Skip to main content
T
TuesdayM
Participating Frequently
July 9, 2025
Answered

!! AGAIN !! CF security update APSB25-69 emptying pathfilter.json

  • July 9, 2025
  • 3 replies
  • 662 views

After applying latest security update the file pathfilter.json is totaly empty!
Result: logfiles defined in scheduled tasks cannot be written.
The message is:

"Warning","main","07/09/25","08:55:31","","The specified path: D:/ScheduleLogs/solr_index_documentatie_website_DEV.html is not allowed for scheduled tasks.
To allow it, whitelist the path in cf-root/lib/pathfilter.json against key schedulerexecutionpaths. "
IMHO: Totaly disappointing and unacceptable

    Correct answer Charlie Arehart

    While I can confirm the problem Tuesday has observed, and I appreciate the workaround Megha has offered, that is not the correct long-term solution for this.

     

    First though, to be clear, it's not that the pathfilter.json is ""totaly empty" but rather reset to its properties having empty values. But either way, the consequence is that after the update any existing scheduled tasks (or system probes) which "publish"/save output to a file are REMOVED on the startup which happens after the update. (And those are NOT so easily recovered, as the single neo-cron.bak is soon overwritten.) 

     

    And while the technote for this update and the previous one do warn folks (in a "known issue" bullet) to backup the neo-cron.xml before doing the update, many will miss that step and lose their tasks--with the frustration Tuesday here has shared, specifically when they DID modify the pathfilter.json, intending to PREVENT this loss of tasks. 

     

    The correct solution is that the update simply should NOT overwrite the pathfilter.json if it exists. Megha, it's not clear if you're saying you all acknowledge this and plan to change it. Sadly, even if it's fixed in some later update, this problem will bite people for weeks or even months to come, until then. 

     

    (One more thing: if a future need to replace the file is because of a need to change the layout of the file--such as to add a new path setting, there should instead be a mechanism buiit into the update to fold the current values of any existing file into that new format.)

     

    Megha, let us know if a bug report or feature request needs to be filed to get the update to NOT overwrite the file, if present. 

    3 replies

    P
    paule12345
    Inspiring
    August 29, 2025

    Updated CF2023 from U14 to U15 today and can report an improvement in the scheduled tasks upgrade handling.  The pathfilter.json entries that write to output file were not deleted, instead they are now highlighted in red in the Scheduled Tasks admin page.  I updated the pathfilter.json with my allowed paths, restarted CF and all is well. 

    P
    paule12345
    Inspiring
    August 29, 2025

    Since this awful forum software won't let me edit my own posts, a correction to the above:

    The Scheduled Task entries that write to output file were not deleted, instead they are now highlighted in red in the Scheduled Tasks admin page. 

     

    A
    arunr55098589
    Participant
    July 11, 2025

    Path is case sensitive. 

    M
    Adobe Employee
    megha1997
    Adobe Employee
    July 9, 2025

    @TuesdayM Once the update is installed, backup of your pathfilter.json file will be placed here <cf_instance>\hf-updates\hf-2025-00003-331507\backup\lib

    For now, you could pick the file from backup and place it in lib and restart ColdFusion server

    Charlie Arehart
    Community Expert
    Charlie ArehartCommunity ExpertCorrect answer
    Community Expert
    July 9, 2025

    While I can confirm the problem Tuesday has observed, and I appreciate the workaround Megha has offered, that is not the correct long-term solution for this.

     

    First though, to be clear, it's not that the pathfilter.json is ""totaly empty" but rather reset to its properties having empty values. But either way, the consequence is that after the update any existing scheduled tasks (or system probes) which "publish"/save output to a file are REMOVED on the startup which happens after the update. (And those are NOT so easily recovered, as the single neo-cron.bak is soon overwritten.) 

     

    And while the technote for this update and the previous one do warn folks (in a "known issue" bullet) to backup the neo-cron.xml before doing the update, many will miss that step and lose their tasks--with the frustration Tuesday here has shared, specifically when they DID modify the pathfilter.json, intending to PREVENT this loss of tasks. 

     

    The correct solution is that the update simply should NOT overwrite the pathfilter.json if it exists. Megha, it's not clear if you're saying you all acknowledge this and plan to change it. Sadly, even if it's fixed in some later update, this problem will bite people for weeks or even months to come, until then. 

     

    (One more thing: if a future need to replace the file is because of a need to change the layout of the file--such as to add a new path setting, there should instead be a mechanism buiit into the update to fold the current values of any existing file into that new format.)

     

    Megha, let us know if a bug report or feature request needs to be filed to get the update to NOT overwrite the file, if present. 

    /Charlie (troubleshooter, carehart. org)
      T
      TuesdayMAuthor
      Participating Frequently
      July 9, 2025

      Hi Megha - thanks for your quick reply and workaround - we already replaced the file with a backup.
      *
      Thanks a lot Charlie for your elborate reply. You are right: the correct solution is that the update simply should NOT overwrite the pathfilter.json if it exists. BTW: the issue came up already in the previous CF 2023 update. Hopefully Adobe will fix this issue. Kind regards.

      Terms & ConditionsAccessibility statement
      Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices