[Looking for Charlie's main web site?]

Announcing ColdFusion updates released July 8 2025: p1 security update and more

An update for ColdFusion has been released, July 8 2025, for each of cf2025 (update 3), cf2023 (update 15) and cf2021 (update 21). In brief, it addresses a number of P1 (Priority 1, "Critical") security vulnerabilities and more, including bug fixes and some modest feature changes.

As usual, there are a number of things you should consider before (or after) doing the update, with some discussed in Adobe's resources on the update (more than one), and some that I share below based on my experience helping people apply this and past updates. Finally, the update corrects some issues introduced in the previous updates, released in May.

In this post, I share the details about the update (from Adobe and from others). I can report I have installed the update for each release on multiple machines and operating systems without any major incidents. As for challenges (common to recent releases) and lessons learned (about this update), read on.

[....Continue Reading....]

Comments
As always, many thanks for the detailed blogpost Charlie!
# Posted By Jos | 7/10/25 3:49 AM
Has anyone had any issues sending emails after installing the update?

I updated our servers this morning, and everytime I try and send an email now, it results in a 500 Server Error.
# Posted By Steve | 7/10/25 9:51 AM
Hello Steve,

Stop Coldfusion
Delete the Felix cache folder (cfusion/bin/felix-cache)
Restart Coldfusion

This will resolve your issue.
# Posted By Roberto A. | 7/10/25 12:37 PM
Thanks for jumping in, Roberto. And as it's helped you (as discussed in your comment in the Adobe forum announcing the update), we may well expect it to help Steve.

I'll point out to you both (and all readers) that I DID cover this clearing of the felix-cache in my section above, "A few other topics generic to recent CF updates, which you may want to consider", where I explained that while this update
s technote does not SAY to do it, it HAS often been the solution to some problems--which not EVERYONE may necessarily experience.

And that's also why I just say to do it as a matter of good practice: as I concluded, "there's no reason NOT to".

If this specific mail issue does prove to be rather universal, I'll update the post to reflect that. For now, these comments should help (those who don't heed my own recommendation about it).
Thanks Charlie. Adobe actually listed it as a known issue today.

https://helpx.adobe.com/coldfusion/kb/coldfusion-2021-update-21.html
# Posted By Roberto A. | 7/10/25 12:59 PM
There may be more to it also. It looks like the CF2025 Update 3 is removing the required jar from ColdFusion2025/cfusion/lib folder. (mail package lists this as required)

bcmail-jdk15on-153.jar (is missing now)
# Posted By Kevin Benore | 7/10/25 3:38 PM
So guys (Roberto and Kevin), thanks for the thoughts.

First, good to see Adobe added that as a known issue...but it's odd that it's listed only on the technote for cf2021...not cf2025 or 2023. I have asked Adobe directly about that.

Finally Kevin, given that, and when you say 2025 is removing the required jar, what is that? FWIW, there IS an indication (in the 2025 update technote alone) that "The jar file `xlsx-streamer-2.1.0.jar` has been removed and replaced with `excel-streaming-reader-5.0.4.jar`." But I don't think that's what you're referring to, since it clearly has nothing to do with mail.

I'm thinking you're referring to something maybe you saw in your logs? What jar was it?
Ah, sorry. I see now you indicated it at the bottom of your comment as being bcmail-jdk15on-153.jar.

Let me do some exploring (or perhaps others will and will get back to us).
Let me point out also that I have found an unrelated problem causing comments here to not be emailed to people. (Other emails are getting out.) I'll work on that also.
Copyright ©2025 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the HTML in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting