ColdFusion (2021 release) and ColdFusion (2018 release) September updates

Report · Sep 14, 2021

We are pleased to announce that we have released the updates for the following ColdFusion versions:

Note: The ColdFusion (2021 release) installers have also been refreshed with this update. The new server installers bundle Update 2 and JDK 11.0.11. The ColdFusion Add-Ons and other installers are bundled with JDK 11.0.11. The refreshed installers are available at ColdFusion downloads.

In these updates, we’ve fixed a few security bugs and some other bugs, which are mentioned in the tech notes.

These updates fix security vulnerabilities that are mentioned in the security bulletin, APSB21-75.

In addition, Update 2 of ColdFusion 2021 features the following:

For more information, see the tech notes for ColdFusion 2021 Update 2.

The Docker images will be hosted shortly on Amazon ECR and Docker Hub.

Please update your ColdFusion versions and provide us your valuable feedback.

Report · Sep 14, 2021

Hi, We applied this update to our CF server and immediately started getting errors on Query of Query. The only thing CF returns in the error message is "getColumnType() null". The QoQs that it errored on so far were using UNION. Is this a known issue?

Another QoQ error we immediately got was "The aggregate function [SUM(expression)] cannot operate on an operand of type [VARCHAR] ". However this same page worked perfectly before the update. Is this also a known issue? We would like to use the latest update asap, but can't use it until the errors are resolved. Will await a reply.

Report · Sep 14, 2021

So that someone else might try to replicate the problem, can you clarify please both which CF version you are on (2021 or 2018), and also which update you had been on BEFORE applying the one released today?

Also, Adobe folks, I hope you can please get the cffiddle.org site updated ASAP so that people could use that to test things like the above.

/Charlie (troubleshooter, carehart.org)

Report · Sep 15, 2021

Sorry for not posting that. We are using CF 2018. We were using update 11 before this update, and that update was working OK.

Report · Jan 14, 2022

We also wanted to share our queries that failed, but now work with hotfix: hf201800-4212383

Union is in the QoQ:

// Simple Query 1

var q1 = queryExecute("
	SELECT * FROM `table` WHERE `something` = 'something'
	",
	{},
	{
		'datasource': REQUEST.objEnv.getDSN("database","R")
	}
)

// Simple Query 2

var q2 = queryExecute("
	SELECT * FROM `table` WHERE `something` = 'something'
	",
	{},
	{
		'datasource': REQUEST.objEnv.getDSN("database","R")
	}
)

// Query of above Queries that causes issue

var q3 = queryExecute("
	SELECT * FROM q1
	UNION
	SELECT * FROM q2
	ORDER BY lastname
	",
	{},
	{
		'dbtype': 'query'
	}
)

Union is in the original query that is later queried:

// Initial query with union.
// I think this is fine on its own

var q1 = queryExecute("
	SELECT * FROM `table` WHERE `something` = 'something'
	UNION
	SELECT * FROM `table` WHERE `something` = 'somethingelse'
	",
	{},
	{
		'datasource': REQUEST.objEnv.getDSN("database","R")
	}
)

// Query of query with union that causes issue
// Requires loop. Error is the "index out of bounds" error

var q2 = queryExecute("
	SELECT * FROM q1
	ORDER BY lastname
	",
	{},
	{
		'dbtype': 'query'
	}
)
	for (var i=1; i<=q2.recordcount; i++) {
		queryGetRow(q2, i);
	}

We were able to resolve with the hotfix, but it was then unresolved when the log4j update came out. We had to reapply the hotfix after cf2018 update 13.

The hotfix needed to go into cfusion/lib/updates, not cfusion/hf-updates. That threw us for a loop too.

Report · Sep 14, 2021

Hi,

Can you please provide us a reproducible code sample? We'd also like to test the snippet?

You can paste it here or send an email to saghosh@adobe.com

Thanks,

Saurav

Report · Sep 15, 2021

Saurabh,

Here are couple queries that failed for us. They work fine in CF2018 Update 11.

<cfquery name="rs" dbtype="query">
Select * from rs
UNION
Select * from te where removeRow=0
ORDER BY ID, sortOrder, job
</cfquery>

<cfquery dbtype="query" name="locations">
SELECT * FROM mainLocation
UNION
SELECT * FROM WkLocations
ORDER BY Active, Type, Name
</cfquery>

Report · Sep 15, 2021

I had the same issue and a CAST solved it, like this:

SUM(CAST(totalOrderPaid AS NUMERIC)) AS grandtotal

Report · Sep 15, 2021

Thank you, I will give that a try!

Report · Sep 15, 2021

This is still going to be an issue if all the existing queries will need to be updated.

