NOW LIVE! Adobe ColdFusion 2023 and 2021 October updates

Report · Oct 06, 2023

Document update history:

10/10/2023: Added Docker Hub and ECR locations.
10/10/2023: Refreshed the Server ZIP and GUI installers, Lockdown installer, and Add-on installer for ColdFusion (2023 release). Head over to ColdFusion downloads to download the installers.

We are pleased to announce the availability of ColdFusion (2023 release) Update 5 and ColdFusion (2021 release) Update 11 today!

Where do I download the updates from

What's new and changed in the updates

Both the updates include bug fixes and enhancements in Administrator, Installer, Migration, Package manager, Database, and other areas. The update contains upgrades to Tomcat (v9.0.78) and other libraries, such as jackson-databind, Netty, etc. Note that this update is cumulative and includes fixes from the previous updates.

The updates include package install enhancements, Admin APIs for activation requests, new attributes for Exchange tags, connector-related enhancements, and many more. Check out the tech notes for more details.

Do I need to recreate the connector after installing the updates

Yes

Do these updates contain updated packages

Yes

Are the Docker images available

The images are available on the Docker hub and ECR.

Please install the updates and let us know your feedback.

Report · Oct 07, 2023

Thanks, @Saurav_Ghosh and Team.

Report · Oct 09, 2023

Hi,

on my Enterprise server with more instance with CF2023+hotfix4 i have updated with hotfix5, i get this issue:

HTTP Status 500 – Internal Server Error

Type Exception Report

Message java.lang.NullPointerException: Cannot invoke "coldfusion.server.LicenseService.isStandard()" because the return value of "coldfusion.server.ServiceFactory.getLicenseService()" is null

Description The server encountered an unexpected condition that prevented it from fulfilling the request.

Exception

javax.servlet.ServletException: java.lang.NullPointerException: Cannot invoke "coldfusion.server.LicenseService.isStandard()" because the return value of "coldfusion.server.ServiceFactory.getLicenseService()" is null

after which I can't do anything anymore, not even uninstall with jar, just manually deleting or recreating the instance.

what am I doing? do I have to start creating the whole environment again?

Report · Oct 09, 2023

While you await word from Adobe (if they may recognize this as some new problem), and before you may start over from scratch, consider first checking the update log, as there may have been an error there, which could lead to odd errors later.

Did you update cf before or after creating the instance? If after, did you do it from the admin of the cfusion instance or the admin of the new instance. That will inform WHERE to look for the update log, in the hf-updates folder under the admin where you ran the update. Then there's a folder corresponding to the number of the update you applied, and in that folder is an install log with a very long name and the datetime you ran the update. Look about 70 lines down that log for a table counting successes and errors. Were there any errors?

/Charlie (troubleshooter, carehart.org)

Report · Oct 10, 2023

Hi Charlie,

now I updated hotfix5 (cf2023) from the instance and it worked. Thanks!

An issue remains on the "report" package: when I start from scratch from a new server cf2023.0.0.330468 and try to install that package I can't because it always requires a dependency with cf2023.0.0.330469 (which doesn't exist)

Report · Oct 10, 2023

I've reported it https://tracker.adobe.com/#/view/CF-4219532

Report · Oct 10, 2023

Glad to have helped, Paolo. As for the next issue, while it's worth someone investigating, I would ask if you're using the zip install approach or the full installer?

If the former, is that intentional? Or just because it was the first option you saw? I've never had a problem like yours here with the full installer. And I press this point because many people needlessly go with the zip install.

In any case, this is going well beyond the point of this blog post (about the update), so if you may offer follow-up that would lead to further discussion, it may be better to create a new post on the forum. (And I didn't offer this on the tracker ticket as it's not about solving that specific problem.)

/Charlie (troubleshooter, carehart.org)

Report · Oct 10, 2023

Hi Charlie,

I honestly don't know, I think we use the .zip installer because it's lighter.

I noticed one thing, however, that the .zip we used is from 22 Aug with a version of the packages "0.0.1-SNAPSHOT" instead of "2023.0.0.330468" inside, plus a series of other changes..

