Announcing major ColdFusion 2025 update of May 20 2026 - thoughts and resources
A substantial new CF update for CF2025 has been released today, May 20, 2026. It's unique/important, in many ways:
About the coming (massive) CF2025 "AI update", prerelease links and more
If you haven't heard, Adobe is planning to release soon a massive update to CF2025 (not a "CF2026": more on that below). The update adds not only AI features but more, including language features, security features, PMT enhancements, and more. (Note also that the AI features are optional, so don't let that keep you from considering it.)
In this post, I point out how one can participate in the prerelease (including seeing its substantial docs and obtaining the prerelease update adding the new features). I can't share news of what's IN the new version, per the info available in those prerelease docs. But in a follow-on post I will offer links to the recordings of several recent Adobe webinars, from mid-April 2026, where Adobe CF team members shared several hours of presentations about what's coming (again on more than just the new AI features).
Here are the topics I cover in this post:
Announcing ColdFusion updates of Apr 14 2026 - p1 security update - thoughts and resources
An update for ColdFusion has been released, Apr 14 2026, for each of cf2025 (as its update 7) and cf2023 (as its update 19). In brief, this update is classed by Adobe as a P1 (Priority 1, "Critical") security update. Then again, the security bulletin (link below) indicates as of today that, "Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates."
(This is the second update since CF2021 has reached its end of life as I blogged previously, which is something folks running that should beware. You are now QUITE exposed to things fixed in these two updates, for which there is no fix for you.)
In this post, I share the details about the update (from Adobe and from others). I also share additional info you may want to consider before (or after) doing the update.
For more, read on.
Announcing ColdFusion updates of Jan 13 2026 - p1 security update - thoughts and resources
An update for ColdFusion has been released, Jan 13 2026, for each of cf2025 (as its update 6) and cf2023 (as its update 18). (This is the first update since CF2021 has reached its end of life as I blogged previously, so this is the first cf update NOT available for cf2021, which is something folks running that should beware.)
In brief, this update (for both versions) addresses a P1 (Priority 1, "Critical") security vulnerability, related to the Apache Tika java framework which Adobe embeds for certain processing with CF.
Before proceeding, it's of some concern to note that unlike recent CF security updates, Adobe does NOT report (in the APSB, linked to below) that they are, "not aware of any exploits in the wild for any of the issues addressed in these updates." That omission would seem to imply that they ARE aware of this vuln being exploited, which raises the urgency of getting it applied. (It also raises the concern all the more for those on CF2021 or earlier, for whom Adobe will no longer offers ANY updates, including security updates.)
In this post, I share the details about the update (from Adobe and from others). I also share additional info you may want to consider before (or after) doing the update.
For more, read on.
One explanation and solution for when applying CF updates uninstalls new packages unexpectedly
I offer in this post a solution to a problem that I and others experienced regarding the latest CF update (released Dec 10, 2025 for ColdFusion 2025, 2023, and 2021, which I just blogged about separately).
We only experienced it with CF2023, but others have reported the problem in the past, with various CF updates to any CF version. As I'll explain it seems to be a caching problem relative to Adobe's servers (so some people may experience it, but not others):
- First, you may find that after applying the update all the of the packages that were to be updated by the release will instead be UNINSTALLED unexpectedly/
- Even worse, that could mean that the administrator package is uninstalled, such that you can't get to the CF Admin after the update...which will also mean you can't use the admin to try to "uninstall the update" (if you wanted to).
Of course, you could go the command line route, as you would be told to consider doing if the Administrator package was uninstalled, using CF's cfpm tool to either install the admin package or even perhaps try to uninstall the update entirely.
But I have what seems to be a better solution. It's quite simple, but bear with me while I explain it...both to help you (and Adobe) better understand what seems amiss, and in case more info may come out soon from them or other folks.
Beware also that if you may have "solved the problem" yourself, consider what I have to say below--you should confirm that you DO in fact have the correctly UPDATED packages, which you may have installed using that cfpm tool.
Announcing ColdFusion updates of Dec 9 2025 - p1 security update and more
An update for ColdFusion has been released, Dec 9 2025, for each of cf2025 (update 5), cf2023 (update 17) and cf2021 (update 23). This is in fact that FINAL update of CF2021, as it has reached its end of life as I blogged last month.
In brief, this update (for all 3 versions) addresses several P1 (Priority 1, "Critical") security vulnerabilities, and also updates Tomcat, along with updating several CF packages, and makes some other changes (see below). Note that Adobe is also reporting currently that, "Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates."
In this post, I share the details about the update (from Adobe and from others). I also share additional info you may want to consider before (or after) doing the update.
Having installed the update for each of the releases on multiple machines, I can report that it went well expect for this:
Warning: beware that some folks implementing the update for CF2023 the first day (myself included) found that after applying the update, the CF Admin was inaccessible and packages that were updates were unexpectedly uninstalled. I have offered a follow-up blog post on that, One explanation and solution for when applying CF updates uninstalls new packages unexpectedly, including how to solve the problem as I see it, and how to ensure your own manual efforts to solve it are complete.
Announcing ColdFusion updates of Sep 9 2025 - p1 security update - thoughts and resources
An update for ColdFusion has been released, Sep 9 2025, for each of cf2025 (update 4), cf2023 (update 16) and cf2021 (update 22). In brief, it addresses a single P1 (Priority 1, "Critical") security vulnerabilities, along with an indicated update to the "feed" package (used by cffeed). Note that Adobe is also reporting currently that, "Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates." More below.
As usual, there are a number of things you should consider before (or after) doing the update, with some discussed in Adobe's resources on the update (there are more than one), and some info that I share below based on my experience helping people apply this and past updates.
In this post, I share the details about the update (from Adobe and from others). I can report I have installed the update for each release on multiple machines and operating systems without any major incidents. As for challenges (common to recent releases) and lessons learned (about this update), read on.
Announcing ColdFusion updates of July 8 2025 - p1 security update and more
An update for ColdFusion has been released, July 8 2025, for each of cf2025 (update 3), cf2023 (update 15) and cf2021 (update 21). In brief, it addresses a number of P1 (Priority 1, "Critical") security vulnerabilities and more, including bug fixes and some modest feature changes.
As usual, there are a number of things you should consider before (or after) doing the update, with some discussed in Adobe's resources on the update (more than one), and some that I share below based on my experience helping people apply this and past updates. Finally, the update corrects some issues introduced in the previous updates, released in May.
In this post, I share the details about the update (from Adobe and from others). I can report I have installed the update for each release on multiple machines and operating systems without any major incidents. As for challenges (common to recent releases) and lessons learned (about this update), read on.
Announcing ColdFusion updates of May 13 2025 - p1 security update - thoughts and resources
An update for ColdFusion has been released, May 13, 2025, for both cf2025 (update 2), cf2023 (update 14) and cf2021 (update 20). In brief, it addresses a P1 (Priority 1, "Critical") security vulnerability, as indicated in the associated ASPB (security bulletin) for the update.
The update also incorporates potentially breaking changes (with Adobe trading compatibility for security), while it also includes configurable options to undo those changes (if you prefer to trade away security for compatibility). Finally, the update corrects some issues introduced in the previous updates, released in April.
In this post, I share the details about the update (from Adobe and from others). I can report I have installed both updates on multiple machines and operating systems without incident. As for challenges or lessons learned, I may do a follow-up post as I/we all learn more.
For more details, read on.
Delighted to be speaking at Into the Box 2025, in early May
I'm delighted to announce that I've been selected to speak at the upcoming Into the Box event (in DC in early May), where I'll be presenting "Hidden Gems in FusionReactor: for BoxLang, ACF, and Lucee Users".
This should not be confused of course with the "Hidden Gems in CF2025" talk which I also just announced that I'd be presenting at the upcoming CF Summit East (next week in DC) and CFCamp (in Munich in late May). It'll be a busy few weeks! :-)
As with them, it's always a thrill to attend this annual event. Following is the topic description and more.
