CF is trying to install felixclassloader-2021.0.02.328618.jar but only has felixclassloader-2021.0.0.323925.jar downloaded. So I don't think that's going to work out very well. Here are some things you can do. First, open a bug ticket at https://tracker.adobe.com/. Second, if you need to install felix-cache right now, edit your JSON file to point to the version you have in your bundles folder. I think that should work, although I haven't tried it. You'd have to use a local copy of it of course.   I don't think your version of Java is going to make a difference here. This is just a version mismatch in the JSON file. I'm not sure what's causing the mismatch, but it's not a Java problem.   ... View more

You are almost certainly not using JASPIC/Jakarta Authentication. As for whether you're using Tomcat as a front end, I would interpret front end as "web server". So, if you're using Apache HTTPD or IIS as your web server, I'd say you're not using Tomcat as a front end.   It might be possible for you to exclude Tomcat from security scans by careful firewall setup, blocking external access to Tomcat entirely.   ... View more

I don't think changing the default ScriptSrc directory value also changes the physical location of the installed files. I think it changed the attribute CF puts in your code. You have to make sure that your web server exposes the new physical location corresponding to the new attribute value so the browser can reach them.   ... View more

Yeah, that's definitely an error with the Adobe site specifically. It looks like there are two redirects:   https://www.adobe.com/go/coldfusion-packages  redirects to https://cfmodules.adobe.com/cf2023/bundlesdependency.json   https://cfmodules.adobe.com/cf2023/bundlesdependency.json redirects to https://cfmodules.adobe.com/bundlesdependency.json   I've seen cases where too many redirects will break some user agents. Maybe that's what's happening here.   ... View more

I would probably not worry about this too much. CF doesn't really interact that much with Windows, or that differently between Windows versions. I recommend you try this on a Windows Server 2022 VM and see exactly what happens there. If it behaves the same way, create a bug ticket at the Adobe bug tracker (https://tracker.adobe.com/). Beyond that, I'd probably just keep running it as you are now.   ... View more

I just noticed you specified "connection reset" as the error, too. That typically means the client (CF) isn't able to validate the certificate, usually because it or one of the certificates in the validation chain has expired. I'm not sure if CF does anything in that case to fix the problem, but if it can't get there and you can (from the console using wget or curl and a non-root user), that's what I'd look for.   ... View more

Normally, this indicates a network error of some sort rather than a CF-specific problem. Can you use wget or curl while logged into the shell (not as root) to go to the packages repository? If not, you or your network administrator may have blocked direct access. Can you see if there's a proxy server being used? CF won't know about that in some cases. In the short term, you can download the packages manually, then point CF to the internal location instead of the default one.   If this just happened immediately after a CF update, look for update-specific issues or bugs. You might be able to do that at the official Adobe bug tracker (https://tracker.adobe.com/). You should tell us if that's the case, too.   ... View more

First, select CF 2021 from the dropdown at the top, if you haven't already. Then, download the appropriate version for your operating system. I recommend the trial version, since that's a time-limited Enterprise version if I recall. Unfortunately, you can't do that from here! Adobe provides a link but I'd go to CFML Repo (https://www.cfmlrepo.com I think) where you don't need a serial number to download anything. You'll still need a valid serial number to install anything except the trial version.   As for the other components, download them if you think you'll need them. The add-on server is responsible for Apache Solr search functionality and PDF generation, I think. The performance monitor ... monitors performance. You probably won't need that at first. I think the same is true for most (all?) of the other components here.   ... View more

Right at the top, there's a section that points you to two CF update pages. You'll need to use the appropriate update for your CF version. That'll fix your immediate problem.   Out of curiosity, how did you find this KB article? The relevant updates have been listed since 21 December 2021. That's a long time ago. Updates listed on Log4j vulnerability KB article                       ... View more

The "log_level= info" line is going to capture everything. Great for debugging, not so great for daily operation. Set it to something lower. Also, set up the log rotation @Charlie Arehart recommended, it's a best practice on a production server.   In general, people having "CF" problems should search for their other platform components to see if there's anything they can do. In this case, your other components are Tomcat and IIS and maybe even Windows itself.     ... View more

Ugh. The file you're interested in is something like C:\ColdFusion2021\cfusion\lib\adobe_drivers.jar. (Actually, of course, it's somewhere within that jar, like macromedia/jdbc/oracle.properties or macromedia/jdbc/OracleDriver.class.) Unfortunately, this is a DataDirect driver as you know, and it doesn't contain the relevant version info in a MANIFEST.mf file - I think that's where it would have to go. I'm not entirely sure whether you can just download something from Progress to fix it. You could try in a test environment, but you'd still have to guess at the version you're using.   I recommend that you open a ticket at https://tracker.adobe.com/ asking (a) can Adobe fix this problem and if so when, (b) what version of the driver you're actually using, and (c) can you download something from Progress that will fix this problem. I'm pretty sure that the Adobe version is one or two versions behind the latest Progress version. I'm sorry I can't give you a more definitive answer. Maybe one of the other contributors can. Adobe might be able to provide a personal bugfix for you and maybe anyone else with the same problem.   Alternatively, you could try Oracle's own JDBC driver instead. I think it's free, but it'll come with its own problems I'm sure.   ... View more