How should we deal with these environments created by this installation?

Report · Oct 10, 2023

We also ran into a failed install of CF2023 U5. I am able to reproduce the issue from a new server launched from Coalesce's AMI (ami-02b9da4520397cd38 on AWS us-west-1). I installed via the CF Admin GUI. Here's part of the install log, with successful steps redacted (...) for brevity:

Summary
-------

Installation: Unsuccessful.

124 Successes
2 Warnings
2 NonFatalErrors
2 FatalErrors

Action Notes:

Failed to copy hotfix files:C:\Windows\system32\config\systemprofile\581998.tmp\dist\updates: Failed to copy the hotfix files to the target location. Retry installation after ensuring that the server is not running or files are not locked by the server.

Failed to copy hotfix files:C:\Windows\system32\config\systemprofile\581998.tmp\dist\wwwroot: Failed to copy the hotfix files to the target location. Retry installation after ensuring that the server is not running or files are not locked by the server.

...

Delete Folder: Source:_win32
Status: SUCCESSFUL
Additional Notes: NOTE - Source C:\Windows\system32\config\systemprofile\581998.tmp\dist\cfusion\_win32 does not exist.

...

Move Folder: Destination: C:\Windows\system32\config\systemprofile\581998.tmp\dist\cfusion
Status: WARNING
Additional Notes: WARNING - Source C:\Windows\system32\config\systemprofile\581998.tmp\dist\cfusion\_win64 does not exist.

...

Move File: Destination:
Status: WARNING
Additional Notes: WARNING - Source file C:\Windows\system32\config\systemprofile\581998.tmp\dist\cfusion\lib\cfusion-req-cloud.jar does not exist.

...
Install File: C:\ColdFusion2023\notice.txt
Status: ERROR

...

Install Uninstaller: Adobe ColdFusion 2023 Update 5(Install All Uninstaller Components)
Status: ERROR
Additional Notes: ERROR - Error installing uninstaller: java.util.zip.ZipException: Invalid CEN header (invalid zip64 extra data field size)

Report · Oct 10, 2023

I ran into the same errors when installing via command prompt after stopping the CF service (java.exe -jar C:\ColdFusion2023\bundles\updateinstallers\hotfix-005-330608.jar).

Report · Oct 10, 2023

Hi @Alex-TSM,

Please ensure none of the CF services are running in the task manager and try installing the update from the command prompt manually.

Thanks,

Vikram

Report · Oct 10, 2023

Hi Vikram,

As stated in my above posts, I tried installing via two methods:

1) Via CF Admin GUI. It's impossible to initiate the update install with the CF service stopped. The installer should stop and restart all services, should it not? In the install log, it shows it successfully stopped CF services.

2) Via command line. I stopped the CF service before running the installer. I confirmed via the Services app that no CF services are running before starting the update. The same errors appear in the logs.

Alex

Report · Oct 10, 2023

Hi Vikram,

We were missing the disableZip64ExtraFieldValidation flag. Adding this to our java args fixes the issue.

Further notes:

- Is it possible to detect that this flag is missing from java args and add a friendly error message to the update 5 installer?

- The note is a bit confusing as there are only 5 updates for CF 2023.

From Update 6 onwards, you need not use the flag.

Alex

Report · Oct 10, 2023

Alex and others, fwiw I have a bog post with more detail on all this (how doing the updates via the CF Admin will fail, if your JVM has been updated to the latest version). I explain both how/why it happens and how yes, doing that manual install with that new jvm arg (or using a jvm from before July 2023) is the solution.

Note that Adobe did mention this in the technotes for the update, but it was very brief and easily missed. Also, they indicate there that this problem should be resolved for us in the next update. Again, I have more detail in my blog post from last night:

Solving failure in applying latest CF updates, or avoiding that failure

/Charlie (troubleshooter, carehart.org)

Report · Oct 11, 2023

Hi Charlie,

I had read your post and inserted the JVM parameter into the instance so I wouldn't have any problems running from the GUI, but it still doesn't work.
I only work manually from command line.

Report · Oct 11, 2023

My post does not suggest inserting the arg into cf. Instead it specifically poses that the arg be used only at the command line. If you would somehow still read it saying otherwise, I'd appreciate you're pointing out exactly what you see that suggests that.

/Charlie (troubleshooter, carehart.org)

Report · Oct 11, 2023

Hi Charlie,
it was my incorrect interpretation due to the fact that on the official Adobe website the double procedure remained: from the GUI and from the manual.
In my opinion this is not correct, do you agree?
I'm sorry but these shortcomings only lead to a waste of time.

Report · Oct 11, 2023

What text on their site suggests such a "double procedure"? And what page? The update technotes offered in the original post here do not suggest that.

Granted, what they say is perhaps too brief for some (or could be easily missed), thus my blog post.

And yes, the fact that this problem remains is lamentable as it's been known since July. At least it's due to be resolved finally in a coming update. Until then, hope my added details help folks.

/Charlie (troubleshooter, carehart.org)

Report · Oct 11, 2023

I am referring to the section:
"Installation >> COLDFUSION ADMINISTRATOR" - In Package Manager > Packages, click Check for Updates in Core Server.
After it detects an update, click Update.

about their hotfix5
https://helpx.adobe.com/coldfusion/kb/coldfusion-2023-update-5.html

Report · Oct 12, 2023

Paolo, that's not a "double procedure". That's "one thing or the other":

The first ("In Package Manager > Packages, click Check for Updates in Core Server.") is indicating what to do if one IS ABLE to run the update install from the CF admin.
The second ("INSTALL THE UPDATE IN OFFLINE MODE MANUALLY") is what it says: the steps for installing the update "in offline mode manually". That's for people whose servers are not connected to the internet (or can't configure a proxy for CF to use), which is a security matter.

FWIW, anyone who has setup CF to run with the Java update released in July or beyond (a new one coming next week), they will find they need to do a maual install as well--though only the first of those 3 steps, and then run the java -jar command as offered below that. I also discuss it further in my blog post linked to in other comments above.

Is all this potentially confusing? Yes, for some. Could Adobe improve the wording of their technotes? Yes, and I've raised the issue before. Some things have been addressed, some not. Again, that's why I do blog posts with more detail.

Bottom line, are you all set? or still any issues?

/Charlie (troubleshooter, carehart.org)

Report · Oct 13, 2023

Hi Charlie,
Thanks for all the clarifications, I'm sorted.

ps: I had put the parameter -Djdk.util.zip.disableZip64ExtraFieldValidation=true in the JVM thinking that GUI would use it, but apparently it doesn't use it

Report · Oct 13, 2023

Glad to hear, and understood on your last point. Again, my blog post(s) on the matter clarify how (and why,) that's currently not a solution. Best news is that the next update should solve this once and for all.

/Charlie (troubleshooter, carehart.org)

Report · Oct 11, 2023

I applied CF2021 Update 11 on the first of our 5 servers a couple of days ago.

As I've noted before, for some reason we cannot use CF Administrator itself to download and install the updates. CF Administrator knows the update is available (and emails us about it), but the updates simply never download when we try to initiate the download. (And we've confirmed we can access the XML file, the actual update package, etc. from the server itself.)

So we use the manual process to install the update. I'd like to check/confirm a few things about that:

1) We're running java.exe -jar ....jar using the java.exe that came with ColdFusion 2021 (cf_root\jre\bin\java.ese).

This means we do not need to worry about the extra Zip64 flag, right?

2) For updates that require updating or recreating the connector as well as updating packages, does it matter which order we do that in?

Can we install the core update, then update or recreate the connecotr, then update the packages? Or do we have to update the packages before updating or recreating the connector?

3) After installing this update, I had to manually reinstall ColdFusion Adminsitrator itself. Is this normal for Update 11?

Would this also be required if we were able to use ColdFusion Administrator itself to download and install the updates, as intended?

4) In order to install the new version of ColdFusion Administrator, I used the command line package manager (cfpm.bat) and ran "install adminsitrator". When I had the packages URL set to the default Adobe repository, this worked fine. It downloaded the package and installed it. (So I'm further puzzled as to why I can't get updates done through CF Administrator.)

However, when I had downloaded the packages locally and pointed the packages URL (in neo_updates.xml) to the location where they were stored on the server, the package manager just said the location was unavailable.

Do package updates done locally have to be done from an actual web URL (vs. a local path on C:\...)?

Related, the instructions for manual installation reference <InstallerReposityUnzippedPath>/bundles/bundlesdependency.json. But I don't see /bundles/ as a folder within hotfix-packages-cf2021-011-330247. bundlesdependency.json is at the root level of hotfix-packages-cf2021-011-330247. Is that just an error in the documentation? Or does bundlesdependency.json (or anythign else) actually need to be in a subfolder named /bundles/ ?

5) In order to update the other pakcages, I tried doing that through the ColdFusion Administrator, but it didn't indicate that anything needed an update. Using cfpm.bat and running "update packages" resulted in it saying that everything was up to date (when it wasn't). I then tried "install all" and that downloaded and installed the latest package version for everything that needed updating.

This server already has all packages installed, but I'd obviously rather not have to "install all" to get updates just for the packages I need, and I'd rather not have to manually call "install <packagename>" for every package that we already have installed jsut to get them updated.

Any ideas what might be causing this?

Thanks

Report · Oct 11, 2023

The answer to 1 is yes. Check out my blog post referenced on previous comments if you'd like more info.

As for 2, there's no connection between the package process and the web server connector. Order doesn't matter.

As for 3 and beyond, does your machine running cf have internet access? Your issues seem to be of the sort when it does not.

And in that case, the info at the bottom of the update technote is focused on that.

And to point 4's bundlesdependency.json, that's referring to the location where you would extract the zip referred to in that offline install process of the update technotes (which is not new but has been so for most updates, since cf2021 update 2, iirc.)

After assessing things, let us know what questions remain. (And if you just want it "done", I can help on a remote consulting basis in as little as 15 mins, with satisfaction guaranteed. Or perhaps Adobe or someone else will offer remote help for free.)

/Charlie (troubleshooter, carehart.org)

Report · Oct 17, 2023

(I accidentally posted the previous post with a different functional account we use to manage Adobe software subscriptions.)

Thanks for confirming 1 & 2.

For 3-5, yes, the machines all have internet access and can fetch the metadata at the default Adobe URL just fine. And the command line package manager can grab the actual files from the Adobe repo just fine. On the first machine I upgraded, cfpm.bat couldn't detect that updates were needed (update packages said they were all updated), but issuing the command to just install them resulted in the latest version being fetched and installed successfully.

On 3 other servers I did the update on several days later, just running java.exe -jar and pointing to the hotfix.jar we extracted from the offline installer zip resulted in all packages being updated automatically.

So now I'm wondering if this is just a web caching issue with the repo, as others have reported.

Regarding the point about bundlesdependency.json, the question I have is about the /bundles/ subfolder. The instructions reference <InstallerReposityUnzippedPath>/bundles/bundlesdependency.json.

But /bundles/ doesn't exist. bundlesdependency.json is just at the root level in the zip file, along with a bunch of jars and zips, such as administrator-2021.0.11.330247.jar and administrator-2021.0.11.330247.zip.

I'm curious if that matters or if the instructions just need to be updated to remove the reference to /bundles/ as the ZIPs aren't packaged with that structure. I'm not sure if/when they were packaged with /buncles/ as a subfolder in the past.

Report · Oct 13, 2023

Well, unfortunately one of the long-due "bug fixes" now changes behavior significantly. https://tracker.adobe.com/#/view/CF-4217130

When we moved to CF2021 we had to update a lot of code related to this "bug" which makes struct keys case sensitive. Now they have switched it back to upper-casing all struct keys, which breaks a lot of code that will be hard to find prior to release (especially where Javascript is involved with JSON data returned with these struct keys).

As the case-sensitive struct keys have been something everyone has had to work with for the almost 2 years since CF2021 was released, Adobe needs to provide a solution to keep them case-senstive. We can't take update 11 or any more hotfixes into production until this is resolved. This is a huge lift to find, update and test that code.