NOW LIVE! ColdFusion 2025, 2023, and 2021 July security updates

Paul, there are a couple of ways to look at what you've presented--and yes, a workaround, though we should better understand and confirm your problem as well. 

First, as you may know the new docker images for each update tend to come out a couple days after the update's initial release.

That said, one should be able to do the update (or package updates) within the container...but like with a regular cf instance, that needs to be able to access the Adobe servers which hold the update files. And it's not unusual for a container environment to be configured such that IT CANNOT make outbound network requests, as a security protection.

And just as with a regular cf instance, the update technotes do discuss how one can instead perform a manual offline update, which entails a couple extra steps. Those could work in a container.

But it's indeed odd that you say this message "just happened" unexpectedly: it would normally happen only to someone (with any form of cf deployment) who somehow told cf to update to a package whose version was higher than the current update level of cf (what they refer to in the admin Package Management ui as the "core" update.)

If you look at your dockerfile, compose file, or kubernetes manifest (whatever means you're starting cf as a container), you should find you have the installModules env var set to name what packages you want implemented (Or you may find an importModules, which names a file listing the packages to be implemented.) Those package names can include version numbers, but I'd not expect yours to already name the next version--and I'd not expect it to "automatically seek the highest available version".

Anyway, let us know your value for that env var. And note that for now you could workaround this problem by instead setting that env var to name the update 14 version of those packages, thus "pinning" the package version. Again, you should not have to do that.

Then let's see if Adobe or others have more to offer. I also hope to setup a demo if your situation, especially with whatever values you have for installModules or importModules. 

Hi Charlie,

The relevant lines in the dockerfile are

Hi Paul , 

I brought up a container using below command - 

docker run -dt -e acceptEULA=YES -e installModules=all -p 8500:8500 adobecoldfusion/coldfusion2023 and all modules were installed . Are you still facing this issue?

Hi Suchika,

As mentioned we use public.ecr.aws/adobe/coldfusion:latest-2023 to build our images. I noticed that this image was updated yesterday and everything works now again on our end. Nothing has changed just the image.

So Paul (and Suchika), I'll say this certainly all seems odd. And since you're working again (with the image now being updated by Adobe), perhaps you'll leave it be. But if you (or others) may want to explore more, read on

It seems the issue MIGHT have been that your image (its cf "core") was still on u14 but somehow it tried to update the packages to u15...but it's not "supposed to" do that (whether running cf as a container or not). My understanding is that CF should only implement package versions suited to the current core version...

... That is, unless you specifically TELL it to get a later package version, and then yes it warns that the core would need to be updated and awaits confirmation (whether done in the admin or at the cli. And yes, the cf docker image's env vars for package mgt do cause cf to silently run the cfpm at the cli for you within the container. ..which is where it got stuck.) 

So the question is WHY it tried to use updated packages for your "install all". Any thoughts, Suchika?

If not, I'd be. curious then to know what else might have been tracked in your cf logs...and for that I mean more than just what "docker logs" would show--that's just what's in the stdout and stderr, which equates to the coldfusion-out.log and coldfusion-error.log.

In particular there may be useful info in the cfpm-audit.log. (Of course, if your failing container has since been removed then you won't have it.) But for future reference I'll note that it's NOT just tracking when one uses the cfpm cli tool: it tracks also when a cf update leads to package updates.

So it should track what happened (unexpectedly) in your case. (FWIW, anyone looking at that should beware that it ALSO tracks a few hundred lines on EVERY startup of cf.)

I'm just saying that whatever happened to you, it's going to be explained in cf's logs (most of which are NOT exposed as docker logs by default.)

Again, you may well be "done" with this round. I leave this for the "next round", or for anyone else who faces/faced this scenario you presented. 

The Docker images were updated later, while the package URL was already pointing to Update 15. This creates a very small window of inconsistency. However, you're right — if the core is at Update 14 and you run install all after Update 15 goes live, it should upgrade both the core and the packages to Update 15. Will check with the team on this.

As you suspected Charlie that container is long gone. All I have is a screenshot from aws logs which I will attach here.

We are too!

We fixed ours by cleaning the felix cache

1. Stop Coldfusion
2.  delete the cfusion/bin/felix-cache directory
3. Start Coldfusion

Thank you! I'll try that.

It worked!  I'm no longer getting that error and things are functioning as expected.  Thank you!

I got the same error. I will try to apply this method.

I encountered the same error and resolved it the same way. Odd because the felix-cache was deleted during the installation of the jar file. Seems it needs to be manually deleted a 2nd time.

Thank you, this has been driving me crazy all morning! Your suggestion works for me too.

We also needed to delete the felix-the-cat folder to get our cfmail tags to work. 

This fixes the same issue in ColdFusion 2023 as well.

This should probably be added to the known issues for ColdFusion (2023 release) Update 15.

Fixed the same cfmail issue in ColdFusion 2025

Weird thing is, on a couple servers where I had this issue, it had sent mail after the patch. Only atfer about 3 days did this error occur. I wonder if it will break again in a couple days.

Yep, this issue is now re-occuring on at least 1 cf server. This issue will keep happenign and you will have to keep clearing the cache... Please fix @Saurav_Ghosh 

@mindfart23587 : I confirm, i have the same probelm on at least one server.  I updated it last wednesday, after clearing the Felix Cache, the mail function was ok, but this morning, i got an error.  I had to clear the Felix Cache again and now it works.  I will open a bug on the Adobe site.

Thanks for creating the issue! Everyone please vote: https://tracker.adobe.com/#/view/CF-4227360!