NOW LIVE! ColdFusion 2025, 2023, and 2021 May security updates

Sadly, yes. This is a long-time problem of the scheduled task mechanism, that it keeps only one generation of backup--and various things cause CF to rotate that, so that a problem can quickly make it that no good backup remains, unless you take one yourself (and few bother). I will note that the technote was modified some days after it came out to warn that "Before applying the update, take a backup of the neo-cron.xml file located in the <cf_root>/cfusion/lib directory." That's of course too late for you.

If you have no server backup to revert to, then you may be out of luck with no choice but to recreate the tasks. As for what their name and URL was, you can find that info in the scheduler.log (if you told CF to log tasks, which tracks the name and time) and in the http.log (which tracks ALL calls out of CF to any url, whether via cfhttp or via a scheduled task, and which tracks the url and the time).

(And if anyone may wonder if the backup folder for the update, within hf-updates, might track the neo-cron.xml file, sadly it does not. I have not ever found any of the neo*.xml files in there.)

While we're on this topic, a thought would be that some people may come to realize that it could be valuable to put the neo-cron.xml files under some sort of version control--automatically detecting and saving when the file changes. But I'll add also that the CF2023 feature called CCS (or central confuguration service) would itself track backups of changes made. Again, all too late for those bit by this updaet issue already. I don't work for Adobe and had no hand in the matter, other than trying to help people once it's happened.

I'm running into issues and had had to roll the update back/restore a snapshot. Also seing a hibernation like  error @Brian32294452d08h is dealing with that I have hard time explaining.
Will look into this with development.
org.hibernate.engine.jdbc.dialect.spi.DialectResolutionInfo not found by orm [197]

Are there any steps to take to mitigate the reason why this patch now has priority 1?

I've verified that adobe did indeed communicate this patch origionally as priority 3.
Adobe really should communicate these changes.

Brian, if you're concluding (or warning) that folks should beware of this happening upon updating, I can say it has not happened to any of the dozens of instances I've updated or helped others update this week. 

As such, whatever is amiss for you seems quite unique. And perhaps Adobe or someone else will step in with a ready explanation/fix/workaround. Until then, I'll ask some questions. First, what platform are you on? It might be helpful to hear. 

Second, you say the "updater completed without any errors". How are you measuring that? By the pop-up msg at the end? Or by the update install log within hf-updates? And did it show 0 fatalerrors and nonfatalerrors? It's possible that's where something went amiss.

Next, did you confirm there weer no new errors during the startup, as tracked in the coldfusion-out.log? Look especially during the startup which followed the update. That should show uninstallation (only) or any packages update (it never shows their "installation" after that).

Before you might report the various errors you may/will see, please do look also at the log's tracking of the startups BEFORE the update: we're only focusing on what errors are new on the startup AFTER the update. (And if you've since restarted cf and your issue remains, you could assess as well the startup logs for that. But look especially at the first startup after the update, which alone should have attempted the package updates.)

Let us know what you find. And if no other solution comes up from others, I suspect I could help you get things working (via a remote screenshare consulting session, in perhaps as little as 15 mins, even this weekend). If I can't help, you'd not pay for my time. If we found some new bug, you could report it to Adobe. Or again they may offer you direct help,.or someone else here may provide a solution. 

Thanks for sharing, Roberto. Yes, this has been a step frequently mentioned in recent cf update technotes. I was surprised to see it not in this one, and I hoped it meant that at least those coming from the April update maybe didn't need to.

Really, I just now recommend do it after every cf update, as part of good hygiene. And I recommended it in my post this week on the update. 

If nothing else, I hope Adobe will consider whether that suggestion to do it should be added to this latest update's technote.  And until then, let's hope this suggestion of yours helps others finding this post.