[Looking for Charlie's main web site?]

You may have mistakenly applied an 8.0 CHF on a 8.0.1 CF server, and not realize it!

Note: This blog post is from 2009. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
I just helped a customer today solve a problem where he swore he had applied the latest Cumulative Hotfix (CHF) for CF 8.0.1, but I showed him that instead he had mistakenly applied the CHF for 8.0. I know how it happened, and showed him. I hope how you can avoid the same mistake.

[....Continue Reading....]

Comments
Thanks for that, its a doozy. The CF hot fix management definitely needs fixing.

I've also suggested to Adobe they improve the whole hot fix installation process. I recently applied 5 hot fixes across nearly 40 instances of CF, which took me the best part of a day to do manually. I dont get why the CF Administrator hasn't got a "check for updates" page which let you select the fixes to install for your CF version.

Even most of the shareware on my pc at home does this. Its simply not acceptable on an enterprise server application like CF.

regards,
That was one of the reasons I went ahead the other day and created some RSS feeds for the CF updates and security patches. I blogged about it at - http://www.codfusion...
As Charlie says this is an easy mistake to make so don't dismiss it. Even I have made this mistake and mistaken thought there was a cf8.0.1 CHF when there wasn't, it was in fact for cf8.0
Adobe's way of dealing with updates is quite poor and not very informative, it is also imposisble to tell what updates you installed without physically checking jar files, and this wont tell you about any other type sof update.
# Posted By Russ | 9/24/09 6:03 AM
i've felt this pain also. it's incredibly confusing looking at adobe's page to figure out what to apply and to which version. i personally don't understand why they just don't have two separate pages, one for 8.0 and one for 8.0.1.

the other thing that's really frustrating is that most of the time you have to look around the blogsphere in order to find out that a new hotfix was released since adobe doesn't announce it. just google around and look for posting about the release of hotfix 2 and 3 for 8.0.1 and you'll see what i mean.

i haven't a clue about who's in charge at abode about dispersing this information to the community and keeping it up to date. in any case someone isn't doing their job.
Can I just say that the security update page is also incredibly confusing? They go through all the trouble to explain each problem and then offer the solution with a download, but then in a small sentence in the instructions of one of them they say if you installed the fix for one then you don't need to install the others... What?

If it's a security update don't you want to upload them all anyway? Why go through all the trouble of offering a solution to one problem and the a separate solution for another if the solutions are exactly the same??
# Posted By Doug | 9/24/09 9:26 AM
Another question (which I know you probably can't answer anyway) is why offer CH fixes for 8.0 anyway?? Shouldn't everyone update to 8.0.1?
# Posted By Doug | 9/24/09 9:29 AM
@doug

AMEN BROTHER!!!!!!!!!
All fair points, folks. Thanks for the additional comments. I'll offer some thoughts on a few of them.

@John, as for why Adobe doesn't build a feature into to auto check for updates, the argument I've heard is that "many CF sites are on servers set to block communication outbound from the server". OK, so those people couldn't benefit from the feature. Another is that some folks are hypersensitive to a machine in their environment making calls out (even if they don't block them). OK, so such a feature could be made so it could be disabled by them, or even disabled by default. Just seems a shame to throw the baby out with the bathwater, with these two issues.

@Doug, as for why the updates page still offers 8.0 CHFs, that's a reasonable question. But considering that the document even has 7 CHFs, it seems simply to be a document that's been added to over time--just mysteriously not since the 8.0.1 CHFs came out, which seems the only mistake.

I could see some who were on 8 early on (and maybe still are) being a little reluctant to do a wholesale reinstall (which would be required to move from 8 to 8.0.1), whereas applying CHFs is easy. Still, now a couple years on, it certainly seems that the benefits of moving to 8.0.1--and it's 3 CHFs--would outweigh the pain of doing the upgrade from 8 to 8.0.1, especially since it's free. (I'm glad to see the 7.02 CHFs still there, as many sites have still not yet paid to upgrade 7 to 8.)

Of course, with the release of 9, CF 7 will be no longer supported, but I see the page even still points to a page for 6 CHFs. Really, it seems that the solution here on this page would be for each release to have a link to the installer, and then to a page with info on the CHFs. But as I noted in my final section, there IS in fact a page that lists 8.0.1 CHFs, but it also has not been updated to list the CHF3, which goes to @Tony's point.

In that regard, thanks very much @John for stepping up to offer the RSS feed. Of course, many will argue that Adobe should be doing it, but until they do, it's certainly better than nothing. (I've raised concerns about the problems with the Adobe technote and hotfix feeds before, http://www.carehart....)

I do agree with all who say that the update process can and should be improved. I didn't address that in this entry, as it seemed to go without saying. :-) But if this has served as another chance for folks to try to communicate their dismay about it, fair enough.

I don't know if anyone from Adobe will see this, or if they would respond here. My main goal was really just to get the word to people to be very careful about ensuring that they really had applied an 8.0.1 CHF if that was their intention. Thanks for your support in validating that concern, and indeed, please spread the word. I think it may be a problem for many others.
Well the Merlin Manager has a updater feature to help people keep track of these things and it's running off those Feedburner feeds. I may take a little more time and do an open source app that has the same updater logic that some can place in as a CFAdmin extension. I agree it seems a silly not to have this feature in the CFAdmin.
Charlie, I have updated the "ColdFusion Hot Fixes (ColdFusion 8 and later)" KB article page and included the details for CHF3 for CF8.0.1, it should be published soon.

With regards to the "Updates" page, will try and get a change for that page as soon as possible. Thanks for the feedback.
# Posted By David Collie | 9/25/09 11:13 AM
Just following up on this a bit more, I just posted a new open source project called http://cfUpdater.ria... which is simply the stripped out part of Merlin that handles the CF Updates and Patches. Just a lighter version of getting the job done.
The "Updates" page has now been changed to carry only the CF8.0.1 CHFs, along with the download for the CF 8.0.1 updater.
# Posted By David Collie | 10/7/09 5:20 AM
Thanks so much, David, for attending to this matter. I had seen your note from a couple weeks ago, about your first fixing the hot fix page. Meant to say thanks then. Now that both are addressed, I hope it will help avoid confusion. Still, I'll leave the entry here, because surely some may have suffered the confusion while things were not quite correct for so long. I will update the entry right up front to clarify that it's been addressed and point to these comments. I've got a couple other observations of things on the site where pages have not been updated as expected for CF9. If you're interested, drop me a note at charlie at carehart.org.

And John, thanks for sharing the news of your CFUpdater tool, another nice solution.
Thanks for this very helpful article. The correct updates folder can surely be a challenge to find, especially for multi-site installs.

I found mine at d:\JRun4\servers\{CF_Instance_name}\cfusion.ear\cfusion.war\WEB-INF\cfusion\lib\updates.

Once found, however, it appears there is an easy way to reverse hotfixes by stopping the CF instance and then removing the .jar file from the folder. Of course there is still the issue of restoring the correct /cfide folder (you did back this up before you started your hotfixing, right?).
Hi Frank, yes, that is all so. BTW, as for finding the dir within a multiserver deployment (or as you refer to it "multi-site"), I'll just note that I did address that in the body of the blog entry. At least, I pointed out how deep the dir is within an instance.

But I referred to it as [JRun4]\servers\[instancename]\cfusion-ear\cfusion-war\WEB-INF\cfusion\lib\updates, when technically, only the cfusion instance uses dashes, and all the others use . (like cfusion.war). Thankfully CF10 will stop that madness. :-)

Anyway, I tweaked my reference to list both (in case you had searched for cfusion.war and not found it in the text above).
Copyright ©2024 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting