NOW LIVE! Adobe ColdFusion 2023 and 2021 October updates

Well, unfortunately one of the long-due "bug fixes" now changes behavior significantly. https://tracker.adobe.com/#/view/CF-4217130

When we moved to CF2021 we had to update a lot of code related to this "bug" which makes struct keys case sensitive. Now they have switched it back to upper-casing all struct keys, which breaks a lot of code that will be hard to find prior to release (especially where Javascript is involved with JSON data returned with these struct keys).

As the case-sensitive struct keys have been something everyone has had to work with for the almost 2 years since CF2021 was released, Adobe needs to provide a solution to keep them case-senstive. We can't take update 11 or any more hotfixes into production until this is resolved. This is a huge lift to find, update and test that code.

I applied CF2021 Update 11 on the first of our 5 servers a couple of days ago.

As I've noted before, for some reason we cannot use CF Administrator itself to download and install the updates.  CF Administrator knows the update is available (and emails us about it), but the updates simply never download when we try to initiate the download.  (And we've confirmed we can access the XML file, the actual update package, etc. from the server itself.)

So we use the manual process to install the update.  I'd like to check/confirm a few things about that:

1) We're running java.exe -jar ....jar using the java.exe that came with ColdFusion 2021 (cf_root\jre\bin\java.ese).

This means we do not need to worry about the extra Zip64 flag, right?

2) For updates that require updating or recreating the connector as well as updating packages, does it matter which order we do that in?

Can we install the core update, then update or recreate the connecotr, then update the packages?  Or do we have to update the packages before updating or recreating the connector?

3) After installing this update, I had to manually reinstall ColdFusion Adminsitrator itself.  Is this normal for Update 11?

Would this also be required if we were able to use ColdFusion Administrator itself to download and install the updates, as intended?

4) In order to install the new version of ColdFusion Administrator, I used the command line package manager (cfpm.bat) and ran "install adminsitrator".  When I had the packages URL set to the default Adobe repository, this worked fine.  It downloaded the package and installed it.  (So I'm further puzzled as to why I can't get updates done through CF Administrator.)

However, when I had downloaded the packages locally and pointed the packages URL (in neo_updates.xml) to the location where they were stored on the server, the package manager just said the location was unavailable.

Do package updates done locally have to be done from an actual web URL (vs. a local path on C:\...)?

Related, the instructions for manual installation reference <InstallerReposityUnzippedPath>/bundles/bundlesdependency.json.  But I don't see /bundles/ as a folder within hotfix-packages-cf2021-011-330247.  bundlesdependency.json is at the root level of hotfix-packages-cf2021-011-330247.  Is that just an error in the documentation?  Or does bundlesdependency.json (or anythign else) actually need to be in a subfolder named /bundles/ ?

5) In order to update the other pakcages, I tried doing that through the ColdFusion Administrator, but it didn't indicate that anything needed an update.  Using cfpm.bat and running "update packages" resulted in it saying that everything was up to date (when it wasn't).  I then tried "install all" and that downloaded and installed the latest package version for everything that needed updating.

This server already has all packages installed, but I'd obviously rather not have to "install all" to get updates just for the packages I need, and I'd rather not have to manually call "install <packagename>" for every package that we already have installed jsut to get them updated.

Any ideas what might be causing this?

Thanks

Hi,

on my Enterprise server with more instance with CF2023+hotfix4 i have updated with hotfix5, i get this issue:

HTTP Status 500 – Internal Server Error

Type Exception Report

Message java.lang.NullPointerException: Cannot invoke "coldfusion.server.LicenseService.isStandard()" because the return value of "coldfusion.server.ServiceFactory.getLicenseService()" is null

Description The server encountered an unexpected condition that prevented it from fulfilling the request.

Exception

javax.servlet.ServletException: java.lang.NullPointerException: Cannot invoke "coldfusion.server.LicenseService.isStandard()" because the return value of "coldfusion.server.ServiceFactory.getLicenseService()" is null

after which I can't do anything anymore, not even uninstall with jar, just manually deleting or recreating the instance.

what am I doing? do I have to start creating the whole environment again?

Thanks, @Saurav_Ghosh and Team.

Saurav, can you correct the reference to the Java version at the top of the technote for cf2021? It refers to Java 17.0.8 (like the cf2023 one does). But currently cf2021 supports only Java 11, so it should say Java 11.0.20, as that's the equivalent to 17.0.8--both new as of July, which introduced the need of the special jvm arg.

While you're at it the wording should say "or greater", for both Java versions, because a new jvm update is due this month and it will almost certainly carry forward this issue.

Finally, note how the cf2023 technote uses a box to highlight this issue discussed at the top while the cf2021 technote does not. A casual reader could miss that (as just a paragraph within the what's new section.) 

There are some other inconsistencies about the two technotes, and I'll report that tomorrow if they remain by then. 

Update not appearing in CF2023 Administrator, only shows up to update 4.

Fantastic. Are there new installers for CF2023 with this update?

I see that the CF2023U5 release notes has the Mandatory IP restrictions item, but this item is absent from the CF2021U11 release notes (and bug CF-4219181 is offline or inaccessible).   Does this change only apply to CF2023R5 and not to CF2021U11?  I have some more thoughts on this, but I'll just say for now that this is a great config tweak and one that everyone should make to all ColdFusion environments, even manually if you have to do it.  

Thanks, Saurav. And wow, this feels almost like a point release rather than an update, with not only bug fixes but so many changes/new features (whereas the past 4 updates had only security fixes). So let's all dig in and see how it goes. Nice to see if this update resolves some long-standing bugs that had troubled us since the previous "major" updates (that fixed previous bugs but added new ones) in Oct 2022 and Sep 2021.

That said, if this update might introduce new bugs itself, I sure hope it won't be a year until an update fixes THESE bugs.