You should be able use any compatible (recent?) JVM to run the CF uninstaller. Just set the JAVA_HOME environment variable to its location. Remove the web server connectors using wsconfig first.   That said, CF is very loosely tied to the OS. You can remove it by deleting the connector with wsconfig, deleting the CF directory itself, and optionally deleting the relevant registry keys. You should be able to find detailed instructions by searching for "ColdFusion manual uninstall".   ... View more

Please mark your own answer as correct. Thanks!   ... View more

Yeah, @BKBK 's concern is valid. What's more, that's kind of a big deal to have an error like that. I recommend you hire someone to review your authentication code process in greater detail than most of us are willing to do for free.   ... View more

You probably need to find a JDBC 4 driver that your database supports. That may be a problem, since your database is so old. Of course, I barely know how to spell Sybase. With Microsoft SQL Server, there are two authentication modes: "native" SQL logins and Windows authentication. I doubt the same is true for Sybase, but you should look into the authentication options there.   I have a lot of trouble recommending you upgrade your database, especially in a rush to solve your immediate problem. Can you set all this up in a test environment first?   ... View more

I agree with @Charlie Arehart here. Get the latest driver that your database supports! You might be able to find an open-source version if you can't use Sybase's own driver. I seem to recall a jTDS version being available.   ... View more

Can you show the generated value for dailyStatus?   ... View more

How frequently do users log in, in your application?   That aside, you should probably just filter your log to hide these. It's a good idea to keep them - they're definitely worth logging - but you should be able to view the log without having to see them each time.   ... View more

I'd definitely try that    ... View more

... or, read @Charlie Arehart 's reply from about three hours ago, where he provides a public link to the Windows installer for CF report builder.   ... View more

Normally, you can find CF downloads at CFMLRepo:   https://www.cfmlrepo.com   However, I couldn't find any version of the CF report builder there, and I can't reach Gavin Picken (@gpicken) via PM on Twitter. Maybe @Charlie Arehart knows his email address?   ... View more

Create and run a test page with an unscoped variable in the application, and see what happens!   ... View more

You can run it from the offline server console using a locally installed browser or wget/curl etc. The URL will look like this:   http://localhost:{listening number for instance}/generate_request.cfm   Usually, the listening port for the built-in CF web server will be 8500, I think.   ... View more

As far as I know, there aren't any true memory leaks in CF because CF is built in Java, which doesn't allow you to introduce memory leaks. And you partially answer your own question by pointing out how many old gen objects you have on the Java heap. Changing GC settings isn't going to do anything about old gen objects, because they're not garbage. So to ultimately solve your problem, you have to figure out how to reduce the number of old gen objects, or accommodate your environment to handle larger numbers of them.   To that end, I'm going to echo @BKBK and @Charlie Arehart and probably a bunch of others in asking you to block bots, which can easily create a lot of long-lived Java objects as part of the Session scope. This may fix your problem, but even if it doesn't, it should help you narrow the search.   ... View more

I think the names without spaces should be fine. I have no idea why HTTPS would be used here unless you specifically configured it to be used. Maybe, after you've changed the names and retested and things still don't work, look into that more.   ... View more

I agree, and the second one was why I asked what the instance names were. I should probably look that up for the next time.   ... View more

Does naming the cluster and the instance same matters ??   No, they're not really the same, but if you prefer naming the cluster something else, this is a great chance to do it!   ... View more

I honestly don't know what the naming requirements are, but I'd replace the spaces with underscores and see if that fixes your problem.   ... View more

ColdFusion is a J2EE application, so it needs Java to run. I recommend just downloading and installing the version of Java that @RaviShankar Chagnur pointed out. It's an Oracle JDK, and it's compatible with ColdFusion 11. By the way, CF 11 is REALLY OLD now, and is vulnerable to all sorts of bad things, so you might consider upgrading that in the future.   ... View more

I am new to this, I have setup clusters and two instances in each cluster. one instance is up and running and the sites are also working fine. i am on window server and using IIS. sending traffic from cloudfront to the server ( http bindings) when i start the second instance in the cluster i am getting errors and the site is not available, when i check the log file i see these errors ...   What steps did you follow to set up the second cluster instance? What are the cluster member names?   ... View more