If you apply the update using the CF Admin and then find that CF starts but the Admin and your code fail, I cover that also, in the second section below.

For more, read on.

[....Continue Reading....]

TLDR; If you've configured either CF2021's java home to use Java 11.0.20 or later, or CF2023's java home to use 17.0.8 or later, you may find that applying CF updates ia the Admin will fail. You can apply the update via the command line, adding a needed new jvm arg:
-Djdk.util.zip.disableZip64ExtraFieldValidation=true
(to be placed BEFORE the -jar arg) in the java -jar ... command, as I discuss more in the 5th bullet point below. (If I've lost you with that simple suggested, read the rest here. And all may benefit reading what precedes that suggestion, for context. I also offer other suggestions and info.)

[....Continue Reading....]

For more resources as well as some additional thoughts on the updates (including what security matter it entails as well as some lessons learned in applying the update--especially if you may update your Java to the JVM released last month), read on.

[....Continue Reading....]

It's been on my site as my "CFUpdate" page (linked to from my old-school top-level nav bar), and I've kept the page updated. [Hey, updating my meta resource on updates. That's SO meta!]

But I suspect a lot of people may never find it for one reason or another, so I wanted to offer a link to it here.

Check it out, and I welcome comments or feedback here.

You will find that you can no longer INSTALL CF updates via the CF admin, if CF is using this new Java version. And even if the CF update is run from the command line, if using this newer Java version that also will fail. In either case, there is a new JVM argument that solved the problem, as I discuss below.

This is happening in CF2023, 2021, and 2018. (And this may continue to happen with future JVM updates, until Adobe otherwise addresses the problem.)

As an update, you may want to read a more recent post I did on this matter, in October 2023.

As an another update, when I first created this post originally on July 21st, another problem was that you would find that you could no longer use the CF Administrator to download CF updates, if CF was running this new Java version. You would get an error reporting, "Failed Signature verification"--or in some cases you may see only "error failed". But within a couple of weeks, I found that the CF Admin COULD now download updates (including the August 2023 CF update) but the CF update STILL fails to install correctly, as discussed in this post, unless the workaround offered is used.

FWIW, Adobe has also updated the technotes for CF2021 update 10 and CF2023 update 4 with a text box at the top that acknowledges this issue and points to this post for more detail.

In this post, I explain a) what this is all about, then b) how you can fix the problem of INSTALLING the update using the CF Admin, I'll explain how it seems we HAVE to workaround that problem (for now). I also offer a link to a bug report I've filed. I even offer a thought on how this new JVM update may prove over time to affect MORE than just this, and even MORE than just CF (and Lucee) but many java apps. Read on for more.

[....Continue Reading....]

Yes, this is shocking. Yes, unless there's a good explanation, I can understand how many would feel "someone on the CF team should be flogged". Don't shoot me: I'm just the messenger. I don't work for Adobe.

But I will add that in this post, besides just sharing news about the update (and more than JUST pointing to the update), I also offer an ADDITIONAL "fix" some will want to consider, to go BEYOND what this update addresses. See the discussion on "blocking the _cfclient query string".

Read on for more, where I cover:

• Finding more info on this update
• A suggestion on blocking the _cfclient query string
• News for those doing manual offline installs: this update DOES have a zip
• As for doing a Java update along with this update
• CF2018 WAS indeed also updated

[....Continue Reading....]

For more on the update, and some additional thoughts, read on.

[....Continue Reading....]

Update: 3 days after this update, Adobe released yet another, and then 4 days after that they released yet another, both p1 security updates. While I have posts on each of the two subsequent updates, the one on Jul 14 and then the one on Jul 19, the information below is still important and has details that I do not repeat in the later post.

For more resources as well as some additional thoughts on the updates, read on.

[....Continue Reading....]

TLDR; For some folks, the above may be all you need to hear: you may be dropping your coffee and donuts now to get the update applied. Still others will see this "huge post" and think, "crap, I don't have time for this". For you, skip to the bottom and its "concluding key points". You can then decide what you think you do or don't "need to know" and pick and choose from the sections as you like.

Finally, for those who prefer because of the importance of all this to be led more carefully through understanding things (in a way that's worked for the many people I have helped so far this week, and is far more than either Adobe or Hackernews has shared), please do read on.

[....Continue Reading....]

As for CF2021, it gets updates into 2025, and the currently running pre-release of CF2023 is a great sign for the continued vitality of CF. But this looming deadline for CF2018 is a reminder that as the years roll on, we not only get new versions but we must say good-bye to old ones.

Wondering what you can do? or when CF2021 or CF2023 support will end also? And what's the difference between "core" and "extended" support Adobe sells? (The extended support plan does NOT provide updates beyond this coming July.) For more on these, including official Adobe documentation that discusses such things, as well as my thoughts on migration, costs, various options to consider, and more, do read on.

[....Continue Reading....]