NOW LIVE! ColdFusion 2025, 2023, and 2021 September security updates

That's certainly a dismaying situation to be in. Let's see if we can get you going.

First, I see no connection between your error and the suggestion to run the wsconfig tool. They're unrelated. 

Second, while you confirm that the update log reports all successes (the table at about line 70), please also see THE BOTTOM of that log, where about 10 lines from the bottom it reports what packages (if any) were to be downloaded, and if those downloads worked. Any problems there? 

But as is also reported there (toward the end of that line), the packages are not UPDATED until cf is started. 

So next look at that coldfusion-out.log, finding the lines from the time cf was started after that update. Watch closely for errors there. (You'd shared what was shown at the bottom of that log.) Let us know what you find.

Your problem should be in one place or another. Or there may be more to your situation than you've shared. For instance, what update were you on before this one? Also, when you say there are no other logs, do you mean no others are being updated? Or that logs which WERE there have somehow disappeared? 

Finally, solving an outage like this via back-and-forth here can be quite challenging (like playing the old game battleship). And given your urgency, we might solve this in a fraction of the time in a shared desktop consulting session. If you'd like to be up again ASAP, I'm available immediately. For more on my rates, approach, satisfaction guarantee, online calendar, email, phone, and more, see the consulting page at carehart.org.

Critic, I'll confirm I saw that also--on one cf2025 machine (only one, among a few cf2025 updates I've done since yesterday).

FWIW, I found that the files in question were identified first as missing in errors shown during the cf startup (after the update) in the coldfusion-out.log. Then I also saw them listed as files REMOVED by the update itself, as tracked in the hotfixfilelist.log, found in the hf-updates folder for that cf update. These removed files matched those listed as missing in the startup.

And like you, I "put them back" in the cf bundles/repo, as they were saved during the update in the hf-updates folder for the update, in its backup/bundles folder. Then the restart showed no errors in the coldfusion-out.log. 

It's not clear to me now why this would have happened on that one server and not the other cf2025 (nor cf2023 or cf2021) instances I updated, when they all were installed with the same (Windows) installer, each having all packages implemented, and each updated when a new update came out.

Just sharing those distinctives, if it may help others looking into it. Until then, hope the steps I offer may help someone. 

@w49369461 that url is indeed "working" for many and showing references to yesterday's update within the xml itn returns. As I noted just now in a reply to a_1001, some people seem to experience a lag in the updated content appearing to them, for whatever reason (web caches, cdn's, etc) . The complaints about it usually passes within a day of the update. 

Have you tried the url from your phone or home? Does it have a reference to "- 022", for instance, which is part of the string describing update 22 of cf2021?

If so, you could then follow the steps to "Install the update in offline mode manually" as outlined in each update's technote. In this case you'd download the needed files (whose links are offered in the technote) onto that other machine , then copy them to the CF machine to be updated. Not fun, I realize. Or wait to see if the web caching issues clear for you. 

Chuck, 2 things.

1) First, uep, as for your "inconsistencies" about accessing the URLs (or what's returned from them), that's a common problem for some (not everyone) in the first hours or even day after these updates are released. I assume Adobe is using some CDN, yes, or some other sort of caching within their large enterprise architecture. Sadly, some may be out of our hands (and the CF teams's.

I do find it odd that some have the problems and others don't--which makes me think it's more NOT about Adobe's server's or architecture, per se. But who can know? 🙂

2) Also yes: the feed package was updated for CF2023.

And it may help to know that Adobe does in fact offer a table at the bottom of each update technote which lists what packages are due to be updated along with the core update, for each update. (And another after that listing whether the web server connector needed to be updated, per each update.)

Of course, if one SKIPs any updates, then you get updates to whatever packages are listed below that as well, for the updates you skipped.

Better still, one could look in the CF Admin to see what packages it may list as "to be updated". Of course, some may not pay notice it--and others run the update from the commandline, not even seeing the Admin.

For either of them, one can look to the update log (created for each update, within the cfusion/hf-updates folder for the update applied). As some may know, that shows first (at about line 70) how many "successes" and "fatalerrors" happened in the update. And THEN it also lists (several lines up from the bottom) what packages (if any) were downloaded (to be updated).

And as some may know, those are then updated NOT at THAT time (during the CF update) but on the next start of CF AFTER the update. And one can see in the coldfusion-out.log that during that next startup, it will show first "uninstalling" packages and associated jars, but it won't show "installing" them. It will just show them being "started".

Each of those are useful to watch after each update.  🙂

@wtlaughlin , I am not finding the link to that update jar to fail. I can offer the working link, and then below that I report a problem of a link that IS incorrect in another page about cf2023's update 16.

1) As you may have noticed, the link you show is missing a domain name. Have you tried it as the full URL, https://cfdownload.adobe.com/pub/adobe/coldfusion/2021/packages/hotfix-packages-cf2021-022-330451.zip? That works for me. If it works, great.

As for where you found the bad link, I'll note that I don't see that shortened version (without the domain name) in any of the pages offering that download (which would be either the CF2021 update 22 technote or the page listing all the cf2021 updates (and those links for each). Can you say where you found it?

2) Then again, as a note to Saurav (who handles the docs) and other readers here: note that I DO find a mistaken link in the page of cf2023 updates for the CF2023 update 16 jar.  It offers the link as https://cfdownload.adobe.com/pub/adobe/coldfusion/2023/updates/hotfix-015-330828.jar , but see the mistake: it refers to 015 rather than 016—but the numbers following it are correct for the build number, so just changing that 15 to 16 works: https://cfdownload.adobe.com/pub/adobe/coldfusion/2023/updates/hotfix-016-330828.jar  

I confirmed that the links to the jar and zip as offered in the 3 release update technotes are correct, as are all the other links for today's updates in the pages that list all the updates for each release, with their file download links (but this one problem in my point 2 above).

It's a lot for Saurav to juggle, of course. As always, just trying to help (him and other readers).