ColdFusion (2018 release) Update 12
If you are applying Update 12 without applying Update 8, follow the Post Installation steps mentioned for Update 8.
Note: If you are already on Update 8, you can apply Update 12 without performing any intermediary steps.
If you are updating via ColdFusion Administrator:
The minimum update versions are Update 4 or higher for ColdFusion (2018 release), due to a recent change in code signing certificate.
These are mandatory pre-requisites before updating.
The updates below are cumulative and contain all updates from previous ones. If you are skipping updates, you can apply the latest update, not those you are skipping. Further, you must take note of any changes that are implemented in each of the updates you are skipping.
To install previous updates, see ColdFusion (2018 release) Updates.
What's new and changed
ColdFusion (2018 release) Update 12 (release date, 14 September, 2021) addresses vulnerabilities that are mentioned in the security bulletin, APSB21-75, and other bug fixes.
The update also contains support for macOS Big Sur (v11.0) and Tomcat 9.0.50.
Bugs fixed
| Bug ID | Description | Component |
| CF-4211179 | Unable to save Server Settings due to due to invalid default value for Maximum Pool Size. |
Administrator |
| CF-4205963 | Redis Sessions must support SSL/TLS connection over port 6380. |
Administrator : Administrator Console |
| CF-4207973 | An exception appears when you dump the results of the function cacheGetAllIds(). |
Caching |
| CF-4211482 | Unable to install the latest PDF add-ons for Docker. |
Containers: CF Docker Image |
| CF-4211421 | If the neo-datasource.xml file has the following, then after applying Update 11, 17, or 1, then the ColdFusion Data Source service is unavailable. |
Database : General |
| CF-4211538 | Temporary columns in an ORDER BY clause will be randomly returned in QoQ result set even if they aren’t specified in a SELECT statement. |
Database : Query-of-Query(IMQ) |
| CF-4211472 | Locally scoped table names in a Query of Query throws an internal error. |
Database : Query-of-Query(IMQ) |
| CF-4202730 | In a query, if you select names with order, the order of names is not as expected. |
Database : Query-of-Query(IMQ) |
| CF-4199829 | Generating a spreadsheet and not saving it to disk may cause the heap memory to behave unexpectedly. |
Document Management : Office Integration |
| CF-4208032 | When copying a file to an AWS S3, the copy operation fails. |
File Management : VFS-S3 |
| CF-4211636 | The ListDeleteAt function removes the last symbol instead of the entire delimiter. |
General Server |
| CF-4211830 | For complex variable bindings, the final keyword is not honored. |
Language |
| CF-4211478 | Erroneous 'final variable modification' exception on arrow function initializer in component mixin. |
Language |
| CF-4212023 | If a ColdFusion page does not have a cfapplication tag, the default behavior is to convert formfields with commas into array. |
Language : Application Framework : PerAppSettings |
| CF-4209676 | Function parameters are parsed incorrectly when passing an un-braced arrow-function literal as an argument. |
Language : CFSCRIPT |
| CF-4211579 | When you dump a cfcatch object, you get, in addition of the dump, the exception "The getMetaData method was not found". |
Language : Exception Handling |
| CF-4211442 | Complex object types cannot be converted to simple values | Language : Functions |
| CF-4205189 | ToString() member function returns a location rather than string | Language : String Functions |
| CF-4210631 | Issue where ORM does not support Object[] types. | ORM Support |
| CF-4211228 | Application metadata is not thread safe under high concurrency (ConcurrentModificationException). |
Performance |
| CF-4211113 | Every page request calls getRealPath()as part of PathFilter.invoke(), which results in a touch to the file system. |
Performance |
| CF-4211876 | Mismatch in argument type after installing Update 11 from Update 10 of ColdFusion (2018 release). |
REST Services |
| CF-4206686 | cflogin doesn't work in a cluster with Redis session management | Security : Authentication |
| CF-4202953 | CF Scripts URI must be randomized. | Security : LockdownGuide |
Known issues
- When the multicast port is busy in your environment, there will be errors in logs after restarting the instances that are part of a cluster. To resolve the issue, in the ColdFusion Admin, change the multicast port in the Cluster Manager page.
- Connecting to a MySQL database fails for AWS MySQLon Oracle JRE. After verifying the connection, an error message displays. The issue occurs because the MySQL JDBC driver is unable to connect to SSL over TLS. As of MySQL 5.7.35, as the TLSv1 and TLSv1.1 connection protocols are deprecated. As a workaround, add the parameter enabledTLSProtocols to the jdbc url.
- Same form fields are treated as arrays when used in Application.cfc. The fields are not part of any UDF or eventhandlers of Application.cfc, even when you set or do not set the flag this.sameformfieldsasarray.
Prerequisites
- On 64-bit computers, use 64-bit JRE for 64-bit ColdFusion.
- If the ColdFusion server is behind a proxy, specify the proxy settings for the server to get the update notification and download the updates. Specify proxy settings using the system properties below in the jvm.config for a stand-alone installation, or corresponding script file for JEE installation.
- http.proxyHost
- http.proxyPort
- http.proxyUser
- http.proxyPassword
- For ColdFusion running on JEE application servers, stop all application server instances before installing the update.
Installation
For instructions on how to install this update, see Server Update section. For any questions related to updates, see this FAQ.
- The update can be installed from the Administrator of a ColdFusion instance or through the command-line option.
- Windows users can launch the ColdFusion Administrator using Start > All Programs > Adobe > Coldfusion 2018 > Administrator.
- Windows 10, Windows Server R2 2012, and Windows Server 2019 users must use the “Run as Administrator” option to launch wsconfig tool at {cf_install_home}/{instance_name}/runtime/bin.
- If you get the following error when installing the update using the Download and Install option, ensure that the folder {cf_install_home}/{instance_name}/hf_updates has write permission: "An error occurred when performing a file operation write on file {cf_install_home}/{instance_name}/hf-updates/hotfix_012.properties".
- The connector configuration files are backed up at {cf_install_home}/config/ wsconfig /backup. Add back any custom changes made to the workers.properties file after reconfiguring the connector.
For more information, see Connect to web servers.
Installing the update manually
- Click the link to download the JAR.
- Execute the following command on the downloaded JAR. You must have privileges to start or stop ColdFusion service and full access to the ColdFusion root directory.
Windows: <cf_root>/jre/bin/java.exe -jar <jar-file-dir>/hotfix-012-328566.jar
Linux-based platforms: <cf_root>/jre/bin/java -jar <jar-file-dir>/hotfix-012-328566.jar
Ensure that the JRE bundled with ColdFusion is used for executing the downloaded JAR. For standalone ColdFusion, this must be at, <cf_root>/jre/bin.
Install the update from a user account that has permissions to restart ColdFusion services and other configured webservers .
For further details on how to manually update the application, see the help article.
Post installation
After applying this update, the ColdFusion build number should be 2018,0,12,328566.
Post installation, you must rebuild or reconfigure your connector.
If you see Error 503 or Error 403 when firing up your websites, see the troubleshooting steps.
Uninstallation
To uninstall the update, perform one of the following:
- In ColdFusion Administrator, click Uninstall in Server Update > Updates > Installed Updates.
- Run the uninstaller for the update from the command prompt. For example, java -jar {cf_install_home}/{instance_home}/hf_updates/hf-2018-00012-328566/uninstall /uninstaller.jar
If you can't uninstall the update using the above-mentioned uninstall options, the uninstaller could be corrupted. However, you can manually uninstall the update by doing the following:
- Delete the update jar from {cf_install_home}/{instance_name}/lib/updates.
- Copy all folders from {cf_install_home}/{instance_name}/hf-updates/{hf-2018-00012-328566}/backup directory to {cf_install_home}/{instance_name}/