• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
2

NOW LIVE! Adobe ColdFusion 2023 and 2021 October updates

Adobe Employee ,
Oct 06, 2023 Oct 06, 2023

Copy link to clipboard

Copied

Document update history:

  • 10/10/2023: Added Docker Hub and ECR locations.
  • 10/10/2023: Refreshed the Server ZIP and GUI installers, Lockdown installer, and Add-on installer for ColdFusion (2023 release). Head over to ColdFusion downloads to download the installers.

 

We are pleased to announce the availability of ColdFusion (2023 release) Update 5 and ColdFusion (2021 release) Update 11 today!

 

Where do I download the updates from

 

What's new and changed in the updates

Both the updates include bug fixes and enhancements in Administrator, Installer, Migration, Package manager, Database, and other areas. The update contains upgrades to Tomcat (v9.0.78) and other libraries, such as jackson-databind, Netty, etc. Note that this update is cumulative and includes fixes from the previous updates. 

The updates include package install enhancements, Admin APIs for activation requests, new attributes for Exchange tags, connector-related enhancements, and many more. Check out the tech notes for more details.

 

Do I need to recreate the connector after installing the updates

Yes

 

Do these updates contain updated packages

Yes

 

Are the Docker images available

The images are available on the Docker hub and ECR.

 

Please install the updates and let us know your feedback.

TOPICS
Connector , Reporting , Security

Views

5.4K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 06, 2023 Oct 06, 2023

Copy link to clipboard

Copied

Thanks, Saurav. And wow, this feels almost like a point release rather than an update, with not only bug fixes but so many changes/new features (whereas the past 4 updates had only security fixes). So let's all dig in and see how it goes. Nice to see if this update resolves some long-standing bugs that had troubled us since the previous "major" updates (that fixed previous bugs but added new ones) in Oct 2022 and Sep 2021.

 

That said, if this update might introduce new bugs itself, I sure hope it won't be a year until an update fixes THESE bugs.


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Oct 06, 2023 Oct 06, 2023

Copy link to clipboard

Copied

I see that the CF2023U5 release notes has the Mandatory IP restrictions item, but this item is absent from the CF2021U11 release notes (and bug CF-4219181 is offline or inaccessible).   Does this change only apply to CF2023R5 and not to CF2021U11?  I have some more thoughts on this, but I'll just say for now that this is a great config tweak and one that everyone should make to all ColdFusion environments, even manually if you have to do it.  

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 06, 2023 Oct 06, 2023

Copy link to clipboard

Copied

Brian, this is an interesting discussion you raise. I hope folks will forgive/appreciate my blog-length reply and elaboration. 

 

First, while Adobe can and should answer your question, I suspect the change in fact may not apply to EITHER update. Instead, the verbiage on this point in the technote is talking about how the CF installer would work--and I have confirmed first that there are not new/refreshed installers released with this update. Adobe, do you agree? (I have downloaded the zip and gui installers, and compared them to those I got in July, and they are identical.) (As an update, 4 days later: Adobe modified this post on Oct 10 to indicate that in fact there WERE new CF installers that include these updates. I have confirmed they are indeed different from the previous installers. The rest of what I say in thie comment applies and remains unchanged)

As for whether the update may indeed make any change, it will be interesting to hear from anyone who may have installed CF a) with the production profile (rather than production+secure), and b) who may have had no value entered for "Allowed IP Addresses for accessing ColdFusion Administrator and ColdFusion Internal Directories" before the update: do they now see these localhost values entered for them? (For anyone interested, this setting is at the bottom of the "allowed ip addresses" page in the 'Security" section of the Admin.)

 

And lest casual readers misconstrue things, this is talking about the production vs developer PROFILE (an option in the installer has long had) rather than the prod vs dev DEPLOYMENT TYPE (which is a new option in the installer since CF2021, also offering values like test, stage, qa, and dr). The latter is tracked (once chosen) on the Licensing and Activation page of the CF Admin (and for now cannot be changed in the Admin, and there's a tracker ticket requesting that).

 

As for the security aspect of this change, I'll say I've always found it odd not only that the installer prompt discussed (in the technote) would be greyed out for ANY profile selected (even "developer"), as there's value (as you're getting to) for everyone to have the admin locked down to only localhost access (unless you choose to open it up). But I've wondered why it didn't pre-populate with these localhost ips discussed in the technote.

 

And yes, I realize that with the CF Admin exposed by default only on the built-in web server (which defaults to port 8500), that web server's port would be blocked by any firewall. But if other machines within the firewall/network have that port open, that doesn't mean that everyone who CAN access the port SHOULD be able to try to login to the CF Admin.

 

So in summary, I'd argue that a) an update should change any servers that have NO value for this field to have localhost ips (with a warning to people that if this change blocks them being able to access the admin, they can use the cfsetup tool--new in cf2021--to be able to modify that ip list). Then b) the installer prompt should also be pre-populated with those localhost ips regardless of profile, with the freedom for the installing user to add to or change that list of ips (if somehow they feel they must).  And an argument could be made that c) the admin (and installer) should NO longer allow there to be NO value entered for this allowed ip field, as that means it's open to anyone who can reach that built-in web server port.

 

If I have anything wrong here in any of the above, I welcome correction.


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 09, 2023 Oct 09, 2023

Copy link to clipboard

Copied

Brian or Adobe, any thought on my comment here from Oct 7 about the "allowed ip address" matter Brian raised?


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 12, 2023 Oct 12, 2023

Copy link to clipboard

Copied

For anyone following this comment thread, I will point out something that seems important.

 

Folks are starting to raise observations that there is a change related to what IPs can access the CF Admin--even WITHOUT a new install, and ALSO even on CF2021 after applying its update 11 from the same day.

 

Brian's original question was asking Adobe if it WAS limited to CF2023. They never answered. Then I observed how the CF2023 mention seemed to refer only to new installs (and even then only if using the Production profile).

 

It's starting to seem more than that. For anyone interested in the discussion, see another thread in the forums here were the issue was raised today. While I offered a comment there to start, I look forward to digging in more and sharing anything I learn, if others don't first.


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Oct 06, 2023 Oct 06, 2023

Copy link to clipboard

Copied

I tried install 2023 on MacOS Sonoma today, and won't do it. I guess we need to wait for an updated installer. 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Oct 06, 2023 Oct 06, 2023

Copy link to clipboard

Copied

If you trust the download file and want to allow execution anyway, there are instructions on how to bypass that check here - https://support.apple.com/guide/mac-help/apple-cant-check-app-for-malicious-software-mchleab3a043/ma...  

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 06, 2023 Oct 06, 2023

Copy link to clipboard

Copied

Mike, a few things on this.

 

First, let's clarify for folks following along that you're talking about an issue with the installation of CF2023 rather than this applying this update (as indicated by your words and the screenshot you offered). 

 

Second, on that, note that the release notes doc for CF2023 indicates (in its "Known issues" section) that:

 

"On macOS, before launching the ColdFusion installer, run "xattr -rc” command against the installer dmg.

 

Of course, anyone could miss that. Can you try that and see if it works for you?

 

That said, finally, note that both the CF2023 support matrix PDF and the CF2023 system requirements pages indicate that only MacOS 13 (Ventura) is supported, not 14 (Sonoma)--which did come out only last week (Sep 26). Adobe (like many vendors) has a historic record of not being ready to support a new OS version on the day of release, and indeed often not for months (or even as much as a year). 

 

So I'm saying that this xattr command MAY get the installer to work for you, and the install MAY run, but again it's not SUPPORTED. So if you encounter other issues, be aware that you are floating on a boat in a potentially stormy sea without the Coast Guard there to help--to stretch an anology. But again, all may go well.

 

Finally, if it does not go well and you want to elaborate on this, it may be more appropriate for you to open a new discussion in the CF Community forums as your issue seems not to be related to these October 2023 updates of CF, specifically. (If there was a new installer released with this update, that would be different. But there was not, I have confirmed. Update since my original reply: Adobe modified this post today to indicate that in fact there WERE new CF installers released today, Oct 10, which include the latest update. And I have confirmed today they are indeed different installers. Just updating this comment I'd made a few days ago, for the sake of clarity.)

 

As always, just trying to help.


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 09, 2023 Oct 09, 2023

Copy link to clipboard

Copied

Mike, any thoughts about my comment here from Oct 6 in reply to your questions about MacOS?


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 12, 2023 Oct 12, 2023

Copy link to clipboard

Copied

By the way, Mike, in case you didn't see my update to my reply to you from last week, there WERE new installers (for CF2021 and 2023) released earlier this week, so you may want to see if the new Mac installer works better for you. Don't forget to use that xattr -rc command if it doesn't work (but perhaps that's been resolved in the new installer. Again, see my first reply to you above.).


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Oct 06, 2023 Oct 06, 2023

Copy link to clipboard

Copied

Fantastic. Are there new installers for CF2023 with this update?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 06, 2023 Oct 06, 2023

Copy link to clipboard

Copied

While we await confirmation from Adobe, I'll note that I'd indicated in earlier comments here (one just a minute before yours) that I'd not found there to be any new installers in my own checking. 


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 10, 2023 Oct 10, 2023

Copy link to clipboard

Copied

Here's great news (for some): while there were no new installers with original release of the update last week, Adobe has modified this post today to confirm that they HAVE released today new installers that DO include this latest update. I have checked them and confirmed today they are different than the previous ones (whereas on Friday I did NOT find the installers to be different.)

 

I just wanted to add this comment since Dave had raised the question that first day, and I shared what I found to be true then. It would be easy for many to miss the modification of this post to indicate there are in fact new installers. (Thankfully, Sauarav also offered it earlier today in a later comment thread here.)


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 12, 2023 Oct 12, 2023

Copy link to clipboard

Copied

Dave, have you tried the new installers?


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Oct 06, 2023 Oct 06, 2023

Copy link to clipboard

Copied

Update not appearing in CF2023 Administrator, only shows up to update 4.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 06, 2023 Oct 06, 2023

Copy link to clipboard

Copied

Dave, this has happened with the earlier updates: in nearly all such cases, it was a caching issue. Not a BROWSER caching issue you can influence, but instead some caching between your machine (running cf) and the Adobe server(s) offering the updates. And it's about the xml feed used to offer these updates. 

 

You may find that within hours, suddenly the update appears. There's also that "check for updates" button on the admin updates page which you can click to try in hours to come. 

 

Finally, note that the technote offers a link for you to manually download the update (jar file) and offers instructions for applying it manually near the bottom of the technotes.

 

You may need to do that anyway with this update (the manual install)--if you have cf set to use Java 17.0.8 or greater for cf2023, or Java 11.0.20 for cf2021. In those cases, running the update in the admin will fail. Instead, we need to do the manual install of the update and add a new jvm arg--as mentioned at the TOP of each technote (in a box on only one of them, for now).

 

Let us know if that gets you sorted. 


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Oct 08, 2023 Oct 08, 2023

Copy link to clipboard

Copied

Still no luck Charlie. Even their XML feed doesn't include it:
https://cfdownload.adobe.com/pub/adobe/coldfusion/xml/updates.xml

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Oct 08, 2023 Oct 08, 2023

Copy link to clipboard

Copied

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 08, 2023 Oct 08, 2023

Copy link to clipboard

Copied

No, it's there. Just not for you, for some reason. I not only see it today with that link you offered, but I had no problem (and know of many others) obtaining it Friday.

 

As you may know, the technote offers a link to the update (jar and/or bundle zip) to download, but I realize you may prefer to update via the admin instead. Here is the item element for update 5, which you could add manually (with care) to the xml file you can get now, and you can change the cf admin update page to point to that file. (Just don't forget to set it back to the default, once done):

<item>
<title>ColdFusion 2023 Update 5</title>
<description>ColdFusion (2023 release) Update 5 includes bug fixes and enhancements in Administrator, Migration, Package manager, Database, and other areas. The update contains upgrades to Tomcat (v9.0.78) and other libraries, such as, jackson-databind, Netty, and so on. Note that this update is cumulative and includes fixes from the previous updates. For details refer the Technote link. </description>
<cfhf_id>hf-2023-00005-330608</cfhf_id>
<cfhf_type>General</cfhf_type>
<cfhf_updatelevel>05</cfhf_updatelevel>
<cfhf_buildnumber>330608</cfhf_buildnumber>
<cfhf_technotelink>https://helpx.adobe.com/coldfusion/kb/coldfusion-2023-update-5.html</cfhf_technotelink>
<cfhf_servers>
<cfhf_server version="2023,0,0">
<cfhf_downloadlink>https://cfdownload.adobe.com/pub/adobe/coldfusion/2023/updates/hotfix-005-330608.jar</cfhf_downloadlink>
<cfhf_filename>hotfix-005-330608.jar</cfhf_filename>
<cfhf_checksum>149975e2324eda2c9fb4c17506ba0fc6</cfhf_checksum>
<cfhf_installinput/>
</cfhf_server>
</cfhf_servers>
<pubDate>Friday, October 6, 2023</pubDate>
</item>

 


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 12, 2023 Oct 12, 2023

Copy link to clipboard

Copied

Dave, were you finally able to see and get the updates?


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 06, 2023 Oct 06, 2023

Copy link to clipboard

Copied

Saurav, can you correct the reference to the Java version at the top of the technote for cf2021? It refers to Java 17.0.8 (like the cf2023 one does). But currently cf2021 supports only Java 11, so it should say Java 11.0.20, as that's the equivalent to 17.0.8--both new as of July, which introduced the need of the special jvm arg.

 

While you're at it the wording should say "or greater", for both Java versions, because a new jvm update is due this month and it will almost certainly carry forward this issue.

 

Finally, note how the cf2023 technote uses a box to highlight this issue discussed at the top while the cf2021 technote does not. A casual reader could miss that (as just a paragraph within the what's new section.) 

 

There are some other inconsistencies about the two technotes, and I'll report that tomorrow if they remain by then. 


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Oct 07, 2023 Oct 07, 2023

Copy link to clipboard

Copied

Thank you Charlie. I've made the changes.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Oct 09, 2023 Oct 09, 2023

Copy link to clipboard

Copied

Thanks, Saurav. You'll want to modify the post to point out how the Docker/container images are indeed now available at both dockerhub and ECR (since you mentioned that at the end of the post).


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Oct 10, 2023 Oct 10, 2023

Copy link to clipboard

Copied

Added at the beginning of the blog. Thanks a lot Charlie!

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation