Skip to main content
H
harshp_0559
Participating Frequently
December 13, 2024
Answered

Adobe Coldfusion Update (Security Issue)

  • December 13, 2024
  • 1 reply
  • 6165 views

Hello CF Community,

 

I have an application that i am supporting where i need to apply the latest patch to the CF server. Curently we are running 2021 and the servers are patched till update 9. 

 

My team specifiacally does not have experience with applying the latest patch. So my question is can i install the latest update which is 17 right now directly or do i need to do incremental updates? 

 

When checking from CF admin on the servers it can not find the latest update when i click on check for updates. so we will be doing it manually. What files are needed for manual installation of the update.

Since we will be doing a manual update can you guys help with any SOPs that might be helpful or list out steps for doing this with info much as possible. Also please let me know if i need to check anything prior.

 

Thanks in advance.

This topic has been closed for replies.
Correct answer BKBK

@BKBK 

 

I have attached the full log of what i see since i applied the update. but closest error i see to felix is below:

Error [main] - Unable to install felixclassloader package: org.apache.http.client.ClientProtocolException: URI does not specify a valid host name: file:///D:/coldFusion2021/bundles/felixclassloader-2021.0.02.328618.jar

 

In my bundles folder i only see felixclassloader-2021.0.0.323925.jar which i got from the latest files on the Adobe updates page. 

 

I also checked my Java version which is 11.0.11+9-LTS-194. Should this be updated? we are using the one that ships with CF by default. 


@harshp_0559 ,

Are you looking for a possible solution to the problem of packages not being installed on ColdFusion 2021? Then read on.

 

It would be handy to update Java to the most recent version, namely, Java SE 11.0.22 (LTS). But I think that this can wait till later. I say this because I think the Java version is not the cause of the current problems.

 

I think @Dave Watts puts his finger on the root cause. Namely, your ColdFusion 2021 installation does not have access to the current packages, such as felixclassloader-2021.0.02.328618.jar.

 

There is a possible source of confusion, which can cause such issues: the URL https://www.adobe.com/go/coldfusion-updates. ColdFusion 2021 uses this URL in neo_updates.xml and in other settings. The trouble is, ColdFusion has since been upgraded to ColdFusion 2023, and ColdFusion 2023 uses the same URL Hence using the URL on ColdFusion 2021 will cause a mix-up.

 

In any case, there is one way to correct the packages issue. It consists of downloading all the current ColdFusion 2021 packages yourself. To do so, proceed as follows:

  1.  Stop ColdFusion.
  2.  Delete the Felix cache using either of the two ways previously described in this thread.
  3.  Check to make sure the directory D:/ColdFusion2021/bundles/ exists. If it does, then back it up by moving it, with all its contents intact, to a location outside ColdFusion. Then ensure that D:/ColdFusion2021/bundles/ is empty.

    If the directory doesn't exist to start with, then that is already an issue. In that case, create the directory.
  4.  Check the firewall rules and ensure that ColdFusion has full access to D:/ColdFusion2021/bundles/.
  5.  Open the Command Prompt (cmd) as Administrator;
  6.  Use the DOS cd command to navigate to  {CF2021_HOME_DIR}/cfusion/bin;
  7.  Type cfpm and press ENTER. You should get ColdFusion's package manager prompt cfpm;
  8.  Now use the downloadrepo command to download the packages repository. To do so, type downloadrepo D:\ColdFusion2021\bundles and press ENTER. It may take up to half an hour for the download to complete. So be patient. The cfpm cursor will reappear when the download is complete.
  9.  Verify that the directory D:/ColdFusion2021/bundles indeed contains the downloaded packages.
  10.  Edit /lib/neo-updates.xml and make sure it contains the following:

 

<packagesurl>file:///D:/ColdFusion2021/bundles/bundlesdependency.json</packagesurl>
<defaultpackagesurl>file:///D:/ColdFusion2021/bundles/bundlesdependency.json</defaultpackagesurl>

 

11.  Restart ColdFusion 2021.
12.  Check whether ColdFusion 2021 now works as expected.

 



1 reply

A
Community Manager
AbhishekJhaCommunity Manager
Community Manager
December 13, 2024

@harshp_0559 All the updates are cumulative, so you can install the latest one.

Please see this article for detailed steps: https://coldfusion.adobe.com/2024/09/a-simple-way-to-install-coldfusion-updates-manually-in-offline-mode/

 

In case you need help, please send an email to cf.install@adobe.com

 

Thanks,

Abhishek

    H
    harshp_0559Author
    Participating Frequently
    December 16, 2024

    Hey Abhishek,

     

    After the update my aplication is throwing the below error:

     

     


    Cannot find implementation class coldfusion.tagext.mail.MailTag for the mail tag.

     

     

     

    struct

    ClassNamecoldfusion.tagext.mail.MailTag
    Column-1
    Detail[empty string]
    KnownColumn-1
    KnownLine-1
    KnownText&lt;unknown&gt;
    Line-1
    MessageCannot find implementation class coldfusion.tagext.mail.MailTag for the mail tag.

     

     And the second error is 

     

    The following information is meant for the website developer for debugging purposes.
    Error Occurred While Processing Request

    Object Instantiation Exception.

    Class not found: coldfusion.print.PrinterInfo
    H
    harshp_0559Author
    Participating Frequently
    December 16, 2024

    Also the Collections section on the CF admin does not load any more says the search component is not installed. i checked the packages and its showing under the section with the latest version.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices