[Looking for Charlie's main web site?]

Announcing ColdFusion updates released Sep 9 2025: p1 security update

Posted At : September 9, 2025 11:23 PM | Posted By : Charlie Arehart
Related Categories: updates, cf2021, admin, cf2025, cf2023
Comments: (5)
An update for ColdFusion has been released, Sep 9 2025, for each of cf2025 (update 4), cf2023 (update 16) and cf2021 (update 22). In brief, it addresses a single P1 (Priority 1, "Critical") security vulnerabilities, along with an indicated update to the "feed" package (used by cffeed). Note that Adobe is also reporting currently that, "Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates." More below.

As usual, there are a number of things you should consider before (or after) doing the update, with some discussed in Adobe's resources on the update (there are more than one), and some info that I share below based on my experience helping people apply this and past updates.

In this post, I share the details about the update (from Adobe and from others). I can report I have installed the update for each release on multiple machines and operating systems without any major incidents. As for challenges (common to recent releases) and lessons learned (about this update), read on.

[....Continue Reading....]

Comments (5)

Announcing Java updates of Jul 15, 2025 for 8, 11, 17, 21, and 24: thoughts and resources

Posted At : July 15, 2025 11:59 AM | Posted By : Charlie Arehart
Related Categories: updates, java
Comments: (0)
It's that time again: there are new Oracle JVM updates released today (Jul 15, 2025) for the current long-term support (LTS) releases of Oracle Java, 8, 11, 17, and 21, as well as the new short-term release 24. (The previous short-term release, Java 23, is no longer updated.)

TLDR: The new updates are 1.8.0_461 (aka 8u461), 11.0.28, 17.0.16, 21.0.8, and 24.0.2, respectively. More on the updates below, including links to more info on each of them including what changed, bug fixes, and the security fixes each version contains. (I also offer a quick assessment of the updates with respect to my primary audience, users of CFML engines.)

Yep, kind of crazy that there are now 5 current Oracle Java releases, for "reasons". And usually openjdk updates are released at the same time or soon after.

Oracle calls these updates "critical patch updates" (yep, "CPU"), but they are in fact scheduled quarterly updates (Jan, Apr, Jul, Oct, with specific dates listed here), so that the "critical" aspect of this nomenclature may sometimes be a bit overstated. As is generally the case with these Java updates, most of them have the same changes and fixes across the four JVM versions, though not always.

For some folks, that's all they need to hear. For others, read on.

[....Continue Reading....]

Comments (0)

Announcing ColdFusion updates released July 8 2025: p1 security update and more

Posted At : July 9, 2025 11:45 PM | Posted By : Charlie Arehart
Related Categories: updates, cf2021, cf2025, cf2023
Comments: (19)
An update for ColdFusion has been released, July 8 2025, for each of cf2025 (update 3), cf2023 (update 15) and cf2021 (update 21). In brief, it addresses a number of P1 (Priority 1, "Critical") security vulnerabilities and more, including bug fixes and some modest feature changes.

As usual, there are a number of things you should consider before (or after) doing the update, with some discussed in Adobe's resources on the update (more than one), and some that I share below based on my experience helping people apply this and past updates. Finally, the update corrects some issues introduced in the previous updates, released in May.

In this post, I share the details about the update (from Adobe and from others). I can report I have installed the update for each release on multiple machines and operating systems without any major incidents. As for challenges (common to recent releases) and lessons learned (about this update), read on.

[....Continue Reading....]

Comments (19)

Announcing ColdFusion updates released May 13 2025: p1 security update (and more)

Posted At : May 14, 2025 3:10 AM | Posted By : Charlie Arehart
Related Categories: updates, cf2021, cf2025, cf2023
Comments: (40)
An update for ColdFusion has been released, May 13, 2025, for both cf2025 (update 2), cf2023 (update 14) and cf2021 (update 20). In brief, it addresses a P1 (Priority 1, "Critical") security vulnerability, as indicated in the associated ASPB (security bulletin) for the update.

The update also incorporates potentially breaking changes (with Adobe trading compatibility for security), while it also includes configurable options to undo those changes (if you prefer to trade away security for compatibility). Finally, the update corrects some issues introduced in the previous updates, released in April.

In this post, I share the details about the update (from Adobe and from others). I can report I have installed both updates on multiple machines and operating systems without incident. As for challenges or lessons learned, I may do a follow-up post as I/we all learn more.

For more details, read on.

[....Continue Reading....]

Comments (40)

Presenting "Solving Common Problems with CF Updates" today, online

Posted At : April 17, 2025 10:10 AM | Posted By : Charlie Arehart
Related Categories: presentations, updates, admin
Comments: (0)
Have you had problems installing CF updates, whether the most recent or past ones?

I'll be presenting a talk on this topic, online today, at noon US Eastern, on the CFMeetup Youtube livestream (which will be recorded). Folks who are members of the Online ColdFusion Meetup will have already gotten email notification about this, including the meeting URL, but for those who are not members here are the details:

[....Continue Reading....]

Comments (0)

Announcing Java updates of Apr 15, 2025 for 8, 11, 17, 21, and 24: thoughts and resources

Posted At : April 15, 2025 6:55 PM | Posted By : Charlie Arehart
Related Categories: updates, java
Comments: (1)
It's that time again: there are new JVM updates released today (Apr 15, 2025) for the current long-term support (LTS) releases of Oracle Java, 8, 11, 17, and 21, as well as the new short-term release 24. (The previous short-term release, Java 23, is no longer updated.)

TLDR: The new updates are 1.8.0_451 (aka 8u451), 11.0.27, 17.0.15, 21.0.7, and 24.0.1, respectively. Crazy that there are now 5 current Java releases, I do realize. More below, including links to more on each of them including what changed, bug fixes, and the security fixes each version contains, which are offered in Oracle resources I list below.

Oracle calls these updates "critical patch updates" (yep, "CPU"), but they are in fact scheduled quarterly updates (Jan, Apr, Jul, Oct, with specific dates listed here), so that the "critical" aspect of this nomenclature may sometimes be a bit overstated. As is generally the case with these Java updates, most of them have the same changes and fixes across the four JVM versions, though not always.

For some folks, that's all they need to hear. For others, read on.

[....Continue Reading....]

Comments (1)

Announcing Java updates of Jan 21, 2025 for 8, 11, 17, 21, and 23: thoughts and resources

Posted At : January 21, 2025 9:45 AM | Posted By : Charlie Arehart
Related Categories: updates, java
Comments: (0)
It's that time again: there are new JVM updates released today (Jan 21, 2025) for the current long-term support (LTS) releases of Oracle Java, 8, 11, 17, and 21, as well as the new short-term release 23. (The previous short-term release, Java 22, is no longer updated.)

TLDR: The new updates are 1.8.0_441 (aka 8u441), 11.0.26, 17.0.14, 21.0.6, and 23.0.2, respectively. Crazy that there are now 5 current Java releases, I realize. More below, including more on each of them including what changed as well as bug fixes and the security fixes each version contains (including their CVE scores regarding urgency of concerns), which are offered in Oracle resources I list below.

Oracle calls these updates "critical patch updates" (yep, "CPU"), but they are in fact scheduled quarterly updates, so that the "critical" aspect of this nomenclature may sometimes be a bit overstated. As is generally the case with these Java updates, most of them have the same changes and fixes across the four JVM versions, though not always.

For some folks, that's all they need to hear. For others, read on.

[....Continue Reading....]

Comments (0)

Announcing ColdFusion updates released Dec 23 2024: p1 security update

Posted At : December 23, 2024 11:56 PM | Posted By : Charlie Arehart
Related Categories: updates, cf2021, admin, cf2023, cf2018, PMT
Comments: (5)
An update for ColdFusion has been released today for both cf2023 (update 12) and cf2021 (update 18). In brief, it addresses a P1 (Priority 1, "Critical") security vulnerability, as indicated in the associated ASPB (security bulletin) for the update (CVSS Base Score of 7.4 out of 10).

In this post, I share the details about the update (from Adobe and from others, including pointing to some discussions I've already started online about the update). Note also that while you may read that the update is related to the CF PMT feature, beware presuming it therefore "doesn't apply to you" because you "don't use it". See the next section for more.

Of course, this is terrible timing for an update, but it is what it is. I can report I have installed both updates on multiple machines and operating systems without incident. And I may do a follow-up post on the update as I/we all learn more.

For more details, read on.

[....Continue Reading....]

Comments (5)

Announcing ColdFusion updates released Oct 15 2024: enhancements and fixes

Posted At : October 16, 2024 1:02 AM | Posted By : Charlie Arehart
Related Categories: updates, cf2021, admin, cf2023
Comments: (11)
An update for ColdFusion has been released yesterday for both cf2023 (as update 11) and cf2021 (as update 17). In brief, the update has no security fixes, but it does fix dozens of issues that folks have stumbled over recently. It also upgrades some "OEM" libraries underlying CF, and it offers some modest enhancements.

Also, if you may be skipping to this update from prior to CF2023 update 7 or earlier, or CF2021 update 13 or earlier, please don't apply the update before reading below my discussion about possible breaking changes introduced in those updates from March and June of this year.

For more details, read on.

[....Continue Reading....]

Comments (11)

Announcing Java updates of Oct 2024 for 8, 11, 17, 21, and 23: thoughts and resources

Posted At : October 15, 2024 11:30 AM | Posted By : Charlie Arehart
Related Categories: updates, java
Comments: (0)
It's that time again: there are new JVM updates released today (Oct 15, 2024) for the current long-term support (LTS) releases of Oracle Java, 8, 11, 17, and 21, as well as the new short-term release 23. (The previous short-term release, Java 22, is no longer updated.)

TLDR: The new updates are 1.8.0_431 (aka 8u431), 11.0.25, 17.0.13, 21.0.5, and 23.0.1 respectively. Crazy that there are now 5 current Java releases, I realize. More below, including more on each of them including what changed as well as bug fixes and the security fixes each version contains (including their CVE scores regarding urgency of concerns), which are offered in Oracle resources I list below.

Oracle calls these updates "critical patch updates" (yep, "CPU"), but they are in fact scheduled quarterly updates, so that the "critical" aspect of this nomenclature may sometimes be a bit overstated. As is generally the case with these Java updates, most of them have the same changes and fixes across the four JVM versions, though not always.

For some folks, that's all they need to hear. For others, read on.

[....Continue Reading....]

Comments (0)

More Entries

Copyright ©2025 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the HTML in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting