Are the ColdFusion2023 updates supposed to update java as well?

Forum|Forum|1 year ago
September 27, 2024
1 reply
1342 views

Hi,
After I upgraded ColdFusion 2023 to the latest version (build 10), the version of Java located in the "jre" folder under the "ColdFusion2023" directory was still just "17.0.6". It looks like Java version is supposed to be at version "17.0.10". Are the updates supposed to upgrade Java as well, or do I need to update them separately?
Thanks!

This topic has been closed for replies.

Correct answer Charlie Arehart

Bill: no, the CF updates do not update the Java underlying CF. Only new CF installers do that. And while there has been one for CF 2023 which came out in Oct 2023, offering update 5 pre-installed, sadly it did NOT update the Java version--it remains 17.0.6 as was offered with the original installer. (I've updated that last sentence since my original answer here minutes ago, as I confirmed that 17.0.6 was indeed what was implemented in both the original May 2023 installer and the new one from Oct 2023.)

And yes, that means you need to update the Java underlying CF yourself. That can be simple on the surface, though you do need to be careful about it. I have more on the topic, including steps and links to resources with still more, here: https://www.carehart.org/cfupdate/#java

Charlie Arehart

Correct answer

Community Expert

Bill: no, the CF updates do not update the Java underlying CF. Only new CF installers do that. And while there has been one for CF 2023 which came out in Oct 2023, offering update 5 pre-installed, sadly it did NOT update the Java version--it remains 17.0.6 as was offered with the original installer. (I've updated that last sentence since my original answer here minutes ago, as I confirmed that 17.0.6 was indeed what was implemented in both the original May 2023 installer and the new one from Oct 2023.)

And yes, that means you need to update the Java underlying CF yourself. That can be simple on the surface, though you do need to be careful about it. I have more on the topic, including steps and links to resources with still more, here: https://www.carehart.org/cfupdate/#java

/Charlie (troubleshooter, carehart. org)

B

BILL314613570ssyAuthor

Participating Frequently

very interesting and thanks! Although the video explaintion on how to upgrade Java may be a problem for me. It seems like it will leave the old version of Java at D:\ColdFusion\jre. I believe our scanners will still find this old version of Java and declare it as a vulnerability.
Do you think I could do this instead?
1) stop ColdFusion service(s)
2) delete the "jre" folder under D:\ColdFusion2023 (or temporaliy rename 'jre' to 'jre_bak')
3) extract the lastest Java version (17.0.10) found at cfdownload.adobe.com/pub/adobe/coldfusion/java/java17/java17012/jdk-17.0.12_windows-x64_bin.zip to D:\ColdFusion2023\jre directory
4) Restart the server

and test everything? Thanks for any assistance you may be able to proved! 🙂

Charlie Arehart

Community Expert

You could. Just understand that:

Your scanners will still find the renamed folder, so you'll want to delete that if it's a concern
If you do that, you will lose the ability to easily revert to the original jre. But if you're comfortable taking responsibility for all this, you can find the 17.0.6 version at oracle, via links I offer in my resources
Otherwise I'd propose you wait a few days before deleting the renamed folder

/Charlie (troubleshooter, carehart. org)

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded