Proper Way To Roll Back CF Update

Report · Jun 04, 2012

I've recently installed CF security APSB12-06. Doing so has somehow or another broke all of my web apps and their session functionality...I need to roll back this security update. The installation instructions had me back up the files that I was replacing/updating, and I still have these files/folders available.

So, I was wondering: what is the proper way to roll back a CF update or security fix? From what I understand, I can remove the .jar file in {ColdFusion-Home}/lib/updates, and then replace my CFIDE and WEB-INF folders with my backup versions. I was wondering if there was anything else I needed to do.

Any information would be greatly appreciated!

Report · Jun 04, 2012

Restart CF service as well as you say remove JAR and recover CFIDE and WEB-INF. Question; did CF have any prior security or hot fix JAR present in ColdFusion\lib\updates before applying APSB12-06? APSB12-06 may have left other JAR present or may have removed it. HTH, Carl.

Report · Jun 04, 2012

Carl,

I believe that there was a jar file in the ColdFusion\lib\updates folder, which I deleted when I installed the APSB12-06 update. I cannot entirely recall, but I think it was a jar file ending in -00004.jar, as is the format for the updates, indicating which series of updates you have installed on your computer (at least that's what I take from it...). Can you advise what I should I do if there was a jar file in there previously? In hindsight, I probably should have backed this file up as well...

Thank you for your help!

Report · Jun 04, 2012

Do you have some idea as to the CF patch level eg: CF8 + updater1 + CHF4 or CF9 + updater1 + CHF1 ? Then likely you could download said CHF again and extract the JAR from the ZIP downloaded to place back in ColdFusion\lib\updates. Is a filesystem backup available for restore? Then could recover JAR from backup media. HTH again, Carl.