Skip to main content
H
harshp_0559
Participating Frequently
December 13, 2024
Answered

Adobe Coldfusion Update (Security Issue)

  • December 13, 2024
  • 1 reply
  • 6228 views

Hello CF Community,

 

I have an application that i am supporting where i need to apply the latest patch to the CF server. Curently we are running 2021 and the servers are patched till update 9. 

 

My team specifiacally does not have experience with applying the latest patch. So my question is can i install the latest update which is 17 right now directly or do i need to do incremental updates? 

 

When checking from CF admin on the servers it can not find the latest update when i click on check for updates. so we will be doing it manually. What files are needed for manual installation of the update.

Since we will be doing a manual update can you guys help with any SOPs that might be helpful or list out steps for doing this with info much as possible. Also please let me know if i need to check anything prior.

 

Thanks in advance.

This topic has been closed for replies.
Correct answer BKBK

@BKBK 

 

I have attached the full log of what i see since i applied the update. but closest error i see to felix is below:

Error [main] - Unable to install felixclassloader package: org.apache.http.client.ClientProtocolException: URI does not specify a valid host name: file:///D:/coldFusion2021/bundles/felixclassloader-2021.0.02.328618.jar

 

In my bundles folder i only see felixclassloader-2021.0.0.323925.jar which i got from the latest files on the Adobe updates page. 

 

I also checked my Java version which is 11.0.11+9-LTS-194. Should this be updated? we are using the one that ships with CF by default. 


@harshp_0559 ,

Are you looking for a possible solution to the problem of packages not being installed on ColdFusion 2021? Then read on.

 

It would be handy to update Java to the most recent version, namely, Java SE 11.0.22 (LTS). But I think that this can wait till later. I say this because I think the Java version is not the cause of the current problems.

 

I think @Dave Watts puts his finger on the root cause. Namely, your ColdFusion 2021 installation does not have access to the current packages, such as felixclassloader-2021.0.02.328618.jar.

 

There is a possible source of confusion, which can cause such issues: the URL https://www.adobe.com/go/coldfusion-updates. ColdFusion 2021 uses this URL in neo_updates.xml and in other settings. The trouble is, ColdFusion has since been upgraded to ColdFusion 2023, and ColdFusion 2023 uses the same URL Hence using the URL on ColdFusion 2021 will cause a mix-up.

 

In any case, there is one way to correct the packages issue. It consists of downloading all the current ColdFusion 2021 packages yourself. To do so, proceed as follows:

  1.  Stop ColdFusion.
  2.  Delete the Felix cache using either of the two ways previously described in this thread.
  3.  Check to make sure the directory D:/ColdFusion2021/bundles/ exists. If it does, then back it up by moving it, with all its contents intact, to a location outside ColdFusion. Then ensure that D:/ColdFusion2021/bundles/ is empty.

    If the directory doesn't exist to start with, then that is already an issue. In that case, create the directory.
  4.  Check the firewall rules and ensure that ColdFusion has full access to D:/ColdFusion2021/bundles/.
  5.  Open the Command Prompt (cmd) as Administrator;
  6.  Use the DOS cd command to navigate to  {CF2021_HOME_DIR}/cfusion/bin;
  7.  Type cfpm and press ENTER. You should get ColdFusion's package manager prompt cfpm;
  8.  Now use the downloadrepo command to download the packages repository. To do so, type downloadrepo D:\ColdFusion2021\bundles and press ENTER. It may take up to half an hour for the download to complete. So be patient. The cfpm cursor will reappear when the download is complete.
  9.  Verify that the directory D:/ColdFusion2021/bundles indeed contains the downloaded packages.
  10.  Edit /lib/neo-updates.xml and make sure it contains the following:

 

<packagesurl>file:///D:/ColdFusion2021/bundles/bundlesdependency.json</packagesurl>
<defaultpackagesurl>file:///D:/ColdFusion2021/bundles/bundlesdependency.json</defaultpackagesurl>

 

11.  Restart ColdFusion 2021.
12.  Check whether ColdFusion 2021 now works as expected.

 



1 reply

A
Community Manager
AbhishekJhaCommunity Manager
Community Manager
December 13, 2024

@harshp_0559 All the updates are cumulative, so you can install the latest one.

Please see this article for detailed steps: https://coldfusion.adobe.com/2024/09/a-simple-way-to-install-coldfusion-updates-manually-in-offline-mode/

 

In case you need help, please send an email to cf.install@adobe.com

 

Thanks,

Abhishek

    H
    harshp_0559Author
    Participating Frequently
    December 16, 2024

    Hey Abhishek,

     

    After the update my aplication is throwing the below error:

     

     


    Cannot find implementation class coldfusion.tagext.mail.MailTag for the mail tag.

     

     

     

    struct

    ClassNamecoldfusion.tagext.mail.MailTag
    Column-1
    Detail[empty string]
    KnownColumn-1
    KnownLine-1
    KnownText&lt;unknown&gt;
    Line-1
    MessageCannot find implementation class coldfusion.tagext.mail.MailTag for the mail tag.

     

     And the second error is 

     

    The following information is meant for the website developer for debugging purposes.
    Error Occurred While Processing Request

    Object Instantiation Exception.

    Class not found: coldfusion.print.PrinterInfo
    H
    harshp_0559Author
    Participating Frequently
    December 18, 2024

    Hi @harshp_0559 , the object-instantiation error makes me wonder whether some packages, such as those required for Mail and Print, are missing. I would therefore suggest that you install all the packages. At least, to start with. 

    Assuming you are on Windows, you could do the following:

    1. Open the Command Prompt (cmd) as Administrator;
    2. Use the DOS cd command to navigate to  {CF2021_HOME_DIR}/cfusion/bin;
    3. Type cfpm and press ENTER. You should get ColdFusion's package manager prompt cfpm;
    4. Run the command install all

     

    5.  Keep running the command install all till the result is either an irreversible error or ColdFusion tells you that "All the packages are already installed".

    6. If the former, then share the error message with the forum. If the later, then restart ColdFusion in the usual way, and you're set to go.


    @BKBK  Thank you for getting back.

     

    I tried the same as you suggested and got all packages are installed.

     

     

    As mentioned in https://community.adobe.com/t5/coldfusion-discussions/now-live-adobe-coldfusion-2023-and-2021-june-2024-security-updates/m-p/14691093#M198042 by Charlie i have also checked for the  Jetty/lib/ext but everything is already present in the folder as from the backup folder from the update and the backup i took of the CF folder prior to applying the update.

    But even after the restart i see the below in CF admin --> Collections section

     

    and when loading the site i see the below 

     

    struct

    Causestruct
    ClassNamecoldfusion.tagext.mail.MailTag
    Column-1
    Detail[empty string]
    KnownColumn-1
    KnownLine-1
    KnownText&lt;unknown&gt;
    Line-1
    MessageCannot find implementation class coldfusion.tagext.mail.MailTag for the mail tag.

     

    Below is what is logged in the update log:

    Summary
    -------

    Installation: Successful.

    1622 Successes
    0 Warnings
    0 NonFatalErrors
    0 FatalErrors

    So i suspect there were no issues with this but below is mentioned in the file:

    ----------------------------------------------------------------------------------------------------------------------------

     

    The packages repository file:///D:/coldFusion2021/bundles/bundlesdependency.json is not accessible. You can only load the packages that are available locally in the D:\ColdFusion2021\bundles directory.axis (2021.0.11.330247) package and its dependencies have been downloaded successfully.sharepoint (2021.0.11.330247) package and its dependencies have been downloaded successfully.adminapi (2021.0.13.330286) package and its dependencies have been downloaded successfully.administrator (2021.0.17.330334) package and its dependencies have been downloaded successfully.caching (2021.0.17.330334) package and its dependencies have been downloaded successfully.pmtagent (2021.0.17.330334) package and its dependencies have been downloaded successfully.orm (2021.0.17.330334) package and its dependencies have been downloaded successfully.ormsearch (2021.0.17.330334) package and its dependencies have been downloaded successfully.document (2021.0.14.330296) package and its dependencies have been downloaded successfully.report (2021.0.17.330334) package and its dependencies have been downloaded successfully.presentation (2021.0.14.330296) package and its dependencies have been downloaded successfully.image (2021.0.17.330334) package and its dependencies have been downloaded successfully.pdf (2021.0.17.330334) package and its dependencies have been downloaded successfully.print (2021.0.17.330334) package and its dependencies have been downloaded successfully.htmltopdf (2021.0.17.330334) package and its dependencies have been downloaded successfully.ajax (2021.0.13.330286) package and its dependencies have been downloaded successfully.spreadsheet (2021.0.11.330247) package and its dependencies have been downloaded successfully.chart (2021.0.17.330334) package and its dependencies have been downloaded successfully.redissessionstorage (2021.0.17.330334) package and its dependencies have been downloaded successfully.zip (2021.0.17.330334) package and its dependencies have been downloaded successfully.mail (2021.0.17.330334) package and its dependencies have been downloaded successfully.debugger (2021.0.17.330334) package and its dependencies have been downloaded successfully.saml (2021.0.17.330334) package and its dependencies have been downloaded successfully.scheduler (2021.0.17.330334) package and its dependencies have been downloaded successfully.azureblob (2021.0.17.330334) package and its dependencies have been downloaded successfully.awss3 (2021.0.17.330334) package and its dependencies have been downloaded successfully.search (2021.0.17.330334) package and its dependencies have been downloaded successfully.odbc (2021.0.17.330334) package and its dependencies have been downloaded successfully.postgresql (2021.0.17.330334) package and its dependencies have been downloaded successfully.sybase (2021.0.13.330286) package and its dependencies have been downloaded successfully.db2 (2021.0.13.330286) package and its dependencies have been downloaded successfully.sqlserver (2021.0.11.330247) package and its dependencies have been downloaded successfully.mysql (2021.0.13.330286) package and its dependencies have been downloaded successfully.oracle (2021.0.17.330334) package and its dependencies have been downloaded successfully.exchange (2021.0.17.330334) package and its dependencies have been downloaded successfully.websocket (2021.0.17.330334) package and its dependencies have been downloaded successfully.ftp (2021.0.17.330334) package and its dependencies have been downloaded successfully.awsdynamodb (2021.0.11.330247) package and its dependencies have been downloaded successfully.azureservicebus (2021.0.17.330334) package and its dependencies have been downloaded successfully.awssns (2021.0.11.330247) package and its dependencies have been downloaded successfully.awssqs (2021.0.11.330247) package and its dependencies have been downloaded successfully.awslambda (2021.0.17.330334) package and its dependencies have been downloaded successfully.The package and its dependencies have been downloaded successfully. ColdFusion server is currently not running. The package will be installed automatically once server is up.

     

    -------------------------------------------------------------------------------------------------------------------------------------------

     

    I had updated the file based on your comments in https://community.adobe.com/t5/coldfusion-discussions/unable-to-update-from-coldfusion-2021-update-10-to-11/td-p/14445566:

     

    <?xml version="1.0" encoding="UTF-8"?>
    <settings><update autocheck="true" checkinterval="10" checkperiodically="false" sendupdate="true">
    <url>https://www.adobe.com/go/coldfusion-updates</url>
    <defaulturl>https://www.adobe.com/go/coldfusion-updates</defaulturl>
    <packagesurl>D:\ColdFusion2021\bundles\bundlesdependency.json</packagesurl>
    <defaultpackagesurl>file:///D:/coldFusion2021/bundles/bundlesdependency.json</defaultpackagesurl>
    <notification><emaillist/><fromemail/></notification></update><proxy><hostname/><port>0</port><username/><password/></proxy></settings>

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices