Known issues related to updates of CF and related things
As an adjunct to my CF Update page of resources, I'd like to start tracking known issues (and hopefully fixes for problems) that arise after any CF updates.The list is NOT definitive. I hope to add to it over time, but I'm starting with some things I can think of right away. And I suspect this list will grow to the point that I need to organize it better.
- CF2023 update 11 and CF2021 update 17, from October 2024 (whether you're applying those or skipping over it from an earlier update):
- After applying this update, the technote indicates a need to "clear the felix-cache folder". While it is listed as resolving a couple of "known issues", I would recommend EVERYONE perform this step after the update.
- For more, see my blog post on the update.
- CF2023 update 8 and CF2021 update 14, from June 2024 (whether you're applying those or skipping over it from an earlier update):
- This update made a major (security-motivated) change regarding the default encryption/decryption algorithm used for several CFML functions. If you use these functions and DO NOT SPECIFY the algorithm, such code would no longer use the old CFMX_Compat algorithm but instead a NEW/DIFFERENT algorithm (detailed in the update technote), which could cause serious application and data processing issues. Note that you CAN change your code to USE the old CFMX_compat algorithm: but Adobe has announced that its use will NOT be allowed in CF2025 and beyond.
- For more, see my blog post on the update, as well as a follow-up post I did a month later.
- CF2023 update 7 and CF2021 update 13, from March 2024 (whether you're applying those or skipping over it from an earlier update):
- This update made a major (security-motivated) change regarding the CF's default behavior regarding searching through scopes, when a variable was not prefixed with a scope. If you have code using unscoped variables, it's not that those are no longer allowed: the code will only fail if it relied on searching scopes this update prevents (such as url, form, cgi, and more). Note that Adobe offered a JVM arg that could revert this default behavior (trading security for compatibility), but Adobe clarified that its use will NOT be allowed in CF2025 and beyond.
- For more, see my blog post on the update, as well as a follow-up post I did a couple of months later.
- CF2021 update 8 and CF2018 update 16, from March 2023 (whether you're applying those or skipping over it from an earlier update):
- This update addressed a major security vulnerability. While no fix was offered for CF2016 (as it was then no longer supported), there was a mitigation those folks could take.
- For more, see my blog (lengthy) post on the update.