Welcome to this list of resources related to updating CF, the CF web server connector, Java, the PMT, FusionReactor, CFBuilder, and related features of interest to CFML developers. It represents my years of working with folks on such matters, and shares resources from Adobe, myself, and others--and I will try to keep this relatively up-to-date.
(Last Updated: Sep 27, 2024)

See below for:

Links to updates available (and tips for applying them) for CF, Java, wsconfig, PMT, FusionReactor, and more

  • Updating ColdFusion:

    (Note: This update process should not be confused with upgrading from one major version of CF to another. That's discussed later here.)

    While ColdFusion 10 and above offer an update feature within the CF Admin, Adobe has offer pages listing each of the updates for each version.
    And while you may hit errors trying this, see the section below on Resources to help in applying such updates. As always, I can help with applying any of these updates.

    Note also that Adobe offers an "update release notes" page which highlights the key changes among all the updates for CF2023, CF2021, CF2018, and CF2016. (We can expect such a page to be created when CF2021 begins to have updates.)

    Before leaving this topic, some may be interested to know how they could be kept informed that there ARE available CF updates. I plan to do a blog post on that, but until then note that besides them showing up in the CF Admin itself, Adobe offers an email notification service about SECURITY updates, and as does Pete Freitag via his HackMyCF service.

  • Updating the CF web server connector (wsconfig):

    After updating CF, note that most CF updates also off an updated web server connector, and it's often critical to apply that connector update, if the CF update we are implementing (or any we are skipping) updated the connector. (For instance, this was especially true as of the March 2020 updates to CF2018 and CF2016. I had a blog post explaining this, from that timeframe.)

    Some great news is that in CF2016 and above, the CF update technotes end with a table indicating which previous updates did require a connector update. If that table may be missing, it's incumbent on YOU to review both the technote of the update you are applying AND ANY YOU ARE SKIPPING, to identify if there is a need to update the web server connector. Sadly, there is currently no single page indicating all the CF updates which do require such an update. I may add that here at some point.

    Finally, as for upgrading the connector, some great news for those on CF2016 and above is that Adobe has simplified the process, offering an "upgrade" button in the wsconfig UI, which will indeed upgrade the connector for any site selected. This puts the latest connector file--the .dll file for IIS, or .so file for Apache--into place and offers to restart the web server. I have a blog post with more on this easier upgrade process.

    Prior to CF2016, the process instead requires REMOVING and then re-ADDING the connector. (And FWIW, back in 2013 I had offered a blog post with substantial detail on the process: CF911: Why/when you MUST update the web server connector for ColdFusion 10/11 and may have missed it, as well as Still more reasons to make sure you have updated your ColdFusion 10 web server connector.)

    I will warn that many have ignored this need to keep their connector up to date, to their peril--in terms of bugs, poor performance, hanging connector connections, and more.

    Again, I can help with this.

  • Updating the Java underlying CF:

    After taking care of updating CF and updating the CF web server connector as discussed above, the next most important thing for most folks is updating the JVM that CF uses. Since Java is updated about quarterly by Oracle and often has security fixes, it's important to keep updated. (To be clear, CF updates typically do NOT update the Java underlying CF. Only new CF installers do that., though not always Also, Adobe currently supports use only of Oracle Java, and some will want to hear that Adobe licenses Oracle Java for our use of it with CF.)

    As for updating CF to use a newer Java version can be a fairly easy process, taking just a few minutes (and a CF restart), if you are comfortable with the process. It may take longer your first time or if you don't do it often. You do need to be careful, and I can help if you'd like to get it done quickly and safely. But here are details for those who want to do it on their own:
    1. First, as for what version of Java you can/should be using for your CF version, that depends both on the CF version and your CF update level. This has been covered in various blog posts from Adobe, myself, and others over the years. And I created a post in 2021 with a helpful table I created of CF vs Java versions that Adobe supports, and I have tried to keep that updated.
    2. As for getting java updates, note that Adobe now offers the latest Java updates that it supports, for supported CF versions. This is on CF-related downloads site, in a page for Java installers. FWIW, Oracle also offers the latest updates for Java here (including Java 8, 11 and above), for those who have an Oracle account. Archives of older versions here, including updates for Java 8, Java 7, and and earlier.
    3. As for the process of updating the Java that CF uses, that too has been covered by many over the years (sometimes in scant detail, leading to trouble, or not updated in many years). Perhaps the simplest thing for many is to watch a brief video created by Pete Freitag. I did a more extended presentation on the topic in 2024 (and originally in 2021), Updating the Java underlying ColdFusion which was recorded and is also offered on youtube.

      (Note that you COULD install the updated Java into CF's built-in JRE folder, at [coldfusion]\jre, but if you instead install it to another folder, you can point CF at that folder. This leaves the original CF jre folder as a safe haven you can revert to if necessary. This is discussed in the previous resources.)

      As important, if you may attempt the JVM update on your own, I address several key problems one could encounter, and how to fix them, in this 2014 post which is just as useful now, CF911: 'Help! I've updated the JVM which ColdFusion uses, and now it won't start!'.
    4. As for planning for JVM updates, note that Oracle releases them quarterly. The scheduled date of the next 4 updates is listed on the release notes of each update.

      I also try to write blog posts about each JVM update, where I highlight key points in recent updates in case you may be skipping to the latest only now.
    5. Finally, in Jan 2024 I created a post pulling together into one post some comments and suggestions I'd previously offered in each post about considering JVM updates: Several things to consider when applying JVM updates.

    Finally, note that if you may be using Commandbox, it's very easy to update the Java underlying that (and even allow it to keep your Java automatically updated). See the docs page on that.

    But again, if you're just interested to "get it done" (updating the Java underlying CF, quickly and safely), I can help with this.

  • Updating the ColdFusion PMT:

    The ColdFusion Performance Monitoring Toolset (PMT), added in CF2018, also has updates occasionally. In CF2018, one had to apply the updates manually. I have a blog post with more on that.

    As of CF2021, a new "update" section has been added to the PMT UI, working just like the update mechanism in the CF Admin (since CF10).

    Again, I can help with this.

  • Updating ColdFusion Builder:

    Since mid-2022, there are now two different version of ColdFusion Builder, with the new one being based on the popular VSCode editor, and is available now as a free extension from Adobe. The older legacy CFBuilder (from CF8 to 2018) was built atop Eclipse, and is no longer supported or updated.

    As for the new VSCode-based CFBuilder, like any VSCode extension, the UI will notify you when there are updates, and you can choose to install the update or not. (The extension page will also inform you of the current version, as will the extension page within VSCode.)
    As for the older legacy version of CFBuilder, again it is no longer updated since 2020, but for any still running it, note that it was able to be updated from within Builder itself. Unlike CF, there is no single page listing all ColdFusion Builder 2016 updates. Here were the most recent updates (as of late 2020):
    Again, I can help with this.

  • Updating FusionReactor:

    FusionReactor (the monitor for CF, Lucee, and other Java apps) can be updated either via its UI or by just dropping in a new jar (f you installed FR manually) I did a blog post covering both approaches. Updates can be found at the FR downloads page. The FR installer can be run in-place over a previous FR version.

    And you can find a list of feature changes for each update within a given version in the FR release notes page.

    Again, I can help with this.

  • Updating Lucee:

    While not a feature of CF,I'll note here that Lucee updates can be applied from within the Lucee Admin, or using the Lucee Core file, which can be found on the Lucee downloads page and copied to the "patches" folder of your existing Lucee installation.

    If you have any problems applying Lucee updates, the Lucee community and team are available to help.

  • Updating the Tomcat underlying CF:

    I've put this at the bottom because it's not good news, but let me just say for the record that if you are interested in updating the Tomcat which underlies CF (when deplpyed the traditionl "server" or even the new "zip" form of deployment), changing that Tomcat is NOT supported by Adobe nor is it recommended that you even try. Many have found it to fail--and it at least could lead to unexpected behavior.

    I plan a blog post with more on this topic, including alternatives you may want to consider (and thoughts on why those may not work well for you, either). When I do that, I'll add a link here.

Understanding the difference betwen upgrading vs updating

Before proceeding with more details, I should clarify that I am discussing on this page "updating" CF (and related things), by which I refer to updating within a given version, as opposed to "upgrading" from one version to another. The effort to upgrade/migrate CF from one version to another (like, for example, CF11 to CF2023, or even simply CF2021 to CF2023) is a very different effort and exercise than what I am discussing on this page.

When it comes to upgrading CF versions (migrating from one full version to another), there are of course typically many new and changed features, and a greater chance of breaking changes--though Adobe does strive to maintain backward compatibily more than many vendors (for better or worse, in the eyes of some).

As for assistance in performing such an upgrade or migration, Adobe does provide release notes with each new release, and the docs often have pages helping with new features, changed features, and even deprecated features. There is also the "code compatibilty analyzer" available in the CF Admin, where a newer CF release can be told to look at code and assess it for compabiity issues between a given CF version and that newer one. I can also assist with migration challenges on a consulting basis, as can others or the wider CF community.

When it comes to upgrading Java versions (again, changing from one major version to another, like Java 8 to 11, as was enabled per an update to CF2016 and 11), a factor of first importance for Adobe CF users is to make sure that the newer Java version you want to move to is one that Adobe supports. again I have a table discussing that.

And whether one is using CF or Lucee, something to beware when upgrading Java versions (such as Java 8 to 11, or 11 to 17) is that both engines have features that compile CF and other code on the fly and save it for later reuse, using the Java version in place at the time of that compilation. If you change to a newer version, you need to delete such compiled java classes (while CF or Lucee is stopped). In CF, this is referring to folders under your CF instance (cfusion or others), including stubs and then the wwwroot/WEB-INF and folders under it including cfclasses (not "classes)", cfc-skeltons, and rest-skeletons. If you'd rather not delete them, you could also move or rename the folders. CF will create them anew if no there on startup.

Finally there may be need to perform other steps (related to CF) when upgrading Java from one major version to another--especially on Windows, where some ms*.dll files may need to be moved from the new Java version's folders into CF's own folders. I discuss this in my resource, CF911: 'Help! I've updated the JVM which ColdFusion uses, and now it won't start!'. In fact, I have a number of resources related to doing updates, and I list those next.

Resources to help in applying updates to CF, the JVM, the web server connector, and more

Again, you may hit problems on doing any of the update above, or wonder about matters related to them. I have written various blog posts to help, presented in reverse chronological order (yes, even ones from 10 years ago or more can still be valuable):

Getting help in applying such updates, from Charlie Arehart

If you have not applied these various updates, this is something I can help with.

First, while the updates CAN go easily enough for anyone to do, it can also just as likely fail which leaves most people dead in the water. And while I offer above many resources to help, I can directly help resolve such update problems quickly, via my remote online consulting. I can make sure any such update is done well and quickly, generally in 15-30 minutes for each update (which includes making sure there are no failures in applying the update, as well as offering any guidance in considering and applying the update.)

Second, annother option that may suit some folks better is that I am now offering a new annual subscription service to implement such CF, JVM, and FusionReactor updates on your server, as they are released.
  • We could either work together remotely (via shared desktop), or you could allow me to remote in directly (via remote desktop, or another online means you may prefer)
  • We would choose a service-level agreement for how quickly you would want updates implemented after their release (some folks prefer to wait days or weeks after a new update, while others want them implemented as soon as possible)
  • I would confirm after each update that the CF Admin is working as well as a single page of your application that you would provide for me to test. Note that you would be responsible for testing your application beyond that, after the CF restart. If there are any problems, I can of course help solve them--as billable time under my normal consulting. But if you may opt to have me revert the update, I will do that as part of this service, including later applying that update again when you are ready
The base cost is US$400 per year, with the following clarifications:
  • This base rate covers a single CF instance and includes all updates to the given version of CF that it's running, as well as its CF web server connector (when a CF update calls for it to be updated), and any update to the given version of the JVM that that single CF instance runs on
  • Any other instances on the same machine are an additional $200/yr per instance
  • If you have FusionReactor, updates to that can be done as a separate charge: $100/yr for all FR updates on a single instance, with additional instances on the same machine being an additional $50/year per instance.
  • Finally, these rates presume I would be allowed to perform the update between the hours of 7am to 10pm US Central time, Mon-Sun If you require I do the work overnight/outside those hours, the annual rates above would be doubled.
Considering that there are typically a few updates each year to each of CF, the web connector, the JVM CF runs on, and FusionReactor (totaling over a dozen between the four of them), this subscription price represents a considerable discount off my normal hourly consulting rate.

More important for you, by committing to have me implement the updates for you, it ensures that they get done, correctly and quickly. Each update should take about 15 minutes, including the restart of CF which each requires and confirmation that the CF admin is accessible/functioning after the restart. (We would coordinate when to do that restart and initial testing.)

For more information, reach out to me via the contact information on the CArehart Consulting page.




Managed Hosting Services provided by
xByte cloud Hosting