[Looking for Charlie's main web site?]

CF911: 'Help! I've updated the JVM which ColdFusion uses, and now it won't start!'

Note: This blog post is from 2014. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
[Originally posted in Dec 2014, updated as recently as Apr 2021]

Has this happened to you? You wanted to update the JVM which CF uses to use a new version...

  • so you found some resource on the web showing how to update, and it seemed simple enough
  • and then you tried restarting CF and wham, it won't start, or the admin won't open, or code starts failing
  • and maybe it's that things didn't fail immediately, but within hours or days folks report things breaking since you made the change
  • and now you're stuck wondering, "what happened? and how am I supposed to fix this?"

It's a tough position to be in, and tragic of course if CF won't start. But no, you do NOT need to reinstall CF!

Often it's just one thing you did by mistake, though there are indeed several possible reasons why your attempt to update CF's JVM can fail or lead to unexpected problems. And as you google about, you may find all kinds of helpful but often misinformed or spartan suggestions that may or may not help much.

So I offer here over a dozen of things you can and should consider/look at, some of which you may quickly recover from or be able to undo (depends on what you did). And all this applies to Lucee, Railo, and BlueDragon as well, though folder locations will differ.

If you're facing this bind right now, you can skip over the following to the the section, "Seeing better error info, when the CF service won't start", and then the section after that "So what went wrong?", where I present each likely problem and solution.

[....Continue Reading....]

Hidden Gem: Importing CF Admin settings in ANY release via 'import wizard', even AFTER installation

Note: This blog post is from 2014. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
Have you ever faced the challenge of needing to migrate the CF Admin settings (datasources, mappings, scheduled tasks, etc.) from one machine to another, and from one CF version to a newer one? Did you know that there is an "import wizard" that you can (with proper configuration) run at any time to import settings from one release to another?

Before I discuss that, you may know of a couple of other solutions for this challenge: the CF admin ColdFusion Archive/CAR mechanism, available in some but not all editions (more below), and this same "import wizard" which runs at the end of CF installation, importing settings from an older CF version if found on the same box.

But what if either of those solutions don't work for you, and you have dozens of dsn's, scheduled tasks, mappings, or other settings you want to get from one machine/version to another?

You are NOT stuck having to manually copy settings from one screen to another! (And you should be very careful about the common hack solution of copying neo*.xml files from one instance to another, which may not always work and may break things.)

In this entry I'll discuss how you CAN indeed import the CF admin settings from nearly ANY release of CF into nearly ANY OTHER release of CF, in a fully supported way, and which CAN be done even after installation of a new CF release. (I say "nearly", because I worked with someone wanting to do this import of CF7 settings into CF10, and that large a jump was was not supported.)

I'll also mention an important potential gotcha to beware, as well as how to to get around that.

[....Continue Reading....]

Find ColdFusion installers, updates, hotfixes, and docs for all recent releases at CFMLRepo.com

Note: This blog post is from 2014. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
This won't be new info for some, but many folks remain confused by the fact, that after Adobe release their current latest ColdFusion version, they no longer offer the previous versions(s) on their public-facing Adobe site. (Those who license CF are given access to a licensing site with a personal account there, where they can download the installers for versions they bought even years after they are no longer supported.)

What if you either don't have such an account or only use CF for Development or trial purposes? How do you find older previous installers?

Find CF installers, updates, and docs for past several releases

The good news is that if one wants to find ANY installers for most ANY version of CF, they can be found on an external repository setup years ago by Gavin Pickin (and still maintained by him and others, including myself, at:

CFML Repo

The site even has installers all the way back to CF1.5, as well as updates, docs, CFBuilder installers, and more.

The name, CFMLRepo, may confuse some if they presume it's a repo of CFML. It's not. IT's that it has both CF and Lucee installers, thus the more "generic" name.

(And there used to be a longer and hard-to-remember URL for the site, when I had posted this originally in 2014, and I had created a shortened url, http://bit.ly/cfdownloads. It's now definitely not "shorter", but I leave this here for posterity.)

Thanks so much to Gavin for creating the repo, and to him and others for maintaining it. Let's hope it remains a viable solution to find downloads for years to come.

New updates for Coldfusion 11, 10, and 9 (security update for 9, 11; still more for 10)

Note: This blog post is from 2014. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
If you'd not heard the news, there were several updates released today, for CF 11, 10, and 9.

As for CF11 and CF9, it's mainly a security update. For CF10, it's got quite a bit more. (And there is another update for CF11 to come in the future which Adobe mentioned when it came out with its first update last month.)

For more on each, see below.

[....Continue Reading....]

Applying hotfixes to ColdFusion 9 and earlier? A guide to getting it right

Note: This blog post is from 2014. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
I realize that title may seem anachronistic. Why talk about hotfixes in CF9 and earlier, in 2014, indeed as CF11/Splendor is in beta? But I'll tell you that I still help people daily who are still on those older releases, and often they have problems that may have long since been solved by a hotfix or a cumulative hotfix they never applied--or may be caused by misapplication of such hotfixes.

Of course, in CF10 it's easier now because of the built-in "server updates" feature of the CF Admin. But in earlier releases, it was all on you to both keep up on the updates and to apply them manually. And a lot of people either never bothered, or may have tried and failed, or did it but got it wrong.

What you need to know

So in this blog entry, I some key info that will help you, if you may be in need of applying one or more of those updates to CF9 and earlier. Indeed, I'll point to some past entries I've done where I shared a lot more detail that I find is vital and rarely mentioned when some people try to share just the bare minimum of info (often leaving people hanging).

For instance, I'll help you answer such questions as what hotfixes do you already have applied? How do you find out? And you need to know exactly what version of CF you have, whether 9.0/9.0.1/9.0.2, 8.0/8.0.1, 7.0/7.0.1/7.0.2, and so on. I'll explain how to tell and why that's important, and especially when it comes to finding and applying hotfixes. And if you have applied hotfixes, are you sure you have done it right? It's easy to get things wrong and botch things. I'll help you avoid several very common mistakes.

(That's why it's so great that CF10 finally handles things for us. But this entry, focused on 9 and earlier, is not the place to discuss concerns with the CF10 hotfix mechanism. If you have questions or concerns about that, see the substantial CF10 Hotfix Installation Guide from Adobe, a 50-question FAQ on all things related to that feature.)

I'll also point you to where to find hotfixes and installers for CF9 and earlier (not as easy as it may seem), and still more.

If any of that's of interest, and I hope it is if you're on CF9 or earlier, then read on.

[....Continue Reading....]

Understanding the 9.0.2 release of ColdFusion, a FAQ for those who missed the news last year

Note: This blog post is from 2013. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
So perhaps you're currently running CF 9.0 or CF 9.0.1, and you may have noticed that there is a CF 9.0.2. Have you wondered what it's about? And have you noticed that it's not something you can just update to from 9.0 or 9.0.1? It's a complete installer, meaning you need to uninstall CF 9.0 or 9.0.1 before you can move up to it.

Should you? What do you gain? what do you lose? what are some gotchas? That's what this blog entry is about, answering the following questions:

  • First, what is ColdFusion 9.0.2? Why did Adobe create it?
  • What about the 9.0.1 updater? Can we still get that? Yes.
  • So what all does 9.0.2 add and remove?
  • If I download CF 9 today, what do I get?
  • "But if I download 9.0.2 today, I get the latest version of it available, right? I don't need to add hotfixes, do I?" Wrong.
  • Warning: DO NOT install 9.0.1 atop 9.0.2 (nothing will stop you)
  • If I am on 9.0 or 9.0.1, how can I get to 9.0.2?
  • Why might I want to get to 9.0.2 from 9.0 or 9.0.1?
  • How did i miss this? Was 9.0.2 discussed? Yes it was.

[....Continue Reading....]

CF911: New Adobe document about ColdFusion security hotfixes: required reading, I'd say

Note: This blog post is from 2013. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
Here's a new document from Adobe (new as of last week, it seems) that you may have missed, but which I would argue is REQUIRED READING for all CF admins and developers:

Important hotfix-related notes for ColdFusion 9 and ColdFusion 10

What is this about? and why is it important? Read on below, as the document itself and current links from Adobe don't quite convey its significance, I think. For more perspective, I discuss below both what has happened to many folks after applying ColdFusion security hotfixes in recent years, and how this document helps.

[....Continue Reading....]

Part 3: Adobe hotfix released for "Serious security threat for ColdFusion servers"

Note: This blog post is from 2013. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
Adobe has come out with a new security hotfix for a very serious attack on ColdFusion servers which had hit many (perhaps most) CF shops over the past couple of weeks, and it's vital that all shops apply that fix. (Even if you think you've protected yourself in other ways

There is a new Adobe CF blog entry pointing to the new hotfix, and I point that out rather than the technote for the hotfix itself, because as often is the case, there has been some useful discussion related to applying the fix. Indeed, there's a warning I've shared there about a problem (hopefully temporary) with the hotfix file for users of ColdFusion 9.0.2. (Update: the confusion about 9.0.2 is resolved. The technote has been corrected. See the comments in the Adobe blog entry for more details.)

Users of ColdFusion 10, 9.0.2, 9.0.1, and 9.0 should certainly proceed to implement the fix.

I address several questions and other observations about this hotfix below.

[....Continue Reading....]

Part 2: Serious security threat for ColdFusion servers [now covered by a hotfix]

Note: This blog post is from 2013. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
Since I posted my entry earlier today about a Serious security threat for #ColdFusion servers [not now covered by a hotfix], I have had many questions and discussions which lead me to share more info.

At first I was adding these as updates to the previous entry, but I fear that some who may have read it earlier in the day may then miss some of this new info, thus this "Part 2". You will definitely want to read part 1 before proceeding here.

[Update: And since writing this entry 2 weeks ago, Adobe has indeed now come out with a hotfix. I have more to say about that in the new Part 3: Adobe hotfix released for "Serious security threat for #ColdFusion servers". While you should proceed to get that fix in place, you'll likely benefit from reading parts 1, 2, and 3, as there's more discussed than just the thread and fix, itself, which could benefit you down the road.]

Among the new information shared below are such things as how the hack worked (not too much detail, though), how to determine what the exploit may have exposed, how to handle resolving things for many sites via scripting, how to lock down the /adminapi, /administrator, and /componentutils directories, and most important, why you should not skip all this just because "we already block all access to the CFIDE/adminapi" (and /administrator and /componentutils)". There may be exposure you're not considering.

[....Continue Reading....]

Serious security threat for ColdFusion servers [now covered by a hotfix]

Note: This blog post is from 2013. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
Hey folks, there's a fairly serious security threat out in the wild, and you may want to check if your server's been hit. (It may be old news to some, but for now it's hitting people in the past week or so.) It's been confirmed to have hit at least CF9 (9.01 and 9.0.2) servers, but it seems it would apply to as well to CF10 or down to CF 7, as it leverages the Admin API.

And note that it's NOT one that you're protected against by having applied CF security hotfixes. (Updated Jan 15 2013, as Adobe now has a hotfix for this. More below.)

There's quite a bit for you to consider regarding this recent threat, as I discuss here.

[....Continue Reading....]

More Entries

Copyright ©2024 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting