Last updated on
Jun 12, 2023
ColdFusion (2018 release) Update 11
Note:
If you are applying Update 10 without applying Update 8, follow the Post Installation steps mentioned for Update 8.
Note: If you are already on Update 8, you can apply Update 11 without performing any intermediary steps.
Note:
If you are updating via ColdFusion Administrator:
The minimum update versions are Update 4 or higher for ColdFusion (2018 release), due to a recent change in code signing certificate.
These are mandatory pre-requisites before updating.
The updates below are cumulative and contain all updates from previous ones. If you are skipping updates, you can apply the latest update, not those you are skipping. Further, you must take note of any changes that are implemented in each of the updates you are skipping.
To install previous updates, see ColdFusion (2018 release) Updates.
What's new and changed
ColdFusion (2018 release) Update 11 (release date, 22 March, 2021) addresses vulnerabilities that are mentioned in the security bulletin, APSB21-16, and a few other issues.
In addition, we’ve introduced support for RHEL 8.3, WildFly 23, Tomcat 9.0.43, PostgreSQL 13, Oracle 19c (2018), and MS SQL Server 2019.
Bugs fixed
| Bug ID | Description | Component |
|---|---|---|
| CF-4209577 | Datasource deleted when clicking on "Cancel" of delete confirmation popup. | Administrator |
| CF-4206324 | Unable to access the ColdFusion administrator using a hyperlink after applying ColdFusion 2018 Update 5. | Administrator : Administrator Console |
| CF-4205373 | False positive for missing CFPDFParam source attribute. | Administrator : Code Analyzer |
| CF-4205372 | False Positive for CFCollection "path" Attribute on Code Analyzer. | Administrator : Code Analyzer |
| CF-4207245 | Recent update to cfajax.js uses defineProperty method which is not available in IE 11 document mode 5. | AJAX |
| CF-4206044 | The Richtext editor does not display as expected. | AJAX : UI Components |
| CF-4205063 | ColdFusion.Window.create with initshow=false causes a JavaScript error. | AJAX : UI Components |
| CF-4204493 | cfwindow and cfform does not work as expected after applying Update. | AJAX : UI Components |
| CF-4211186 | Intermittent NULL Pointer Exception in caching. | Caching |
| CF-4210052 | Redis Caching - end of stream error when caching queries and structures. | Caching |
| CF-4204989 | Clear folder specific template cache does not work as expected. | Caching : General |
| CF-4202859 | ColdFusion uses unsynchronized WeakHashMap in Remote Method Invocation during cache replication. | Caching : General |
| CF-4205050 | An exception occurs when submitting a form with CFGRID. | CFForm : HTML |
| CF-4201599 | There is an issue with cfchart. | Charting/Graphing |
| CF-4204356 | URL not working on client-side CFCHART | Charting/Graphing : Client |
| CF-4209142 | There is a bug in CFChart type=JPG url attribute.. |
Charting/Graphing : Server |
| CF-4205181 | The Server side charting does not work as expected on a few OS. |
Charting/Graphing : Server |
| CF-4205335 | ColdFusion (2018 release) Docker images does not work as expected when using CLI command. | Containers: CF Docker Image |
| CF-4204706 | ColdFusion (2018 release) Docker issues. |
Containers: CF Docker Image |
| CF-4207294 | UndefinedElementException in Unreachable Code. | Core Runtime |
| CF-4205210 | java.lang.VerifyError for code construct within CFC/try-catch (<cfreturn anyFunction({})>). | Core Runtime : Parser/Compiler |
| CF-4209859 | Session Replication broken as of Hotfix 8. | Core Runtime : Session Management |
| CF-4207024 | CF2016 and CF2018 support for Oracle 19c Database. | Database |
| CF-4210952 | Oracle/MSSQL Driver Affected by Proxy Settings in JVM Arguments. | Database : Oracle |
| CF-4209891 | User Logged Out Error. | Database : Oracle |
| CF-4207962 | "first" and "last" are reserved keywords when used in a Query-of-Queries. | Database : Query-of-Query(IMQ) |
| CF-4204866 | CFDump Loss of Formatting. | Debugging : CFDump |
| CF-4204413 | CFDump is missing CSS and JavaScript when output is set to false. | Debugging : CFDump |
| CF-4205366 | SpreadsheetAddRows throws java.lang.ArrayStoreException when 2d array contains mixed value types. | Document Management : Office Integration |
| CF-4204280 | PDF Bug / Inconsistent Rendersing. | Document Management : PDF Form |
| CF-4206454 | Throws error when using 'word-break: break-all;' used inside <cfdocument> tag. | Document Management : PDF generation |
| CF-4205907 | When converting text to html, if invalid URL in text, cfdocument hangs. | Document Management : PDF generation |
| CF-4198342 | cfdocument timeout. | Document Management : PDF generation |
| CF-4206253 | SpreadsheetFormatCell does not support underline. | Document Management : Spreadsheet |
| CF-4211081 | Uncompressed contents cross maximum permissible size - varies. | File Management : CFZip |
| CF-4207423 | File with colon in name has issues DirectoryList() and DirectoryDelete(). | File Management : VFS-RAM |
| CF-4204901 | Cannot Perform File Operations Between VFS (RAM) AND S3. | File Management : VFS-S3 |
| CF-4207069 | Slow startup time in CF2018 update 6 and above. | General Server |
| CF-4204857 | The June 2019 updates of CF 2018, 2016, and 11 blocks upload of files with no extension. |
General Server |
| CF-4207690 | ArraySort() callback chokes on large numbers returned | Language |
| CF-4207473 | Unexpected result when setting inline struct inside function call that's inside a CFIF/CFELSE that's inside a CFOUTPUT query loop | Language |
| CF-4209576 | Error assigning UDF as single-expression arrow function | Language |
| CF-4208310 | Elvis Operator is not thread safe | Language |
| CF-4208572 | Validation is occurring for variable inside | Language |
| CF-4206046 | UDF instances are not thread safe to execute in separate threads | Language |
| CF-4204292 | ReplaceNoCase doesn't properly handle 2-byte characters (emojis) | Language |
| CF-4204882 | Argument is not treated as a struct by Query functions | Language |
| CF-4206045 | Closure instances are not thread safe to execute in separate threads | Language |
| CF-4204992 | Safe Navigation errors if key is a "reserved keyword" | Language |
| CF-4206403 | Certain syntax breaks the interpreter (compiler) | Language : Application Framework |
| CF-4211056 | Default sameformfieldsasarray value | Language : Application Framework : ApplicationCFC |
| CF-4205918 | sameFormFieldsAsArray incorrectly deserializes form values containing commas | Language : Application Framework : PerAppSettings |
| CF-4206329 | After installing Update 13, component initialization fails | Language : CF Component |
| CF-4207025 | Application.cfc will not recursively resolve cfincludes | Language : CF Component |
| CF-4204865 | CFComponent extends path is caching | Language : CF Component |
| CF-4207397 | Race Condition (for in loop + single statement + struct notation) | Language : CFSCRIPT |
| CF-4205758 | Array slice syntax does not compile when used in an inner function | Language : Closures |
| CF-4197194 | nested arrayEach parent execution context scoping issue | Language : Closures |
| CF-4204632 | Invalid Set-Cookie Header Date Format | Language : Cookie |
| CF-4208948 | Code Errors When comparing an identical time stamp | Language : Expressions |
| CF-4210924 | Undocumented _format() appears to be a proxy of dateTimeFormat() | Language : Functions |
| CF-4206955 | 'null' returned from function always returning an array | Language : Functions |
| CF-4210721 | IsValid Email Incorrectly Returns True for Invalid Email Addresses | Language : Functions |
| CF-4210722 | Specific String of characters causes getSafeHTML function to error without error flag on | Language : Functions |
| CF-4205212 | ArgumentCollection accepts array in invoke()/cfinvoke but not direct method calls. | Language : Functions |
| CF-4205911 | 'null' passes typed array validation even with null support disabled | Language : Functions |
| CF-4203844 | ListDeleteAt remove last symbol instead of entire delimiter. CF 2018 | Language : Functions |
| CF-4211048 | No Increment of the index in cfloop | Language : List Functions |
| CF-4204007 | DecodeFromURL does not decode %2B as + | Language : String Functions |
| CF-4205209 | java.lang.VerifyError thrown for a specific code construct within a CFC | Language : Tags |
| CF-4204516 | isValid("email") and isValid("url") treat Unicode Domain Differently | Language : Validation |
| CF-4205377 | Caught CFLDAP exception shows up in exception.log | Net Protocols : LDAP |
| CF-4203461 | CfScript ORM mapping annotation for param/sequence does not work | ORM Support |
| CF-4204880 | Dateformat() performs poorly under load due to internal NumberFormatExceptions | Performance |
| CF-4206777 | Performance Monitoring Toolset - Unresponsive alert thresholds incorrect | PMT |
| CF-4207758 | PMT failed to start the service from Windows service manager after adding 170+ instances. | PMT |
| CF-4208156 | [PMT Group] CF node is exhibiting an unexpected behavior if it is added to a group that has a space in its name(group name). | PMT : Grouping |
| CF-4210932 | In PMT, CPU Usage/ Process Memory data is not coming on Solaris platform | PMT : Non-Request Metrics |
| CF-4205607 | [PMT Alerts] Receiver email address field does not accept comma-separated email addresses | PMT : Settings |
| CF-4210933 | Update workflow support in PMT 2018 | PMT : Update Workflow |
| CF-4210060 | Trusted Cache Breaks REST Service | REST Services |
| CF-4202597 | Per-app mappings don't exist in REST CFCs | REST Services |
| CF-4208840 | When editing a scheduled task in CF Admin, the start defaults to today's date even when it was set to something on creation | Scheduler |
| CF-4203917 | ColdFusion 2018 flags erroneous warnings for properties in server.xml | Web Container (Tomcat) |
| CF-4210569 | Invalid warnings in coldfusion-error.log about protocol attribute of Tomcat HTTP and AJP connectors | Web Container (Tomcat) |
| CF-4206375 | SSL Peer Unverified Exception with Wildcard Certificate | Web Services |
| CF-4207558 | cfinvoke fails when calling service with returnType of "any". | Web Services : Axis 2 |
| CF-4199597 | WebSocket messages sent to client are truncated at semicolons. | Web Socket : WebSocket Proxy |
Known issues
- After installing Update 11, in a CFML code, the Elvis operator isn't working as expected. As a workaround, clear the template cache and refresh the classes.
Prerequisites
- On 64-bit computers, use 64-bit JRE for 64-bit ColdFusion.
- If the ColdFusion server is behind a proxy, specify the proxy settings for the server to get the update notification and download the updates. Specify proxy settings using the system properties below in the jvm.config for a stand-alone installation, or corresponding script file for JEE installation.
- http.proxyHost
- http.proxyPort
- http.proxyUser
- http.proxyPassword
- For ColdFusion running on JEE application servers, stop all application server instances before installing the update.
Installation
For instructions on how to install this update, see Server Update section. For any questions related to updates, see this FAQ.
- The update can be installed from the Administrator of a ColdFusion instance or through the command-line option.
- Windows users can launch the ColdFusion Administrator using Start > All Programs > Adobe > Coldfusion 2018 > Administrator.
- Windows 10, Windows Server R2 2012, and Windows Server 2019 users must use the “Run as Administrator” option to launch wsconfig tool at {cf_install_home}/{instance_name}/runtime/bin.
- If you get the following error when installing the update using the Download and Install option, ensure that the folder {cf_install_home}/{instance_name}/hf_updates has write permission: "An error occurred when performing a file operation write on file {cf_install_home}/{instance_name}/hf-updates/hotfix_011.properties".
- The connector configuration files are backed up at {cf_install_home}/config/ wsconfig /backup. Add back any custom changes made to the workers.properties file after reconfiguring the connector.
For more information, see Connect to web servers.
Installing the update manually
- Click the link to download the JAR.
- Execute the following command on the downloaded JAR. You must have privileges to start or stop ColdFusion service and full access to the ColdFusion root directory.
Windows: <cf_root>/jre/bin/java.exe -jar <jar-file-dir>/hotfix-011-326016.jar
Linux-based platforms: <cf_root>/jre/bin/java -jar <jar-file-dir>/hotfix-011-326016.jar
Ensure that the JRE bundled with ColdFusion is used for executing the downloaded JAR. For standalone ColdFusion, this must be at, <cf_root>/jre/bin.
Install the update from a user account that has permissions to restart ColdFusion services and other configured webservers .
For further details on how to manually update the application, see the help article.
Post installation
Note:
After applying this update, the ColdFusion build number should be 2018,0,11,326016.
Post installation, we recommend rebuilding or reconfiguring your connector.
Note: This holds true only if you have applied Update 11 without applying Update 8.
If you see Error 503 or Error 403 when firing up your websites, see the troubleshooting steps.
Uninstallation
To uninstall the update, perform one of the following:
- In ColdFusion Administrator, click Uninstall in Server Update > Updates > Installed Updates.
- Run the uninstaller for the update from the command prompt. For example, java -jar {cf_install_home}/{instance_home}/hf_updates/hf-2018-00011-326016/uninstall /uninstaller.jar
If you can't uninstall the update using the above-mentioned uninstall options, the uninstaller could be corrupted. However, you can manually uninstall the update by doing the following:
- Delete the update jar from {cf_install_home}/{instance_name}/lib/updates.
- Copy all folders from {cf_install_home}/{instance_name}/hf-updates/{hf-2018-00011-326016}/backup directory to {cf_install_home}/{instance_name}/