For instance, what's the version of ehcache? What about Java, Tomcat, Hibernate, Quartz, jQuery, and so on?
In this post, I offer a rundown of what seem the most significant libraries and their versions, as deployed in the first release of ColdFusion (2021 Release). This is something I have been doing in my "hidden gems" talks for the past several releases. I also explain here how I find these version numbers, which isn't always obvious, in case that may help anyone (and also because some libraries may change with future updates to CF2021). I also offer some commentary on why this matter of library versions is important to some, as well as some counterpoints to the demands some have that every library should always be the absolute latest version (and why that's just not practicable).
If you just want the version numbers without the "waffle", look for the bulleted list of them below. :-)
Here are the sections in this post:
- What is meant by "the libraries underlying CF"?
- And why do the library versions matter? Why do some complain if not updated?
- Can I just update a library myself?
- So what are the current CF2021 library versions?
- How did you determine these versions?
- What are the version numbers of things CF supports, like databases, web servers, operating systems?
And before we proceed, as for what's new in CF2021 in general, note that if you have not seen it I did a blog post when CF2021 was released, listing its many new features (and links for finding more).
What is meant by "the libraries underlying CF"?
As most know, one of the benefits of ColdFusion is that it bundles many libraries (some free, some commercial) which underlie many if not most of the features in CF. Some are obvious, like Java and Tomcat , or the Solr library underlying CFSEARCH or ehCache underlying CF's default caching configuration. But some are less obvious: such as the Quartz library underlying CF scheduled tasks.
And why do the library versions matter? Why do some complain if not updated?
Regarding this bundling of libraries, Adobe must of course pick SOME version to use prior to building a given version of CF, and then they will proceed (perhaps for months) to build out that new CF version, testing it then releasing it.
In that time, the library-maker may have updated their library, and folks who care about such details often lament that CF's included libraries are out of date, and either are missing important bug fixes in that library, or new features that it enabled, or both.
But Adobe's in a rather tough position: if they update the library while building a new version (like during the timespan of their building CF 2021), they need to re-test things before that new version can be released.
And even updating such a library in an update of CF (as those come out every few months) is also a dicey proposition, if such a new library may not only implement bug fixes or new features, but also perhaps changes in behavior. Again, it's then incumbent on Adobe to make sure that that new library (and any updates to it since the version they first embedded) has not caused incompatibilities in how CF and users' code process things.
So some will clamor that Adobe should/must include always the very latest version of any embedded library whenever it comes out or soon after, but it just doesn't seem likely or workable. (Take your complaints about that to Adobe. There's really no sense in making your case here. There's no guarantee they're listening. Open a bug report instead.)
Can I just update a library myself?
Sometimes people complain that the problem is they'd like (or find people trying) to leverage some aspect of such a library by calling it directly themselves, and they know that a new version of the library would allow them to access that feature, but the Adobe-provided one is "old". And they may wish they could just drop in the updated version of the library to override that which came with CF.
But then you can run into problems with either version/classloading conflicts, or other code on the server which now may not work due to that new library they wanted, and so on. And course all this leads some to just decry entirely the use of some thing, as is the case with the Javscript-based UI tags, which leverage jQuery, Ext, and so on.
So what are the current CF2021 library versions?
OK, history and histrionics aside, let's get to the versions of libraries included in CF 2021.
Again, note that I am not listing here every single library (there are a few dozen) but just the several that I see people most often seemingly concerned about, and as I said I am listing them as of the initial release of CF 2021 (in Nov 2020). I'm also not promising to keep this updated as of subsequent releases/updates.
As for how I got the version numbers, I'll share a little more after these details.
- Antisamy 1.5.7 (OWASP security library)
- Axis 2 1.7.0 (web services library, and note that's "Axis 2" v 1.7.0, not just "Axis")
- Derby 10.15 (embedded DB)
- Ehcache 2.10.3 (caching library)
- Elasticache 5.6.16 (In PMT)
- Esapi 126.96.36.199 (OWASP Enterprise Security API)
- Ext JS 188.8.131.528 (JS library which underlies various UI tags) [Update: I mistakenly reported 3.1 originally. See below for more.]
- Hibernate 5.2.11 (ORM library)
- Httpclient 4.5.9 (underlies CFHTTP and more)
- Java 11.0.1 (the JVM which underlies all of CF)
- JDBC Drivers 5.1 (the built-in ProgressDB drivers, such as for SQL Server, Oracle, and even MySQL. CF no longer includes the MySQL-provided driver, but you can add it yourself)
- Jedis 2.9.0 (underlies Redis caching)
- Jetty 9.4.31 (underlies Solr, HTMLTOPDF, and more)
- jQuery 3.1.1 and jQuery UI 1.12.1 (JS library which underlies various UI tags and Admin interface features)
- Lucene 6.6.1 (underlies Solr, the embedded search engine in CF)
- POI 4.1.2 (underlies MS Office Integration features)
- PostgreSQL 42.2.14 (db driver)
- Quartz 2.2.1 (underlies CF Schedule tasks)
- Solr 5.2.1 (the embedded search engine, used by CFSEARCH/CFINDEX/CFCOLLECTION, etc.)
- Tomcat 9.0.37 (the application server which underlies CF, when deployed in traditional "Server" configuration)
- Zingcharts 2.8.4/2.8.6 (underlies cfchart. See more on this below)
- Is there a library you feel I missed which should be listed? Or any mistake? Let me know below.
Before anyone may chime in to point out how it's woeful that Adobe STILL has not updated library "whatever", consider first what I said above about how they have to be concerned with backward compatibility, though surely important bug fixes (and especially security-oriented ones) should trump that.
Consider also that it may be that CF's use of some library may simply not have changed enough to warrant using some newer library (but I realize some will find that to be a meager excuse for them not updating. Again, see what I say above about how we may not know all that Adobe is considering, and they may not be being "lazy" in their choice, as well as where to take you complaints, the bugbase.)
So, wondering how I did determine the versions that I show? Think I got any wrong? I'm open to corrections. Read on.
How did you determine these versions?
Since it's critical for some people to know the exact version of things, I will share here how I found these version numbers. I could either mistakenly look in the wrong place or the wrong way, so I offer this info to help others either confirm for themselves what I see. It will also help anyone interested assess the version info for libraries in some subsequent update or new version of CF, in case I don't do another post like this. :-)
- In some cases, the info is shown in the CF Admin's "System Info" page (the "i" icon in the top right corner), as is the case with the Tomcat and Java versions
- In other cases, the version number is offered on the file itself (as was the case with the antisamy-1.5.3.jar). Note that such Java-based libraries are stored as jar files, and most (for CF) are found in the [cf]\bundles\repo folder, while others are in [cf]\cfusion\lib, and still others are stored elsewhere. (Note the bundles\repo location is new and different compared to CF2018 and earlier, where such jars were mainly in the [cf]\cfusion\lib folder. This is related to the new modular design and packaging manager.)
- Sometimes such jars has no version number on it (as is the case with the solr-solr.jar). In that case, what I did was copy the jar file, then renamed the .jar extension to .zip (jar files really are simply compressed folders following a certain Java convention for filenames, folders, etc.). Then I opened that zip, and looked at the META-INF\MANIFEST.MF file in there, which is plain text, and generally offers a version number ("Specification-Version") for the library in question
- Sometimes you can get the version from something provided by other means, such as the Solr Admin, which for me was available at http://localhost:8989/solr/admin/
- As for the JDBC drivers, note that those provided by Adobe for SQL Server, Oracle, and even MySQL, and so on are licensed by Adobe from Progress (formerly Merant and DataDirect). In prior CF releases, they were found in the macromedia_drivers.jar file in the [cf]\cfusion\lib folder. In CF2021, they are now in separate jars for each DB, witha name starting adobe_ (such as adobe_sqlserverdriver-6.0.jar), and found now in [cf]\bundles\repo folder, like other library jars discussed above). But you may not readily find that to be an accurate version number in the file name, and even digging down into the zip as I discuss above may not help. But there are in fact ways to get the JDBC driver version, and I had blogged about it back in 2006. The same concepts apply, and see alter comments I offered.
- In the case of the zingcharts which underlie CFCHART, things are a bit confusing. First, there is a chart.jar inside CF, but it has no version info in its manifest. But there ARE some cfchart*.js files in the [cf]\wwwroot\cf_scripts\scripts\chart\ folder, and they show using the version 2.8.4 which I offer here. (Thanks to Doug Cain for his comment in 2016 on my post about the libraries versions for CF2016, where he shared this suggestion. He also addresses how the cfchart.jar may not even be the same version as the js files.) But then I found in the technote for CF2018 update 5 (and CF2016 Update 12) that Adobe says they updated Zing to 2.8.6. I don't see that indicated in the js files, so we may conclude that somehow they updated the JAR but not js files. Further, I compared the chart.jar file for CF2018 (post update 5) and CF2021, and they are the same, which is why I added "/2.8.6" to the version shown here. (You may here some folks referring to CF having "Greenpoint" aka "WebCharts3d" as the charting engine. That was so from CF7 to CF10, when it was removed in favor of ZingChart. Sadly, there do remain references to webcharts here and here, referring to files that no longer exist in CF.)
What are the version numbers of things CF supports, like databases, web servers, operating systems?
If you are looking instead for things like the version numbers of the databases, web server, and operating systems that CF supports, that IS indeed documented elsewhere by Adobe, in the ColdFusion 2021 System Support Matrix (pdf).
Certainly, if I got anything wrong, please let me know and I'll update the info here, acknowledging your contribution.
And I hope the list here is helpful, now or for someone finding it in a blog post in the future. Some people don't pay attention to "what's new" with a CF release until they can get their org to finally move to it, perhaps a year or more after its release.
And last, let me say one more time: if you want to complain about the fact that some specific library "should be updated", this is not the place to say that. Raise it in the Adobe Adobe bugbase. If you want to add something here which you may feel would help others, do feel free to add that here.
For more content like this from Charlie Arehart:
Need more help with problems?
- Signup to get his blog posts by email:
- Follow his blog RSS feed
- View the rest of his blog posts
- View his blog posts on the Adobe CF portal
- If you may prefer direct help, rather than digging around here/elsewhere or via comments, he can help via his online consulting services
- See that page for more on how he can help a) over the web, safely and securely, b) usually very quickly, c) teaching you along the way, and d) with satisfaction guaranteed