We are pleased to announce that we have released the updates for the following ColdFusion versions:
In these updates, we’ve fixed a few security and feature-specific bugs, along with other libraries. We’ve also introduced support for M1 macOS.
We’ve also refreshed ColdFusion 2021 installers. You can find the refreshed installers on the ColdFusion downloads page.
For more information, see the tech notes below:
NOTE: After applying this update, you must reinstall any custom hotfixes that might have been applied earlier. The hotfixes for ColdFusion 2021 Update 4 are located in the folder, /ColdFusion2021/cfusion/hf-updates/hf-2021-00005-330109/backup/lib/updates.
These updates fix security vulnerabilities that are mentioned in the security bulletin, APSB22-44.
The Docker images will be hosted shortly on Docker Hub.
Please update your ColdFusion versions and provide us your valuable feedback.
The downloads for these updates do not match their MD5 signatures posted next to them. Have they been reissued? If so, can you please update the MD5 signatures so we can verify them?
Details:
On the page ColdFusion (2021 release) Update 5
File: ColdFusion (2021 release) Update 5 (MD5: 7abc6c0d3b1fc0a72f7020af11eba56c)
The actual MD5 is 39f0c68144587dab24f5a2816da2fb6d. In addition, some files inside the JAR have modification dates of 15 Feb 2023.
On the page ColdFusion (2018 release) Update 15
File: ColdFusion (2018 release) Update 15 (MD5: da38bb17075ce051b67f1e72164daefb )
The actual MD5 is 406b686de1bb0b9009034311286f4d96. In addition, some files inside the JAR have modification dates of 15 Feb 2023.
Please confirm.
According to the tech notes:
“LOG FILES PAGE IN COLDFUSION ADMINISTRATOR
In the list of log files, the buttons to View, Download, and Delete a log file have been removed. Also, the log files are no longer clickable.”
After installing this update on CF 2021, I can confirm that I can no longer view, download or delete any log files through the CF Administrator’s Log Files section. The only remaining options are to Archive or Disable logging on a log file. This means there is no mechanism in the CF Administrator to view the contents of the log files.
Why was this change made and how are we supposed to view the contents of the log files now?
Tried to update CF 2021 from Update 3 to Update 5 and received the following. We had to rollback to Update 3 which at least now runs our sites but we can’t get into ColdFusion Administrator after we login. The coldfusion-out.log files says the following which I would like to get fixed first so we can get back in to Administrator.
Could not initialize class net.sf.ehcache.config.ConfigurationFactory The specific sequence of files included or processed is: C:\ColdFusion2021\cfusion\wwwroot\CFIDE\administrator\enter.cfm
Below are the logs from the attempt to update.
“Fatal”,”main”,”10/12/22″,”08:16:18″,””,”Unable to install Logging package: java.lang.NoSuchMethodError: org.apache.logging.log4j.util.StackLocatorUtil.getCallerClassLoader(I)Ljava/lang/ClassLoader;”
“Information”,”main”,”10/12/22″,”08:16:18″,””,”Unable to initialise CFStartupServlet:Unable to install Logging package: java.lang.NoSuchMethodError: org.apache.logging.log4j.util.StackLocatorUtil.getCallerClassLoader(I)Ljava/lang/ClassLoader;”
“Information”,”main”,”10/12/22″,”08:16:18″,””,”ColdFusion: application services are now available”
“Error”,”Thread-2″,”10/12/22″,”08:18:58″,””,”The Runtime service is not available. This exception is usually caused by service startup failure. Check your server configuration.”
“Error”,”Thread-2″,”10/12/22″,”08:18:58″,””,”The ClientScope service is not available. This exception is usually caused by service startup failure. Check your server configuration.”
“Error”,”Thread-2″,”10/12/22″,”08:18:58″,””,”The Runtime service is not available. This exception is usually caused by service startup failure. Check your server configuration.”
“Error”,”Thread-2″,”10/12/22″,”08:18:58″,””,”The Security service is not available. This exception is usually caused by service startup failure. Check your server configuration.”
“Error”,”Thread-2″,”10/12/22″,”08:18:58″,””,”null”
“Error”,”Thread-2″,”10/12/22″,”08:18:58″,””,”The Logging service is not available. This exception is usually caused by service startup failure. Check your server configuration.”
“Fatal”,”main”,”10/12/22″,”08:19:35″,””,”Unable to install Logging package: java.lang.NoSuchMethodError: org.apache.logging.log4j.util.StackLocatorUtil.getCallerClassLoader(I)Ljava/lang/ClassLoader;”
“Information”,”main”,”10/12/22″,”08:19:35″,””,”Unable to initialise CFStartupServlet:Unable to install Logging package: java.lang.NoSuchMethodError: org.apache.logging.log4j.util.StackLocatorUtil.getCallerClassLoader(I)Ljava/lang/ClassLoader;”
“Information”,”main”,”10/12/22″,”08:19:35″,””,”ColdFusion: application services are now available”
You must be logged in to post a comment.