For more on the update, and some additional thoughts, read on.
Update: 3 days after this update, Adobe released yet another, and then 4 days after that they released yet another, both p1 security updates. While I have posts on each of the two subsequent updates, the one on Jul 14 and then the one on Jul 19, the information below is still important and has details that I do not repeat in the later post.
For more resources as well as some additional thoughts on the updates, read on.
TLDR; For some folks, the above may be all you need to hear: you may be dropping your coffee and donuts now to get the update applied. Still others will see this "huge post" and think, "crap, I don't have time for this". For you, skip to the bottom and its "concluding key points". You can then decide what you think you do or don't "need to know" and pick and choose from the sections as you like.
Finally, for those who prefer because of the importance of all this to be led more carefully through understanding things (in a way that's worked for the many people I have helped so far this week, and is far more than either Adobe or Hackernews has shared), please do read on.
As for CF2021, it gets updates into 2025, and the currently running pre-release of CF2023 is a great sign for the continued vitality of CF. But this looming deadline for CF2018 is a reminder that as the years roll on, we not only get new versions but we must say good-bye to old ones.
Wondering what you can do? or when CF2021 or CF2023 support will end also? And what's the difference between "core" and "extended" support Adobe sells? (The extended support plan does NOT provide updates beyond this coming July.) For more on these, including official Adobe documentation that discusses such things, as well as my thoughts on migration, costs, various options to consider, and more, do read on.
Note: This blog post is from 2022. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.As of the Oct 2022 CF updates (CF2021 update 5 and CF2018 update 15), Adobe has chosen to remove the CF Admin feature to view, search, download, and delete CF logs, due to asserted (but as-yet undocumented) security concerns.
What if you want it back? In this post, I explain what changed, why, and how to get the functionality back--albeit at your own risk. For more, read on.
Note: This blog post is from 2022. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.If you're running CF2016 or earlier, now's your chance (though
Read on for more details.
Note: This blog post is from 2022. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.If you try to download a CF update using the ColdFusion Administrator AND you get an error, "error occurred while installing the update: Failed Signature Verification", there are both a couple of possible explanations (one of them new), both with fairly simple solutions.
Update Jul 2023: Before considering what I share in this post, note that if you have updated your CF to use the Java update from Jul 2023, the cause of this error may be due to a totally different issue. See my post from July 2023 on that matter.
Update Feb 2023: In mid-February 2023, Adobe did re-sign their jars and placed them on the uploads site so that either the CF Admin update download or anyone performing a manual download after that date WOULD get the newly signed jars, and the problem below then no longer happens. (They are now signed as "SHA256withRSA, 4096-bit key".) I leave the rest here still for those who would want to understand what DID happen and why the update jars that were in place then DID change (slightly) for this reason.
Note: This blog post is from 2022. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.Here's a heads-up that some will want to hear about: there are new JVM updates released today (Jul 19, 2022) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17, as well as the new interim update 18. (Note that prior to Java 9, releases of Java were known technically as 1.x, so 8 is referred to in resources below as 1.8.)
TLDR: The new updates are 1.8.0_341, (aka 8u341), 11.0.16, 17.0.4, and 18.0.1 respectively). And as is generally the case with these Java updates, most of them have the same changes and fixes as each other (though not always).
Oracle calls them "critical patch updates" (yep, CPU), but they are scheduled quarterly updates, so take that "critical" nomenclature for what it is. For more on each of them, including what changed and the several security fixes they each contain (including their CVE scores regarding urgency of concerns), see the Oracle resources I list below. I also a bit more if you may be skipping to this from a JVM update from before Apr 2021, as well as info for Adobe ColdFusion users on where to find the updated Java versions, what JVM versions Adobe CF supports, and more.
For some folks, that's all they need to hear. For others, read on for topics like:
Note: This blog post is from 2022. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.New JVM updates have been released today (Apr 19, 2022) for the current long-term support (LTS) releases of Oracle Java, 8, 11, and 17, as well as the new interim update 18. (Note that prior to Java 9, releases of Java were known technically as 1.x, to 8 is referred to in resources below as 1.8.)
The new updates are 1.8.0_331, (aka 8u331), 11.0.15, 17.0.3, and 18.0.1 respectively). And as is generally the case with these Java updates, most of them have the same changes and fixes.
For more on them, including changes as well as the security and bug fixes they each contain, see the Oracle resources I list below, as well as some additional info I offer for if you may be skipping to this from a JVM update from before Apr 2021. I also offer info for Adobe ColdFusion users on where to find the updated Java versions, what JVM versions Adobe CF supports, and more.
Managed Hosting Services provided by
