Announcing major ColdFusion 2025 update of May 20 2026 - thoughts and resources
A substantial new CF update for CF2025 has been released today, May 20, 2026. It's unique/important, in many ways:
About the coming (massive) CF2025 "AI update", prerelease links and more
If you haven't heard, Adobe is planning to release soon a massive update to CF2025 (not a "CF2026": more on that below). The update adds not only AI features but more, including language features, security features, PMT enhancements, and more. (Note also that the AI features are optional, so don't let that keep you from considering it.)
In this post, I point out how one can participate in the prerelease (including seeing its substantial docs and obtaining the prerelease update adding the new features). I can't share news of what's IN the new version, per the info available in those prerelease docs. But in a follow-on post I will offer links to the recordings of several recent Adobe webinars, from mid-April 2026, where Adobe CF team members shared several hours of presentations about what's coming (again on more than just the new AI features).
Here are the topics I cover in this post:
Announcing Java updates of Apr 21 2026 - thoughts and resources
It's that time again: there are new Oracle JVM updates released today (Apr 21, 2026) for the current long-term support (LTS) releases of Oracle Java 25, 21, 17, 11, and 8, as well as the newest short-term release, 26. (Yep, kind of crazy that there are for now 5 current Oracle Java "LTS" releases, for historical reasons.)
TLDR: The new updates are 26.0.1, 25.0.3, 21.0.11, 17.0.19, 11.0.31, and 1.8.0_491 (aka 8u491) respectively. The update seems a pretty modest one, without seeming breaking changes (though my opinion is based solely on my read of the update release notes, in this first day).
More on the updates below, including links to more info on each of them including what changed, bug fixes, and the security fixes each version contains. (I also offer a quick assessment of the changes listed for the updates.)
Also, openjdk updates are usually released at the same time or soon after, so this info may help users of such alternative JDK implementations.
For some folks, the above is all they need to hear. For others, whether this your first time updating Java or your fiftieth, there are some things that you may or may not know, as I cover here.
Announcing ColdFusion updates of Apr 14 2026 - p1 security update - thoughts and resources
An update for ColdFusion has been released, Apr 14 2026, for each of cf2025 (as its update 7) and cf2023 (as its update 19). In brief, this update is classed by Adobe as a P1 (Priority 1, "Critical") security update. Then again, the security bulletin (link below) indicates as of today that, "Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates."
(This is the second update since CF2021 has reached its end of life as I blogged previously, which is something folks running that should beware. You are now QUITE exposed to things fixed in these two updates, for which there is no fix for you.)
In this post, I share the details about the update (from Adobe and from others). I also share additional info you may want to consider before (or after) doing the update.
For more, read on.
Announcing Java updates of Jan 20 2026 - thoughts and resources
It's that time again: there are new Oracle JVM updates released today (Jan 20, 2026) for the current long-term support (LTS) releases of Oracle Java, 8, 11, 17, 21, and 25. (Yep, kind of crazy that there are for now 5 current Oracle Java "LTS" releases, for historical reasons.)
TLDR: The new updates are 1.8.0_481 (aka 8u481), 11.0.30, 17.0.18, 21.0.10, and 25.0.2, respectively. More on the updates below, including links to more info on each of them including what changed, bug fixes, and the security fixes each version contains. (I also offer a quick assessment of the changes listed for the updates.)
Also, openjdk updates are usually released at the same time or soon after, so this info may help users of such alternative JDK implementations.
For some folks, the above is all they need to hear. For others, whether this your first time updating Java or your fiftieth, there are some things that you may or may not know, as I cover here.
Announcing ColdFusion updates of Jan 13 2026 - p1 security update - thoughts and resources
An update for ColdFusion has been released, Jan 13 2026, for each of cf2025 (as its update 6) and cf2023 (as its update 18). (This is the first update since CF2021 has reached its end of life as I blogged previously, so this is the first cf update NOT available for cf2021, which is something folks running that should beware.)
In brief, this update (for both versions) addresses a P1 (Priority 1, "Critical") security vulnerability, related to the Apache Tika java framework which Adobe embeds for certain processing with CF.
Before proceeding, it's of some concern to note that unlike recent CF security updates, Adobe does NOT report (in the APSB, linked to below) that they are, "not aware of any exploits in the wild for any of the issues addressed in these updates." That omission would seem to imply that they ARE aware of this vuln being exploited, which raises the urgency of getting it applied. (It also raises the concern all the more for those on CF2021 or earlier, for whom Adobe will no longer offers ANY updates, including security updates.)
In this post, I share the details about the update (from Adobe and from others). I also share additional info you may want to consider before (or after) doing the update.
For more, read on.
One explanation and solution for when applying CF updates uninstalls new packages unexpectedly
I offer in this post a solution to a problem that I and others experienced regarding the latest CF update (released Dec 10, 2025 for ColdFusion 2025, 2023, and 2021, which I just blogged about separately).
We only experienced it with CF2023, but others have reported the problem in the past, with various CF updates to any CF version. As I'll explain it seems to be a caching problem relative to Adobe's servers (so some people may experience it, but not others):
- First, you may find that after applying the update all the of the packages that were to be updated by the release will instead be UNINSTALLED unexpectedly/
- Even worse, that could mean that the administrator package is uninstalled, such that you can't get to the CF Admin after the update...which will also mean you can't use the admin to try to "uninstall the update" (if you wanted to).
Of course, you could go the command line route, as you would be told to consider doing if the Administrator package was uninstalled, using CF's cfpm tool to either install the admin package or even perhaps try to uninstall the update entirely.
But I have what seems to be a better solution. It's quite simple, but bear with me while I explain it...both to help you (and Adobe) better understand what seems amiss, and in case more info may come out soon from them or other folks.
Beware also that if you may have "solved the problem" yourself, consider what I have to say below--you should confirm that you DO in fact have the correctly UPDATED packages, which you may have installed using that cfpm tool.
Announcing ColdFusion updates of Dec 9 2025 - p1 security update and more
An update for ColdFusion has been released, Dec 9 2025, for each of cf2025 (update 5), cf2023 (update 17) and cf2021 (update 23). This is in fact that FINAL update of CF2021, as it has reached its end of life as I blogged last month.
In brief, this update (for all 3 versions) addresses several P1 (Priority 1, "Critical") security vulnerabilities, and also updates Tomcat, along with updating several CF packages, and makes some other changes (see below). Note that Adobe is also reporting currently that, "Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates."
In this post, I share the details about the update (from Adobe and from others). I also share additional info you may want to consider before (or after) doing the update.
Having installed the update for each of the releases on multiple machines, I can report that it went well expect for this:
Warning: beware that some folks implementing the update for CF2023 the first day (myself included) found that after applying the update, the CF Admin was inaccessible and packages that were updates were unexpectedly uninstalled. I have offered a follow-up blog post on that, One explanation and solution for when applying CF updates uninstalls new packages unexpectedly, including how to solve the problem as I see it, and how to ensure your own manual efforts to solve it are complete.
Reminder that CF2021 is end-of-life as of Monday Nov 10 2025
This coming Monday, Nov 10 2025, marks the end of Adobe support of CF2021. After that date, Adobe is no longer obligated to offer updates for ColdFusion 2021 (not even security updates--and buying "extended support" DOES NOT CHANGE that!)
There's more to consider. For that, read on.
Announcing Java updates of Oct 21 2025 - thoughts and resources
It's that time again: there are new Oracle JVM updates released today (Oct 21, 2025) for the current long-term support (LTS) releases of Oracle Java, 8, 11, 17, 21, and 25. (The previous short-term release, Java 24, is no longer updated.)
TLDR: The new updates are 1.8.0_471 (aka 8u471), 11.0.29, 17.0.17, 21.0.9, and 25.0.1, respectively. More on the updates below, including links to more info on each of them including what changed, bug fixes, and the security fixes each version contains. (I also offer a quick assessment of the updates with respect to my primary audience, users of CFML engines.)
