Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
tree: 08b00c7533
Fetching contributors…

Cannot retrieve contributors at this time

127 lines (105 sloc) 8.682 kb

Unofficial Updater 2

Introduction

Unofficial Updater 2 (UU2) is an outgrowth of the frustration that came from trying to manually patch Adobe ColdFusion 8.0.1 with the numerous hot fixes and security bulletins that have been published. It is a tool to provide an easy way of consistently applying applicable hot fixes and security bulletins to Adobe ColdFusion 8.0.1 or 9.0.1.

Disclaimers

  1. Use of Unofficial Updater 2 is at your own risk
    • Do not run Unofficial Updater 2 for the first time on a production system
  2. Unofficial Updater 2 is not endorsed by or have any ties to Adobe
  3. ColdFusion Server/process should not be running when you use Unofficial Updater 2
  4. Unofficial Updater 2 can only be run against Adobe ColdFusion 8.0.1 or 9.0.1
  5. Unofficial Updater 2 is updated whenever Adobe releases a new (or changes) a hot fix or security bulletin
  6. Unofficial Updater 2 will need to be downloaded and run again when it is updated to apply all new (or changed) hot fix or security bulletin from Adobe

What it does

First time you run Unofficial Updater 2, it will download ALL hotfixes and security bulletins from Adobe for both ColdFusion 8.0.1 and 9.0.1. UU2 will create Unofficial-Updater2-with-downloads.jar which contains the downloaded hotfixes and security bulletins. This is done since UU2 can not directly package the updates and will make it easier to patch additional servers without the need of an Internet connection.

Once the downloading is complete, UU2 will asks specific questions about how Adobe ColdFusion is installed. It will then produce backups of any directories it will modify. Finally, it will apply the hotfixes and security bulletins according to the published instructions.

UU2 only updates files, it does not modify any settings in ColdFusion such as neo-*.xml or jvm.config.

A list of files that Unofficial Updater 2 updates as compared to a clean install of Adobe ColdFusion 8.0.1 or 9.0.1 are listed below:

If you have modified files in CFIDE and/or WEB-INF they could be changed due to files contained in the updates from Adobe.

How to use

  1. Download the packaged JAR installer
  2. Stop the ColdFusion Server/process you are going to update
  3. Depending upon your system you might be able to double-click Unofficial-Updater2.jar to run it, otherwise it will need to be run from command line
    • Installer (auto-detect GUI or text)
      • java -jar Unofficial-Updater2.jar
    • Force GUI Installer
      • java -jar Unofficial-Updater2.jar swing
    • Force Text Installer
      • java -jar Unofficial-Updater2.jar text
    • Text Installer run as cfusion user on Linux/UNIX
      • su -s /bin/sh "cfusion" -c "java -jar Unofficial-Updater2.jar text"
    • Text Installer run as root on Linux/UNIX
      • sudo java -jar Unofficial-Updater2.jar text
    • Once Unofficial-Updater2-with-downloads.jar is created, you can use that instead of Unofficial-Updater2.jar
  4. Walk through the screens putting the appropriate information
    • Be sure to fill the directory locations correctly, Unofficial Updater 2 will try to validate they are correct before letting you proceed to the next step
  5. Finish updater by pressing Apply Updates
  6. On OS X/Linux/UNIX verify (and possibly correct) ownership and permission of the files updated

Please see the Wiki: Using Updater 2 for screenshots and walkthrough.

Backups

Backups are made of the directories that are modified. The backups are stored in the directory specified when running UU2 and are named {directory-name}-uu2-{datetime-stamp}.zip

Please see Wiki: Restore ACF from UU2 backups for details.

Details

At the core, Unofficial Updater 2 is just an Apache Ant script. Ant was chosen since it could provide cross platform support. The ant script was wrapped with Ant Installer to create a GUI and text based interface which only require Java 1.5+ to be installed.

ColdFusion 8.0.1

All hot fixes and security bulletins published as of June 12, 2012 for ColdFusion 8.0.1 are applied except if they were superseded by a newer patch and the following:

Both kb404026 and CVE-2009-1876 require modifications to be done to the system configuration. kb404026 requires ability to modify the Windows registry and CVE-2009-1876 will modify the connector configuration. kb403750 is not installed since it does not seem to resolve all the issues and breaks other things.

ColdFusion 9.0.1

All hot fixes and security bulletins published as of June 12, 2012 for ColdFusion 9.0.1 are applied except if they were superseded by a newer patch.

Additional Notes

Please refer to the various technotes about changes to configuration options since Unofficial Updater 2 only updates files, it does not modify any settings in ColdFusion such as neo-*.xml or jvm.config.

Also it is highly recommended to update the underlying JVM that ColdFusion uses to 1.6.0 Update 24

Jump to Line
Something went wrong with that request. Please try again.