ColdFusion (2018 release) Update 6 and ColdFusion (2016 release) Update 13 released

November 20, 2019
Staff 33 posts
Followers: 25 people
15

ColdFusion (2018 release) Update 6 and ColdFusion (2016 release) Update 13 released

Staff 33 posts
Followers: 25 people
November 20, 2019

We are pleased to announce that we have released the updates for the following ColdFusion versions:

The updates fix bugs that were reported in the previous update release.

If you had installed the preview updates of these releases, make sure that you revert the update URL to the default value to receive update notifications.

IMPORTANT:

If you will be using the Administrator interface to perform the update, note that you must first update to Update 11 for ColdFusion (2016 release) or Update 4 for ColdFusion (2018 release) due to a recent change in code signing certificate, which is used for verifying the download of the update.

These are mandatory pre-requisites before updating, unless you download the update yourself and apply it manually.

We also recommend that you upgrade the web server connectors after applying these updates.

 

The following are links to the tech notes for each update:

What’s new in this update

We’ve fixed bugs related to core language, connectors, and other areas. For more information, see the list of bugs fixed:

Please update your ColdFusion versions today. Let us know if you face any issues while installing the updates. Your feedback is essential to further enhancing the product.

We thank you for your continuing support.

To report an issue with the update, file a bug using the public tracker https://tracker.adobe.com/ or send an email to cf.install@adobe.com.

Comments (15)
2019-11-21 17:01:41
2019-11-21 17:01:41

FYI, updating to CF2016 Update 12 from to CF2016 Update 13, I lost my reference to my SOLR collections.

Like
(1)
>
TwoEdge
's comment
2019-11-21 18:29:13
2019-11-21 18:29:13
>
TwoEdge
's comment

There is no aspect of update 13 (that I know of, as it just fixes bugs in update 12) which would cause loss of solr collections. Instead, I would propose that perhaps you had an error in the update (even though your previous comment said all seemed well). I have a post on how to confirm if there were any errors, and how to resolve any, here:

https://coldfusion.adobe.com/2019/03/problems-applying-cf-update-check-first/

Let us know if that helps.

Like
2019-11-21 14:48:19
2019-11-21 14:48:19

How does one ” upgrade the web server connectors after applying these updates”? I’m trying to get more information to help our host server administrator to do this. I ran the update (from 12 to 13) via the CF Admin panel and it worked well (site back up, etc), now I want our server admin to address this recommendation and would like to give him more details about what to do. Thanks!

Like
(3)
>
TwoEdge
's comment
2019-11-21 18:27:04
2019-11-21 18:27:04
>
TwoEdge
's comment

I can help you there. See my post:

https://www.carehart.org/blog/client/index.cfm/2019/11/13/when_how_update_cf_web_connector

…where I do lament, wishing Adobe would make that more clear themselves, in the update technote and these blog posts.

Let us know if that info helps you.

Like
>
Charlie Arehart
's comment
2019-11-26 04:09:23
2019-11-26 04:09:23
>
Charlie Arehart
's comment

Thanks!

Like
>
TwoEdge
's comment
2019-11-26 12:37:24
2019-11-26 12:37:24
>
TwoEdge
's comment

Glad I could help.

Like
2019-11-20 15:12:03
2019-11-20 15:12:03

I replied and then realized that I didn’t link to the CF2016u13 preview post.  Here’s the link:
https://coldfusion.adobe.com/2019/11/preview-builds-coldfusion-2018-release-update-6-and-coldfusion-2016-release-update-13-released/

NOTE:  I posted this as a new reply because my initial reply hasn’t been posted yet.  I was previosuly told that I would instantly see my replies (like every other platform), but I guess there’s some sort of review/approval process still in place (or something is broken/slow.)

Like
(1)
>
James Moberg
's comment
2019-11-20 17:37:01
2019-11-20 17:37:01
>
James Moberg
's comment

James, all our comments are indeed moderated. There have been attempts in the past to either allow previous commenters to not be moderated, etc. Somehow that went away, and for some months it’s been that all comments are moderated. I have been told (when I asked) that there were plans to “fix” that, but it remains the current situation.

Like
2019-11-20 15:09:28
2019-11-20 15:09:28

Is this the same update that was available a week ago as a special preview release?  I previously installed the 2016u13 update and the version is reported as 2016.0.13.316217.  (Is this official update newer than the preview or the same?)

Like
(2)
>
James Moberg
's comment
2019-11-20 17:35:37
2019-11-20 17:35:37
>
James Moberg
's comment

James, note how the body of the blog post answers part of your question:

We had previously released the preview updates of these releases. If you had applied the preview updates, you can retain the preview builds.

This indicates that yes, it is the same update. But since they didn’t indicate the version number, I did the following as you have me curious also. First, as I had already applied the preview of update 13, I confirmed seeing the same 316217 in the version.

Then I changed back to the default update URL, saved that, checked for updates, and it reported none available (which makes sense since I had update 13 already in place, albeit the preview).

I then uninstalled the 13 preview, and installed the “real” update 13. After restarting, the number does indeed still report 316217. HTH.

Like
>
Charlie Arehart
's comment
2019-11-26 12:27:14
2019-11-26 12:27:14
>
Charlie Arehart
's comment

James, any thoughts?

Like
2019-11-20 12:15:13
2019-11-20 12:15:13

Thanks for that, Saurav.

Readers should note that the reason you are encouraged to get THIS update in place is so that (by applying it) you get the earlier September update which this one “fixes”. That update had important security protections, but these bugs (now corrected) had kept some from putting that update in place. There should now be no reason to hold off updating.

Like
(3)
(3)
>
Charlie Arehart
's comment
2019-11-21 17:33:49
2019-11-21 17:33:49
>
Charlie Arehart
's comment

I can confirm this update (kind of) resolves an information / source code disclosure issue and potential DoS issue. It’s now just a bug rather that previous behavior.

Like
>
Phillyun44
's comment
2019-11-21 18:24:34
2019-11-21 18:24:34
>
Phillyun44
's comment

Can you clarify this “confirmation” you refer to? And by “this update”, do you mean the one mentioned in this post? It is not offering any security issues. It only fixes problems in the previous update (from September).

But maybe you are referring to a situation where you had NOT yet applied the Sept update.  In that case, yes, THAT update did have security fixes.

And what do you mean by “just a bug rather than previous behavior”?

Like
>
Charlie Arehart
's comment
2019-11-26 12:28:09
2019-11-26 12:28:09
>
Charlie Arehart
's comment

Philly, any thoughts?

Like
Add your comment