Version numbers of libraries underlying ColdFusion 2021

Note: This blog post is from 2021. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.

In this post, I offer a rundown of what seem the most significant libraries and their versions, as deployed in the first release of ColdFusion (2021 Release).

[Update: I have started updating this post to identify the versions as of update 4, released in May 2022. Rather than wait until I have found ALL the new values, I will just update the list below, clarifying when I have noted the updated value.]

This is something I have been doing in my "hidden gems" talks for the past several releases. I also explain here how I find these version numbers, which isn't always obvious, in case that may help anyone (and also because some libraries may change with future updates to CF2021). I also offer some commentary on why this matter of library versions is important to some, as well as some counterpoints to the demands some have that every library should always be the absolute latest version (and why that's just not practicable).

If you just want the version numbers without the "waffle", look for the bulleted list of them below. :-)

Here are the sections in this post:

• What is meant by "the libraries underlying CF"?
• And why do the library versions matter? Why do some complain if not updated?
• Can I just update a library myself?
• So what are the current CF2021 library versions?
• How did you determine these versions?
• What are the version numbers of things CF supports, like databases, web servers, operating systems?

And before we proceed, as for what's new in CF2021 in general, note that if you have not seen it I did a blog post when CF2021 was released, listing its many new features (and links for finding more).

What is meant by "the libraries underlying CF"?

As most know, one of the benefits of ColdFusion is that it bundles many libraries (some free, some commercial) which underlie many if not most of the features in CF.  Some are obvious, like Java and Tomcat , or the Solr library underlying CFSEARCH or ehCache underlying CF's default caching configuration. But some are less obvious: such as the Quartz library underlying CF scheduled tasks.

And why do the library versions matter? Why do some complain if not updated?

Regarding this bundling of libraries, Adobe must of course pick SOME version to use prior to building a given version of CF, and then they will proceed (perhaps for months) to build out that new CF version, testing it then releasing it.

In that time, the library-maker may have updated their library, and folks who care about such details often lament that CF's included libraries are out of date, and either are missing important bug fixes in that library, or new features that it enabled, or both.

But Adobe's in a rather tough position: if they update the library while building a new version (like during the timespan of their building CF 2021), they need to re-test things before that new version can be released.

And even updating such a library in an update of CF (as those come out every few months) is also a dicey proposition, if such a new library may not only implement bug fixes or new features, but also perhaps changes in behavior. Again, it's then incumbent on Adobe to make sure that that new library (and any updates to it since the version they first embedded) has not caused incompatibilities in how CF and users' code process things.

So some will clamor that Adobe should/must include always the very latest version of any embedded library whenever it comes out or soon after, but it just doesn't seem likely or workable. (Take your complaints about that to Adobe. There's really no sense in making your case here. There's no guarantee they're listening. Open a bug report instead.)

Can I just update a library myself?

Sometimes people complain that the problem is they'd like (or find people trying) to leverage some aspect of such a library by calling it directly themselves, and they know that a new version of the library would allow them to access that feature, but the Adobe-provided one is "old". And they may wish they could just drop in the updated version of the library to override that which came with CF.

But then you can run into problems with either version/classloading conflicts, or other code on the server which now may not work due to that new library they wanted, and so on. And course all this leads some to just decry entirely the use of some thing, as is the case with the Javscript-based UI tags, which leverage jQuery, Ext, and so on.

So what are the current CF2021 library versions?

OK, history and histrionics aside, let's get to the versions of libraries included in CF 2021.

Again, note that I am not listing here every single library (there are a few dozen) but just the several that I see people most often seemingly concerned about, and as I said I am listing them as of the initial release of CF 2021 (in Nov 2020).  I'm also not promising to keep this updated as of subsequent releases/updates.

As for how I got the version numbers, I'll share a little more after these details.

• Antisamy 1.5.13 (OWASP security library; was originally 1.5.7 at release of CF2021)
• Axis 2: 1.2.1 (web services library)
• ckeditor 4.10.0 (embedded wysiwyg editor)
• Derby 10.15 (embedded DB)
• Ehcache 2.10.3 (caching library)
• Esapi 2.2.1.1 (OWASP Enterprise Security API)
• Ext JS 6.6.0.258 (JS library which underlies various UI tags) [Update: I mistakenly reported 3.1 originally. See below for more.]
• Hibernate 5.2.11 (ORM library)
• Httpclient 4.5.9 (underlies CFHTTP and more)
• Java 11.0.11 (the JVM which underlies all of CF; was originally 11.0.1 at release of CF2021)
• JDBC Drivers (see below)
• Jedis 2.9.0 (underlies Redis caching)
• Jetty 9.4.31 (underlies Solr, HTMLTOPDF, and more)
• jQuery 3.1.1 and jQuery UI 1.12.1 (JS library which underlies various UI tags and Admin interface features)
• Lucene 6.6.1 (underlies Solr, the embedded search engine in CF)
• POI 4.1.2 (underlies MS Office Integration features)
• PostgreSQL 42.2.14 (db driver)
• Quartz 2.2.1 (underlies CF Schedule tasks)
• Solr 7.2.1 (the embedded search engine, used by CFSEARCH/CFINDEX/CFCOLLECTION, etc.), note that while the solr client jar in CF is 5.2.1, the 7.2.1 is the Solr Engine jar as found in the CF add-on service (this is a correction since I first posted this in Jan 2021. See the helpful comment below from Mark Gregory on 7/26/22)
• Tomcat 9.0.37 (the application server which underlies CF, when deployed in traditional "Server" configuration)
• Zingcharts 2.8.4/2.8.6 (underlies cfchart. See more on this below)
• Is there a library you feel I missed which should be listed? Or any mistake? Let me know below.

Before anyone may chime in to point out how it's woeful that Adobe STILL has not updated library "whatever", consider first what I said above about how they have to be concerned with backward compatibility, though surely important bug fixes (and especially security-oriented ones) should trump that.

Consider also that it may be that CF's use of some library may simply not have changed enough to warrant using some newer library (but I realize some will find that to be a meager excuse for them not updating. Again, see what I say above about how we may not know all that Adobe is considering, and they may not be being "lazy" in their choice, as well as where to take you complaints, the bugbase.)

So, wondering how I did determine the versions that I show? Think I got any wrong? I'm open to corrections. Read on.

How did you determine these versions?

Since it's critical for some people to know the exact version of things, I will share here how I found these version numbers. You may be interested to check after some subsequent CF updates, in case I don't come back and update this based on those. Same with if a future CF version comes out and I don't do a similar post then. Finally, I could of course mistakenly look in the wrong place or assess things the wrong way, so I offer this info to help others confirm for themselves what I report.

• In some cases, the info is shown in the CF Admin's "System Info" page (the "i" icon in the top right corner), as is the case with the Tomcat and Java versions
• In other cases, the version number is offered on the file itself (as was the case with the antisamy-1.5.3.jar). Note that such Java-based libraries are stored as jar files, and most (for CF) are found in the [cf]\bundles\repo folder, while others are in [cf]\cfusion\lib, and still others are stored elsewhere. (Note the bundles\repo location is new and different compared to CF2018 and earlier, where such jars were mainly in the [cf]\cfusion\lib folder. This is related to the new modular design and packaging manager.)
• Sometimes such jars has no version number on it (as is the case with the solr-solr.jar). In that case, what I did was copy the jar file, then renamed the .jar extension to .zip (jar files really are simply compressed folders following a certain Java convention for filenames, folders, etc.). Then I opened that zip, and  looked at the META-INF\MANIFEST.MF file in there, which is plain text, and generally offers a version number ("Specification-Version") for the library in question
• Sometimes you can get the version from something provided by other means, such as the Solr Admin, which for me was available at http://localhost:8989/solr/admin/
• Some of these libraries are not Java but instead Javascript, as it the case with the jQuery library (used for some CF UI tags and also for the CF Admin's "browse" button, which since CF10 is no longer a Java applet). That jQuery library is stored in [cf]\cfusion\wwwroot\cf_scripts\scripts\ajax\jquery\jquery.js, and I just opened the jquery.js file to get the version number offered in the comments. Same with the ext library, in [cf]\cfusion\wwwroot\cf_scripts\scripts\ajax\ext\source\core\core\Ext-all.js, or the ckeditor engine at [cf]\cfusion\wwwroot\cf_scripts\scripts\ajax\ckeditor\ckeditor.js [Update: I was mistaken in reporting originally that the Ext version was 3.1.0 I had correctly indicated that I'd looked at the ext.js file in that folder, which did and does say 3.1.0, but reader Larry Lee helped point out that I should have looked at the ext-all.js file, as I had in my 2016 version of this post. Thanks, and apologies.]
• As for the JDBC drivers, note that those provided by Adobe for SQL Server, Oracle, and so on are licensed by Adobe from Progress (formerly Merant and DataDirect). In prior CF releases, they were found in the macromedia_drivers.jar file in the [cf]\cfusion\lib folder. In CF2021, they are now in separate jars for each DB, with a name starting adobe_ (such as adobe_sqlserverdriver-6.0.jar), and found now in [cf]\bundles\repo folder, like other library jars discussed above). But you may not readily find that to be an accurate version number in the file name, and even digging down into the zip as I discuss above may not help. But there are in fact ways to get the JDBC driver version, and I had blogged about it back in 2006. The same concepts apply, and see alter comments I offered. Finally, as for MySQL, Adobe no longer bundles a MySQL-provided driver, but you can and must add it yourself. Usually you will find it in the [cf]\cfusion\lib folder.
• In the case of the zingcharts which underlie CFCHART, things are a bit confusing. First, there is a chart.jar inside CF, but it has no version info in its manifest. But there ARE some cfchart*.js files in the [cf]\wwwroot\cf_scripts\scripts\chart\ folder, and they show using the version 2.8.4 which I offer here. (Thanks to Doug Cain for his comment in 2016 on my post about the libraries versions for CF2016, where he shared this suggestion. He also addresses how the cfchart.jar may not even be the same version as the js files.) But then I found in the technote for CF2018 update 5 (and CF2016 Update 12) that Adobe says they updated Zing to 2.8.6. I don't see that indicated in the js files, so we may conclude that somehow they updated the JAR but not js files. Further, I compared the chart.jar file for CF2018 (post update 5) and CF2021, and they are the same, which is why I added "/2.8.6" to the version shown here. (You may hear some folks referring to CF having "Greenpoint" aka "WebCharts3d" as the charting engine. That was so from CF7 to CF10, when it was removed in favor of ZingChart. Sadly, there do remain references to webcharts here and here, referring to files that no longer exist in CF.)

What are the version numbers of things CF supports, like databases, web servers, operating systems?

If you are looking instead for things like the version numbers of the databases, web server, and operating systems that CF supports, that IS indeed documented elsewhere by Adobe, in the ColdFusion 2021 System Support Matrix (pdf).

Conclusion

Certainly, if I got anything wrong, please let me know and I'll update the info here, acknowledging your contribution.

And I hope the list here is helpful, now or for someone finding it in a blog post in the future. Some people don't pay attention to "what's new" with a CF release until they can get their org to finally move to it, perhaps a year or more after its release.

And last, let me say one more time: if you want to complain about the fact that some specific library "should be updated", this is not the place to say that. Raise it in the Adobe Adobe bugbase. If you want to add something here which you may feel would help others, do feel free to add that here.

For more content like this from Charlie Arehart:

• Signup to get his blog posts by email:
• Follow his blog RSS feed
• View the rest of his blog posts
• View his blog posts on the Adobe CF portal

Need more help with problems?

• If you may prefer direct help, rather than digging around here/elsewhere or via comments, he can help via his online consulting services
• See that page for more on how he can help a) over the web, safely and securely, b) usually very quickly, c) teaching you along the way, and d) with satisfaction guaranteed