Note: This blog post is from 2012. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.I often see people struggling with confusion over what hotfixes have been applied to CF. They may wonder "which have we applied?", or worse, they may not have applied any and just don't know "how to know" whether they have. I have good news, but it may not be the answer most would suspect.
The common answer offered is that one should use the "system info" page in the CF Admin, and its available "update level" field.
But I will assert that's not the "right answer" after all, or certainly not the "best answer" to really know what hotfixes (plural) have been applied. Know why? If not, I'll explain here, and I'll show what I would say is the "right" answer to "what hotfixes have you applied?"
Not quite the "right answer": look at the "System Info" page
So, again, perhaps the most common answer to that question would be that you can just look in the CF Admin "system information" page (the "i" icon in the top right of the CF Admin). That page offers a lot of info about the CF configuration, but at the top is a set of lines starting with a "System Information" heading.
After the CF and OS version info, you will see an "Update Level" line if you have applied any hotfixes. For instance, you may see it show a value of:
But note I've hedged my wording. First, you won't see that line if no updates have been applied.
Second, and most important, did you know that that only ever shows ONE hotfix, even if you have applied more? And there's no order at all to which is shown (if you have more than one). It's totally random.
Now, one may say "ok, but at least if we have just one applied, this confirms that". Sure, but again, it doesn't answer the real original question, "which hotfixes have we applied?"
The more accurate answer: look in the "updates" directory
Instead, the more accurate way to confirm what (if any) updates you have applied is to look in the actual directory where the key files ("jar" files) for such hotfixes (individual, cumulative, and security) hotfixes are placed.
In a Standard or Enterprise Server deployment (for CF 6-9), that location would be [coldfusion]\lib\updates. In a multiserver deployment, it would be deep inside the instance, such as [JRun]\servers\[instancename]\cfusion.ear\cfusion.war\WEB-INF\cfusion\lib\updates.
This is the directory in which such jar files are placed if you follow the instructions for the technote for most hofixes, which tell you to point use the "system information" page and its available "update file" input file upload field at the top of the page. (What the technotes don't tell you is that you can also just drop the jars into the directory yourself, but be careful to do it in the right place, and to do the jar and not the whole zip.)
Note that cumulative hotfix file names would start with CHF, then the version number and the CHF number, as in chf8010001.jar. With the other two kinds of hotfixes, they both start with hf and the version number, then for security hotfixes the next number is incrementing for each security hotfix, as in hf801-00001.jar, whereas for individual hotfixes the next number is kind of random and is the hotfix's is, like hf801-76563.jar. Don't confuse chf8010001.jar with hf801-00001.jar. They are very close in name, but very different.
Still note quite the "complete answer" to the question
It's worth noting a gotcha with either of the approaches above: they only tell you what hotfix "jars" have been applied. They do NOT tell you what, if any, other "steps" of a hotfix technote you have or have not been applied. This can include updates to the CFIDE directory, or any of several other lib directories, and so on.
For those, you really have no choice but to track such things manually, and you'd need to manually compare your updates to what the technote zips might have to offer for the updates they offer. Of course, once you have applied more than one, that becomes a really tedious process to try to track.
(Speaking of which: getting these updates installed right is a frequent source of separate challenges, which I have blogged about previously as, "CF911: Are you finding CF (or CF Admin) busted after applying a hotfix? A few possible reasons".)
Consider the "Unofficial Updater" and "cfUpdater" tools
If "keeping track of all this" is an annoyance, you should know that there are a couple of solutions you may want to consider.
Still another tool is John Mason's cfUpdater. While UU2 actually offers you a "pre-built, updated" implementation of CF, cfUpdater leaves the task to you but helps keep you notified and helps manage the update process.
Again, they don't really answer the original question above ("what updates have been applied") but they each in their own way try to help ease the whole update process.
CF10 will certainly make things easier
Finally, of course, for those on CF10 (or who may eventually update to it) there is its new auto hotfix mechanism (the "Server Updates" page of the CF Admin). Specific to the point of this blog entry, it does offer an available "Installed Updates" tab that would show what has been applied.
But beyond that, the tool eases many challenges of applying hotfixes, in a single step (including to multiple instances). And it does handle/track ALL the steps in an update, not just the JAR files. Finally, the auto hotfix mechanism also keeps you notified about hotfixes as they become available.
It will also handle not just hotfixes (and cumulative hotfixes) but also JVM updates and Tomcat updates. (And before someone asks, I'll say that yes, Adobe has announced in various venues that they ARE aware of and are working to offer an update in CF10 to Java 7 and also a more updated version of Tomcat. No more word on that, yet.)
For more on the "Server updates" feature, see the page on it in the CF Admin and Config manual, as well as a blog entry on it from a member of the CF team, from a few months ago (when CF10 was still in beta.)
Still need more help?
Hope all that's helpful. Let me know by comments below what you think or if you have any follow-up questions.
And if I can ever help you with solving CF server troubleshooting problems, whether about hotfixes or anything related to CF, that's what I do for a living, as an independent consultant. I can work with you remotely, on-demand, without you needing to "give me remote access" to your machine. For more on my approach, rates, references, and indeed my satisfaction guarantee, see my consulting page.
For more content like this from Charlie Arehart:
Need more help with problems?
- Signup to get his blog posts by email:
- Follow his blog RSS feed
- View the rest of his blog posts
- View his blog posts on the Adobe CF portal
- If you may prefer direct help, rather than digging around here/elsewhere or via comments, he can help via his online consulting services
- See that page for more on how he can help a) over the web, safely and securely, b) usually very quickly, c) teaching you along the way, and d) with satisfaction guaranteed