Report · Sep 15, 2021

That's true but sometimes a code update is inescapable, and if it works...

Report · Sep 22, 2021

In our cases, getting rid of select * and specifying the field names resolved the issue.

Ken

Report · Sep 14, 2021

Besides my last comment about a need for the cffiddle.org site to be updated for the new updates, I will add here that I offered a few other comments to help folks considering this update (and questions for Adobe folks) in my comment on their blog post about this update, also posted today.

Since some folks may only see this post by Saurav here, I wanted to point out those other things for consideration, but I don't want to duplicate them (and really, any responses to them ought to perhaps be made there rather than here, to avoid further cross-posting).

/Charlie (troubleshooter, carehart.org)

Report · Sep 15, 2021

Something else I'm noticing.

If you are unioning two queries (QoQ) and one of those has a 0 recordcount, the union fails.

<cfquery dbtype="query" name="c">
   Select this from  from c1    
    union
   Select this from  from c2
    order by this
</cfquery>

In this case C1 had about 6 records, but C2 return 2 (but was valid)

This worked in 16.11

Report · Sep 15, 2021

Edit: C2 returned 0 records.

Report · Sep 15, 2021

We are getting an error with QoQ and unions also. Error message being returend is "getColumnType() null".

Report · Sep 15, 2021

Hi,

Can you please provide us a reproducible code sample?

Tried the below query-

SELECT employee_id,firstname,lastname FROM employees where employee_id=1 UNION SELECT employee_id,firstname,lastname FROM employees_test where employee_id=1 order by firstname ;

It worked fine for me. find the output attached.

Thanks,

Aayushi

Report · Sep 15, 2021

Hi, we had to uninstall the latest update due to QoQ errors. We are currently trying to figure out a server we can put it that doesn't affect clients. I will try to provide a test case thereafter. Thanks!

Report · Sep 15, 2021

Ayushi,

Here are couple queries that failed for us. They work just fine in CF 2018, Update 11

<cfquery name="rs" dbtype="query">
Select * from rs
UNION
Select * from te where removeRow=0
ORDER BY ID, sortOrder, job
</cfquery>

<cfquery dbtype="query" name="locations">
SELECT * FROM mainLocation
UNION
SELECT * FROM WkLocations
ORDER BY Active, Type, Name
</cfquery>

Report · Sep 15, 2021

I am having the same QoQ issue on ColdFusion 2018. Some further detail is that it only seems fails if you have an ORDER BY clause in your QoQ.

This worked prior to the update:

<cfquery name="myQuery" dbtype="query">
SELECT * FROM query1
UNION
SELECT * FROM query2
ORDER BY column
</cfquery>

After the update it results in the following error: getColumnType() null <br>The error occurred on line xxx.

If you remove the order by clause this will resolve the error but obviously your query no longer be sorted

<cfquery name="myQuery" dbtype="query">
SELECT * FROM query1
UNION
SELECT * FROM query2

</cfquery>

Looking at the patch notes I wonder if this is a bug from CF-4211538 Temporary columns in an ORDER BY clause will be randomly returned in QoQ result set even if they aren’t specified in a SELECT statement.

Report · Sep 15, 2021

I repored this error also, and both of our queries that errored so far have Order By in it. It very well could be the cause for us too.

Report · Sep 15, 2021

CF-4211538? https://tracker.adobe.com/#/view/CF-4211538

I reported CF-4211538 as I was re-sorting a query object and unwanted columns were being returned even if excluded in the SELECT clause. I wonder if the sample code I provided even works with CF2021u2.

I have a couple of other bugs that I want to test to see if they've been fixed (ie, iteration), but will now need to wait until this new bug is fixed as QofQ is critical and something we do in absolutely every one of our apps.

Report · Sep 15, 2021

Do you have a link for download of the corresponding zip file perhaps named cf2021-update2-328618-repo.zip for those of us with no internet connection?

Report · Sep 15, 2021

Email from support if you do not have internet connection to your server.

Download the jar file

ColdFusion (2021 release) Update 2 (adobe.com)

You can download repository from below link
https://cfdownload.adobe.com/pub/adobe/coldfusion/2021/packages/packages-cf2021-002-328618.zip

Report · Sep 15, 2021

Make a backup copy of your <ColdFusion2021Home>\bundles directory.

Unzip the repository file and copy the files over the existing files in the bundles directory.

After unziping I realized the jar file was also included in the repository.

Run cmd as administrator and install the hot fix with java -jar hotfix-002-328618.jar.

Then cd to <ColdFusion2021Home>\cfusion\bin and run cfpm install all.