Server
ColdFusion (2018 release) Update 5
If you are updating via ColdFusion Administrator:
Before installing Update 5, it is mandatory to be on Update 4 of ColdFusion (2018 release).
If you are on Update 3 or an earlier update, you must install Update 4, and then proceed to installing Update 5. For more information, see ColdFusion (2018 release) and ColdFusion (2016 release) mandatory updates.
To install previous updates, see ColdFusion (2018 release) Updates.
ColdFusion (2018 release) Update 5 (release date, 24 Sep, 2019) includes the following changes:
What's new and changed
Security
The Update 5 of the 2018 release of ColdFusion addresses security vulnerabilities mentioned in the security bulletin APSB19-47.
Language enhancements
New Array functions:
New Struct functions:
New Query functions:
- QuerySome
- QueryEvery
- QueryAppend
- QueryPrepend
- QueryRowSwap
- QuerySlice
- QueryClear
- QueryRecordCount
- QueryReverse
- QueryInsertAt
Other language upates:
- GetMetaData - Changes in Array.GetMetaData() struct keys. See the function history for more information.
- New parameter includeEmptyFields in the following functions:
- QueryNew - Insert rows in a query object as array of structs.
- cfchart - Added attribute base64.
- Member functions - Contains member functions for the newly added functions.
- Array Notation for Strings in ColdFusion - Access sub-strings using array notation by using positional ranges.
- Regex changes for the following functions:
Arrow functions
ColdFusion (2018 release) Update 5 introduces a new way of writing functions, known as Arrow Function or Fat Arrow Function (=>).
For more information, see Arrow functions in ColdFusion.
ColdFusion Administrator changes
- Restore Default Extensions - Restore the list of all file extensions that are blocked for file uploads.
- Use Java as Regex Engine - Specify if Java must be used as regex engine. There is also an equivalent Application.cfc variable, useJavaAsRegexEngine.
Server Auto-Lockdown Installer for Solaris
Install Server Auto-Lockdown on Solaris 10.3 and above. For installation details, see Install Server Auto-Lockdown. To download the installer for Solaris, see Server Lockdown downloads.
Application
Application Server support
|
Version |
---|---|
WildFly |
17 |
Tomcat |
9.0.21 |
OEM upgrades
OEM |
Version |
---|---|
JDK |
12 |
Tomcat |
9.0.21 |
Apache Tika |
1.21 |
Batik XML |
1.11 |
ZingChart |
2.8.6 |
Derby jars |
10.11 |
MySQL |
8 |
Operating System support
OS |
Version |
---|---|
RHEL |
8 |
Ubuntu |
19 |
SLES |
15 |
CentOS |
7.6 |
Bugs fixed
For the detailed list of bugs fixed in this update, refer to Bugs fixed list.
Known issues
Prerequisites
- On 64-bit computers, use 64-bit JRE for 64-bit ColdFusion.
- If the ColdFusion server is behind a proxy, specify the proxy settings for the server to get the update notification and download the updates. Specify proxy settings using the system properties below in the jvm.config for a stand-alone installation, or corresponding script file for JEE installation.
- http.proxyHost
- http.proxyPort
- http.proxyUser
- http.proxyPassword
- For ColdFusion running on JEE application servers, stop all application server instances before installing the update.
Installation
For instructions on how to install this update, see Server Update section. For any questions related to updates, see this FAQ.
- The update can be installed from the Administrator of a ColdFusion instance or through the command-line option.
- Windows users can launch the ColdFusion Administrator using Start > All Programs > Adobe > Coldfusion 2018 > Administrator.
- Microsoft Windows 8.1, Windows 10, Windows Server R2 2012, and Windows Server 2016 users must use the “Run as Administrator” option to launch wsconfig tool at {cf_install_home}/{instance_name}/runtime/bin.
- If you get the following error when installing the update using the Download and Install option, ensure that the folder {cf_install_home}/{instance_name}/hf_updates has write permission: "An error occurred when performing a file operation write on file {cf_install_home}/{instance_name}/hf-updates/hotfix_005.properties".
- The connector configuration files are backed up at {cf_install_home}/config/ wsconfig /backup. Add back any custom changes made to the worker.properties file after reconfiguring the connector.
Installing the update manually
- Click the link to download the JAR.
- Execute the following command on the downloaded JAR. You must have privileges to start or stop ColdFusion service and full access to the ColdFusion root directory.
Windows: <cf_root>/jre/bin/java.exe -jar <jar-file-dir>/hotfix-005-315699.jar
Linux-based platforms: <cf_root>/jre/bin/java -jar <jar-file-dir>/hotfix-005-315699.jar
Ensure that the JRE bundled with ColdFusion is used for executing the downloaded JAR. For standalone ColdFusion, this must be at, <cf_root>/jre/bin.
Install the update from a user account that has permissions to restart ColdFusion services and other configured webservers .
For further details on how to manually update the application, see the help article.
Post installation
After applying this update, the ColdFusion build number should be 2018,0,05,315699
Uninstallation
To uninstall the update, perform one of the following:
- In ColdFusion Administrator, click Uninstall in Server Update > Updates > Installed Updates.
- Run the uninstaller for the update from the command prompt. For example, java -jar {cf_install_home}/{instance_home}/hf_updates/hf-2018-00005-315699/uninstall /uninstaller.jar
If you can't uninstall the update using the above-mentioned uninstall options, the uninstaller could be corrupted. However, you can manually uninstall the update by doing the following:
- Delete the update jar from {cf_install_home}/{instance_name}/lib/updates.
- Copy all folders from {cf_install_home}/{instance_name}/hf-updates/{hf-2018-00005-315699}/backup directory to {cf_install_home}/{instance_name}/