New updates for ColdFusion 9, 9,0.1, 9.0.2 and 10 - Java 7 now supported
Security | Adobe ColdFusion | Announcements | Rapid Application Development | web application | web application development | web application security | web programming
[Update: All the technotes ( for CF10, CF9, CF9.0.1 and CF9.0.2) now have an update section to reflect the change that was made. The refreshed CHFs for ColdFusion 9 and the refreshed ColdFusion 10 update 8 contains a fix for the an issue in Google Maps. New CHFs have been released for CF9 and CF9.0.1 - Read the related post here]
The new cumulative hotfix for ColdFusion 9.0, 9.0.1, 9.0.2 includes support for Google Maps JavaScript API v3 and JDK 1.7 Update 15.These Cumulative Hotfixes consists of previously released cumulative hotfixes and security updates.
Details of cumulative hotfixes are here - 9.0, 9.0.1, 9.0.2
ColdFusion 10 Update 8 includes support for Google Maps JavaScript API v3, Mac OS X Mountain Lion 10.8 and JDK 1.7 Update 15. It includes all the bug fixes from previous updates of ColdFusion 10.
You apply this update using the update mechanism within ColdFusion 10 Administrator.
For more details about the update, refer the link here.
57 comments so far ↓
http://helpx.adobe.com/coldfusion/kb/hot-fixes-coldfusion-9.html
Uncaught ReferenceError: GClientGeocoder is not defined cfmap.js line 171
In the meantime I've downgraded.
@Bob: For a J2EE deployment, you will have to install the update from the command prompt. There is a great blog entry from one of our engineers who addresses this. Here's the link for the blog post. http://blogs.coldfusion.com/post.cfm/coldfusion-hotfix-installation-guide Scroll to the solution for the question posed in the entry that goes like this "How to apply the Hotfix in case of ColdFusion deployment to App Server/JEE Server?"
@Ben: This looks like an issue. Can you please log a bug for this? http://bugbase.adobe.com
@Shigemii: Yes. You will have to move those jars out. The instructions will be updated to mention that point. Thanks!
@Rick: Great to hear this! Thanks!
http://www.adobe.com/support/coldfusion/downloads_updates.html
@Carl: Yes, the page will be updated
I am unable to convince ACF9 to use the installed Java 7 JRE. I have tried to point ACF at the Java 7 JRE through the CF Administrator UI, by manually editing ../runtime/bin/jvm.config to point to the Java 7 JRE, and by setting and exporting environment variable JAVA_HOME before starting ACF9 from the command-line. In all cases, the "Settings Summary" within the CF Administrator continues to list the Apple Java 6 JRE installed in /System/Library/Java/JavaVirtualMachines/1.6.0.jdk as the JRE in use. If I have the ../runtime/bin/jvm.config specify java.home=/Library/Java/JavaVirtualMachines/jdk1.7.0_15/Contents/Home, that path shows on the "Java and JVM" settings page within the CF Administrator but the "Settings Summary" continues to list the Apple Java 6 JRE as what is in use.
So with all of that, it appears that I am unable to tell ACF9 to use a different JRE. The behavior leads me to believe that the java.home setting in jvm.config is ignored for ACF9 on Mac OS X.
I can confirm the same. I cannot get ACF 9.0.1 with CHF3 on OS X 10.7.5 to start with Oracle Java 1.7.0_15. Stepped through the same things. Also changed JAVA_HOME in {cf_install}/bin/coldfusion to point to Java 7. The {cf_install}/bin/coldfusion is just a wrapper for {cf_install}/runtime/bin/coldfusion9.
My best guess is that {cf_install}/runtime/bin/coldfusion9 is hardwired to use the Apple installed JVM (probably ALL the executables in that directory are) since there is a string contained inside the executable referencing /System/Library/Frameworks/JavaVM.framework/Versions/A/JavaVM
Seems like CFIDE/scripts/ajax/package/cfmap.js was updated on 02-28-13 19:51.
You beat me to it. Software, once released to the public, *especially* if it's a patch, mustn't be changed with out updating something somewhere to say it's a newer version ! You jumped to the conclusion Adobe changed something silently, but more security concious people would think someone else could have changed it...
@Rakshith
So some CF9.0.1 servers will report CHF3 and mean CHF3.0, while some will report CHF3 and mean CHF3.1 ? How on earth are we (and services like HackMyCf) meant to keep track of things ? If you don't update the release notes (or, better, make a follow up release with a different number) and make a public announcement, how do we make sure we're even aware there is a 'bad' version of the files and we need to reapply the fix ?
This is not how software costing upwards of £5k should be managed... it feels like you are scrambling around hacking at stuff, tbh, though I know that's not what is happening it's the impression we're seeing...
If the answer to this is 'CF10 does it for you', the same problem applies. If you just update the patch file on the server some servers will have applied it before you changed and some not. No having CF10 compare checksums for every patch ever released every time it checks for updates wont scale either.
Honestly- package management is a solved problem; more so if you only have a simple ordered list of dependencies like CF updates. How can you guys get this wrong ?
Thanks for clarifying. It sounds to me like there is no point applying CHF3 to CF9.0.1 right now, because at some point in the near future we'll have to do it again ? And there is something wrong with CHF3 (well, I know there is, see bug up thread :-) ) so applying it to a fresh server isn't a good plan ?
Likewise, no point continuing to test the CHF on staging machines because it'll all have to be redone.
But if it's not a recommended update, it shouldn't be in the files linked to from the recommended CHF download page though - there are other ways for you guys to get files to people who need to try stuff out ahead of a public release !
You can't be meaning that anyone running the updated CHF3 files (as opposed to the original CHF3 files) is now running in a non-recomended way ?
I will make a post clarifying regarding the new CHFs that will be released.
So what's the difference between them then ? If we're 'good' with either the first or second CHF3 release, why was it even updated ?
What you are saying makes no sense to me. Just based upon the changing of cfmap.js between Feb 27 and March 1 means that if any one applied the CHFs prior to March 1 they will probably get the error noted in Comment #4.
I still have not heard a response regarding my question in Comment #1 dealing with rollup of hf900-81860 into CHF2 for CF 9.0.0.
I am also assuming that the update will include fix to Bug ID 3508592, Comment #9
And finally Java 7 support on OS X absolutely doesn't work. Nothing I have done has been able to get CF to start with Oracle Java 7 instead of Apple Java 6. Tried a clean install of CF 9.0.2 with CHF 1 as well. same result as CF 9.0.1 w/CHF 3 on OSX 1.7.5. Comments 15 & 16
So no matter what there are multiple outstanding bugs which would require applying a NEW set of CHFs for appropriate version of CF 9 installed.
"Just based upon the changing of cfmap.js between Feb 27 and March 1 means that if any one applied the CHFs prior to March 1 they will probably get the error noted in Comment #4."
Yes, that is correct. But there are more issues that have been noticed that were not a part of the CHF. We are fixing all of it with a new CHF.
I will have one of engineers respond to your question in comment #1.
We will provide a fix for all the issues reported in the new CHF.
I really think you should consider, if you haven't already, pulling the hot fix... it seems to raise as many new issues as it solves.
JVM 1.7.x support isn't critical until someone finds a bug or security problem in 1.6.x that Oracle don't fix. But then, of course, it'll become 'right now' critical...
Just another followup question given the cfmap.js issue in the CHFs for 9. Did Adobe also "sliently" update Update 8 for CF 10?
I and I'm sure most people here very much appreciate your attentiveness and quick answers to the community. Because of this we quickly understand what is going on with this hot fix and have open communication with the product team.
That said, please do what you can to make sure this "silent update" does not happen again. I would much rather have back to back updates even 3 or 4 in the same couple days than a silently amended update. Additionally I suggest re-evaluating testing procedures before an update goes out. It is so common now that coldfusion updates contain critical issues that I will wait for community feedback before accepting an update.
Thanks,
~ Ben
So.....all of this being said, is my summary correct in that we are waiting for hotfix 4 for 9.0.1? And this can be applied over hotfix 3 for 9.0.1 (on those development and test servers I have already applied HF 3 to)?
Thank you...The way in which I need to proceed makes perfect sense...finally. ;-)
Just want to make sure I completely understand what has been updated at the top of the technotes regarding ColdFusion 9.0.x, OS X, and Java 7 support. They all have a block that reads similar to:
"JDK 1.7 is only supported on Mac OS X 10.7 and above. Refer this article for more details. As ColdFusion 9.0.2 does not support Mac OS X 10.7 (refer Support Matrix), Cumulative Hotfix 1 does not certify ColdFusion 9.0.2 with JDK 1.7 on Mac OS X."
1) ColdFusion 9.0.x when installed as standalone or multiserver on OS X 10.7 or 10.8, Java 7 will never be supported in that configuration.
or
2) At some later point ColdFusion 9.0.x through CHF or other type of update will support Java 7 on OS X 10.7 and 10.8
If #1 is true, then the only way to have ColdFusion 9.0.x run with Java 7 on OS X is to have it installed as a WAR inside another JEE container/server (Tomcat, JBoss, etc).
I would then suggest that the support matrix (http://www.adobe.com/products/coldfusion/pdfs/cf9_support_matrix_4_ue.pdf) should be updated to clearly indicate that both Windows 7 and Windows Server 2008 R2 are both supported since they currently are not listed, along with the versions of Java supported per platform.
Many people rely on that page, and have been hacked due to the updates not being listed there, not everyone reads this blog.
How would one subscribe to alerts for these hotfixes, delivered via email? Whatever that link is should be on that page too, regardless of CF version.
Anyone know of a simpler solution? It shouldn't be this hard.
I was experiencing crazy, crazy issues where valid nodes in a persistent-scope XML object would suddenly no longer be found.
Downgrading to 1.6 u43 has resolved those issues for me. Because the issue was sporadic (but happened regularly), I was not able to create a simple test case. But, downgrading has eliminated all of the errors for me.
Here's some notes from my thread:
https://groups.google.com/forum/?fromgroups=#!topic/transfer-dev/82Nx3lbNEyE
Leave a Comment