were reported. Stay tuned for any announcement regarding this. At the same time, if anyone goes ahead and applies this CHF, they should be good too.
  • 21 Scott Anderson // Mar 5, 2013 at 7:20 AM
    @Rakshith: You have to be kidding me. I updated a bunch of my development servers with this update last week. And was about to roll it out to my production boxes this week. If I had done this I would be effectively running a different version on development than on production. Furthermore if you have made some silent updates and then continue to make silent updates it becomes quite difficult for me to know what real version of software I am running on any given machine. That a company selling "enterprise" software would make several silent releases like this is the worst kind of build and release management I may have ever seen. I'm truly astonished.
  • 22 Tom Chiverton // Mar 5, 2013 at 7:43 AM
    @Scott
    You beat me to it. Software, once released to the public, *especially* if it's a patch, mustn't be changed with out updating something somewhere to say it's a newer version ! You jumped to the conclusion Adobe changed something silently, but more security concious people would think someone else could have changed it...

    @Rakshith
    So some CF9.0.1 servers will report CHF3 and mean CHF3.0, while some will report CHF3 and mean CHF3.1 ? How on earth are we (and services like HackMyCf) meant to keep track of things ? If you don't update the release notes (or, better, make a follow up release with a different number) and make a public announcement, how do we make sure we're even aware there is a 'bad' version of the files and we need to reapply the fix ?

    This is not how software costing upwards of £5k should be managed... it feels like you are scrambling around hacking at stuff, tbh, though I know that's not what is happening it's the impression we're seeing...
    If the answer to this is 'CF10 does it for you', the same problem applies. If you just update the patch file on the server some servers will have applied it before you changed and some not. No having CF10 compare checksums for every patch ever released every time it checks for updates wont scale either.

    Honestly- package management is a solved problem; more so if you only have a simple ordered list of dependencies like CF updates. How can you guys get this wrong ?
  • 23 Rakshith Naresh // Mar 5, 2013 at 7:52 AM
    @Scott, @Tom: We are not recommending you to update, that is why you don't *see* an announcement. We will have new CHFs coming out for CF9 and CF 9.0.1. And you will see an announcement going out with the new CHFs asking you to update. Until then there is no need for you apply the CHF yet again.
  • 24 Tom Chiverton // Mar 5, 2013 at 8:03 AM
    @Rakshith
    Thanks for clarifying. It sounds to me like there is no point applying CHF3 to CF9.0.1 right now, because at some point in the near future we'll have to do it again ? And there is something wrong with CHF3 (well, I know there is, see bug up thread :-) ) so applying it to a fresh server isn't a good plan ?

    Likewise, no point continuing to test the CHF on staging machines because it'll all have to be redone.

    But if it's not a recommended update, it shouldn't be in the files linked to from the recommended CHF download page though - there are other ways for you guys to get files to people who need to try stuff out ahead of a public release !
    You can't be meaning that anyone running the updated CHF3 files (as opposed to the original CHF3 files) is now running in a non-recomended way ?
  • 25 Rakshith Naresh // Mar 5, 2013 at 8:13 AM
    @Tom: What I mean to say is that, if you have already applied the CHF, there is no need for you go ahead and update it again because it was modified. If someone has applied the modified update, they are good too.

    I will make a post clarifying regarding the new CHFs that will be released.
  • 26 Tom Chiverton // Mar 5, 2013 at 8:24 AM
    @Rakshith
    So what's the difference between them then ? If we're 'good' with either the first or second CHF3 release, why was it even updated ?
  • 27 David Epler // Mar 5, 2013 at 8:29 AM
    @Rakshith

    What you are saying makes no sense to me. Just based upon the changing of cfmap.js between Feb 27 and March 1 means that if any one applied the CHFs prior to March 1 they will probably get the error noted in Comment #4.

    I still have not heard a response regarding my question in Comment #1 dealing with rollup of hf900-81860 into CHF2 for CF 9.0.0.

    I am also assuming that the update will include fix to Bug ID 3508592, Comment #9

    And finally Java 7 support on OS X absolutely doesn't work. Nothing I have done has been able to get CF to start with Oracle Java 7 instead of Apple Java 6. Tried a clean install of CF 9.0.2 with CHF 1 as well. same result as CF 9.0.1 w/CHF 3 on OSX 1.7.5. Comments 15 & 16

    So no matter what there are multiple outstanding bugs which would require applying a NEW set of CHFs for appropriate version of CF 9 installed.
  • 28 Rakshith Naresh // Mar 5, 2013 at 8:33 AM
    @Tom: It was a mistake. The technote will be updated to indicate new CHFs that will be released.
  • 29 Rakshith Naresh // Mar 5, 2013 at 8:50 AM
    @David:
    "Just based upon the changing of cfmap.js between Feb 27 and March 1 means that if any one applied the CHFs prior to March 1 they will probably get the error noted in Comment #4."
    Yes, that is correct. But there are more issues that have been noticed that were not a part of the CHF. We are fixing all of it with a new CHF.

    I will have one of engineers respond to your question in comment #1.

    We will provide a fix for all the issues reported in the new CHF.
  • 30 Tom Chiverton // Mar 5, 2013 at 8:59 AM
    @Rakshith
    I really think you should consider, if you haven't already, pulling the hot fix... it seems to raise as many new issues as it solves.
    JVM 1.7.x support isn't critical until someone finds a bug or security problem in 1.6.x that Oracle don't fix. But then, of course, it'll become 'right now' critical...
  • 31 Rakshith Naresh // Mar 5, 2013 at 9:03 AM
    @Tom: We are not far away from the new CHF release. So the approach that we are taking now is to update the technote to let everyone know of the new CHF that is on its way.
  • 32 phill.nacelli // Mar 5, 2013 at 9:22 AM
    BTW, I'm sure you already know, but Oracle just released a new jvm update (mandatory security vulnerability - browser exploit only)..
  • 33 phill.nacelli // Mar 5, 2013 at 9:23 AM
    and I'm talking about today, not the one from a few days ago, this is Update 17 now.
  • 34 David Epler // Mar 5, 2013 at 10:42 AM
    @Rakshith

    Just another followup question given the cfmap.js issue in the CHFs for 9. Did Adobe also "sliently" update Update 8 for CF 10?
  • 35 Ben Riordan // Mar 5, 2013 at 11:06 AM
    @Rakshith

    I and I'm sure most people here very much appreciate your attentiveness and quick answers to the community. Because of this we quickly understand what is going on with this hot fix and have open communication with the product team.

    That said, please do what you can to make sure this "silent update" does not happen again. I would much rather have back to back updates even 3 or 4 in the same couple days than a silently amended update. Additionally I suggest re-evaluating testing procedures before an update goes out. It is so common now that coldfusion updates contain critical issues that I will wait for community feedback before accepting an update.

    Thanks,

    ~ Ben
  • 36 Rakshith Naresh // Mar 6, 2013 at 7:18 AM
    @Ben: I agree with you that we have to make improvements related to process that is followed for updates. This update has important lessons for us take care of going forward.
  • 37 Jim Stout // Mar 6, 2013 at 7:38 AM
    @Rakshith

    So.....all of this being said, is my summary correct in that we are waiting for hotfix 4 for 9.0.1? And this can be applied over hotfix 3 for 9.0.1 (on those development and test servers I have already applied HF 3 to)?
  • 38 Rakshith Naresh // Mar 6, 2013 at 7:41 AM
    All the technotes ( for CF10, CF9, CF9.0.1 and CF9.0.2) now have an update section to reflect the change that was made. The refreshed CHFs for ColdFusion 9 and the refreshed ColdFusion 10 update 8 contains a fix for the an issue in Google Maps. The technotes for ColdFusion 9 and 9.0.1 also indicate the upcoming CHFs.
  • 39 Jim Stout // Mar 6, 2013 at 8:25 AM
    @Rakshith

    Thank you...The way in which I need to proceed makes perfect sense...finally. ;-)
  • 40 David Epler // Mar 6, 2013 at 9:04 AM
    @Rakshith

    Just want to make sure I completely understand what has been updated at the top of the technotes regarding ColdFusion 9.0.x, OS X, and Java 7 support. They all have a block that reads similar to:

    "JDK 1.7 is only supported on Mac OS X 10.7 and above. Refer this article for more details. As ColdFusion 9.0.2 does not support Mac OS X 10.7 (refer Support Matrix), Cumulative Hotfix 1 does not certify ColdFusion 9.0.2 with JDK 1.7 on Mac OS X."

    1) ColdFusion 9.0.x when installed as standalone or multiserver on OS X 10.7 or 10.8, Java 7 will never be supported in that configuration.

    or

    2) At some later point ColdFusion 9.0.x through CHF or other type of update will support Java 7 on OS X 10.7 and 10.8

    If #1 is true, then the only way to have ColdFusion 9.0.x run with Java 7 on OS X is to have it installed as a WAR inside another JEE container/server (Tomcat, JBoss, etc).
  • 41 Rakshith Naresh // Mar 7, 2013 at 2:56 AM
    @David: We are not considering supporting CF9 on 10.7 or 10.8. So it is going to be only #1.
  • 42 David Epler // Mar 7, 2013 at 4:25 AM
    @Rakshith

    I would then suggest that the support matrix (http://www.adobe.com/products/coldfusion/pdfs/cf9_support_matrix_4_ue.pdf) should be updated to clearly indicate that both Windows 7 and Windows Server 2008 R2 are both supported since they currently are not listed, along with the versions of Java supported per platform.
  • 43 Rakshith Naresh // Mar 7, 2013 at 4:28 AM
    Agree. The support matrix for both CF9 and CF10 needs an update. You will see it updated shortly.
  • 44 Rakshith Naresh // Mar 8, 2013 at 6:56 AM
    New CHFs for CF9 and CF9.0.1 have been released: Please take a look at this post : http://blogs.coldfusion.com/post.cfm/new-chfs-for-cf-9-and-cf-9-0-1
  • 45 Tom // Mar 11, 2013 at 7:12 AM
    What about Java 7 for CF 8?
  • 46 Rakshith Naresh // Mar 11, 2013 at 7:35 AM
    Java 7 will not be supported for CF 8. CF 8 is no longer a version that has core support from Adobe.
  • 47 Russ // Mar 25, 2013 at 1:08 PM
    You really need to put this info on the ColdFusion downloads/updates page, as it still is not there.
    Many people rely on that page, and have been hacked due to the updates not being listed there, not everyone reads this blog.
  • 48 Danny // Mar 26, 2013 at 4:26 PM
    What @Russ said. This should be visible on http://www.adobe.com/support/coldfusion/downloads_updates.html.

    How would one subscribe to alerts for these hotfixes, delivered via email? Whatever that link is should be on that page too, regardless of CF version.
  • 49 Danny // Mar 26, 2013 at 5:06 PM
    My solution to get pushed security updates for CF is to use https://ifttt.com/ along with yahoo pipes and the rss feed url of this blog.

    Anyone know of a simpler solution? It shouldn't be this hard.
  • 50 Tom Chiverton // Mar 27, 2013 at 1:57 AM
    @Danny I can't recommend HackMyCf enough. Even on CF10, where the auto update mechanism sometimes breaks, it's important to have this as a backup.
  • 51 Ian Winter // Apr 16, 2013 at 3:48 AM
    What's the secret on MacOS 10.8.3 to actually get it to run with 1.7 then? I've got java -version reporting as 1.7, I'd edited the shell file coldfusion9 to have the 1.7 JDK paths, the CurrentJDK symlink is updated but CF refuses to run with 1.7. Any clues?
  • 52 Ian Winter // Apr 16, 2013 at 3:49 AM
    Sorry, should have added it's a fully patched 9.0.2 install.
  • 53 Ron Stewart // Apr 16, 2013 at 4:11 AM
    @Ian: see comments 14, 16, 27, 40, and probably most importantly 41, above. A couple of us pointed out that it just doesn't work. Rakshith from Adobe noted that CF9 is not considered to be supported on OSX 10.7 or 10.8, which is another way of saying they aren't going to fix it.
  • 54 Brian // Apr 17, 2013 at 10:54 AM
    Running CF10 Enterprise with the latest update 8 and upgrading to JDK 7 leaves serious problems with XML objects and XMLSearch. Users of frameworks like Coldspring, Model-Glue and Transfer should be very wary of upgrading their applications.

    I was experiencing crazy, crazy issues where valid nodes in a persistent-scope XML object would suddenly no longer be found.

    Downgrading to 1.6 u43 has resolved those issues for me. Because the issue was sporadic (but happened regularly), I was not able to create a simple test case. But, downgrading has eliminated all of the errors for me.

    Here's some notes from my thread:

    https://groups.google.com/forum/?fromgroups=#!topic/transfer-dev/82Nx3lbNEyE
  • 55 Rakshith Naresh // Apr 19, 2013 at 7:05 AM
    Brian, can you log a bug for the issue you are facing?
  • 56 Brian // Apr 22, 2013 at 12:23 PM
    Rakshith - will do.
  • 57 Brian // Apr 22, 2013 at 12:52 PM
    Rakshith - posted as #3546959 - https://bugbase.adobe.com/index.cfm?event=bug&id=3546959
  • 58 Trend Duvar Ka??tlar? // Jan 8, 2014 at 2:09 AM
    Oh! Wonderful post. Really this site is very helpful for all. I got few important helps from here and highly recommended it. Surely I will know my relatives and relevant competitors concerning this blog and will wait for more. Thanks a lot
    <a href="http://trendduvarkagitlari.com/">Trend Duvar Ka??tlar?</a>
    <a href="http://trendduvarkagitlari.com/baskiduvarkagitlari.html">Bask? Duvar Ka??tlar?</a>
    <a href="http://trendduvarkagitlari.com/iletisim.html">Ankara Duvar Ka??tlar?</a>
    <a href="http://telsat.com.tr">telsat </a>

Leave a Comment

Leave this field empty:

Blue Mango Theme Design By Mark Aplet

Super Powered by Mango Blog