Skip to main content
S
Community Manager
Saurav_GhoshCommunity Manager
Community Manager
March 17, 2020
Question

ColdFusion (2018 release) Update 8 and ColdFusion (2016 release) Update 14 released

  • March 17, 2020
  • 1 reply
  • 2691 views

We are pleased to announce that we have released the updates for the following ColdFusion versions:

 

The following are links to the tech notes for each update:

 

These updates fix security vulnerabilities that are mentioned in the security bulletin,  APSB20-16.

 

The Docker images for these updates are also available.

 

Please update your ColdFusion versions today. Let us know if you face any issues while installing the updates. Your feedback is essential to further enhancing the product.

 

We thank you for your continuing support.

This topic has been closed for replies.

1 reply

A
adamr46364221
Known Participant
March 26, 2020

was unable to get this update to work on either my production server (win 2018 server, Apache 2.4) or my development box (win 10 pro, Apache 2.4).  I followed the suggestions from Charlie Arehart's blog: https://www.carehart.org/blog/client/index.cfm/2020/3/20/how_and_why_sites_may_break_after_Mar_2020_CF_updates but couldn't make it work.  The service wouldn't start no matter what I tried.  The windows system log reported: 
The ColdFusion 2018 Application Server service terminated with the following service-specific error:
The system cannot find the file specified.

 

Not a very helpful message since I have no idea which file is missing.

 

I'm thinking that this problem is specific to the combination of Windows and Apache.

Any suggestions are appreciated.

Charlie Arehart
Community Expert
Charlie ArehartCommunity Expert
Community Expert
March 27, 2020

I don't think so, to your last point.

 

Regarding cf not starting, please go to the cfusion/bin folder and use the cf start.bat script there. Tell us what errors appear there. 

/Charlie (troubleshooter, carehart. org)
A
adamr46364221
Known Participant
March 27, 2020

OK, trying again: 

After installing update 8 and upgrading the connector (but nothing else), the CF service is still running. 
Pages report: 503 Service Unavailable

Unlike the two prior times I installed CF from scratch and applied the updates, the service will restart, but still get a 503 error

 

Tried adding allowedRequestAttributesPattern="*" to server.xml file as suggested like this:

 <Connector connectionTimeout="60000" maxThreads="500" packetSize="65535" port="8018" protocol="AJP/1.3" redirectPort="8451" secret="3AE375DE-1E15-40CD-84EF-C83F3BA6C687" tomcatAuthentication="false" allowedRequestAttributesPattern="*"/>

Still get 503 error

 

workers.properties looks like this:

heartbeat_interval=30
heartbeat_limit=90

#Start of workers.properties associated with 'cfusion'
worker.list=cfusion

worker.cfusion.type=ajp13
worker.cfusion.host=localhost
worker.cfusion.port=8018
worker.cfusion.connection_pool_timeout=60
worker.cfusion.monitoringsecret=59778e3f-a238-467f-8bb6-f98efa405ce1
worker.cfusion.secret=3AE375DE-1E15-40CD-84EF-C83F3BA6C687
#End of workers.properties associated with 'cfusion'

 

My hosts file is stock (everything is commented out), so that's unlikely to be the problem.

 

Tried removing the web connector and recreating.  No joy either.

In the coldfusion-error.log I found:

INFO: Starting ProtocolHandler ["ajp-nio-127.0.0.1-8018"]

 

Tried changing this in workers.properties:

worker.cfusion.host=localhost to worker.cfusion.host=127.0.0.1  -- didn't help

 

Stumped.

 

 

 

 

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices