Ant script to update ColdFusion 8.0.1 or 9.0.1 with all published patches
Switch branches/tags
Nothing to show
Pull request Compare This branch is 37 commits behind AboutWebLLC:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

Unofficial Updater 2


Unofficial Updater 2 (UU2) is an outgrowth of the frustration that came from trying to manually patch Adobe ColdFusion 8.0.1 with the numerous hot fixes and security bulletins that have been published. It is a tool to provide an easy way of consistently applying applicable hot fixes and security bulletins to Adobe ColdFusion 8.0.1 or 9.0.1.


  1. Use of Unofficial Updater 2 is at your own risk
  2. ColdFusion Server/process should not be running when you use Unofficial Updater 2
  3. Unofficial Updater 2 can only be run against Adobe ColdFusion 8.0.1 or 9.0.1
  1. Unofficial Updater 2 is not endorsed by or have any ties to Adobe
  2. Unofficial Updater 2 is updated whenever Adobe releases a new (or changes) a hot fix or security bulletin
  1. Unofficial Updater 2 will need to be downloaded and run again when it is updated to apply all new (or changed) hot fix or security bulletin from Adobe

What it does

Unofficial Updater 2 asks specific questions about how Adobe ColdFusion is installed. It will then produce backups of any directories it will modify. Finally, it will download the applicable hot fixes and security bulletins from Adobe and apply them according to the published instructions. It only updates files, it will not modify any settings such as jvm.config, registry, etc. A list of files that Unofficial Updater 2 updates as compared to a clean install of Adobe ColdFusion 8.0.1 or 9.0.1 are listed below:

If you have modified files in CFIDE and/or WEB-INF they could be changed due to files contained in the updates from Adobe.

How to use

  1. Download the packaged JAR installer
  2. Stop the ColdFusion Server/process you are going to update
  3. Depending upon your system you might be able to double-click Unofficial-Updater2.jar to run it, otherwise it will need to be run from command line
  • GUI Installer
    • java -jar Unofficial-Updater2.jar
  • Text Installer
    • java -jar Unofficial-Updater2.jar text
  1. Walk through the screens putting the appropriate information
  • Be sure to fill the directory locations correctly, Unofficial Updater 2 will try to validate they are correct before letting you proceed to the next step
  1. Finish updater by pressing Apply Updates

Please see the Wiki for screenshots and walkthrough.


At the core, Unofficial Updater 2 is just an Apache Ant script. Ant was chosen since it could provide cross platform support. The ant script was wrapped with Ant Installer to create a GUI and text based interface which only require Java 1.5+ to be installed.

ColdFusion 8.0.1

All hot fixes and security bulletins published as of December 13, 2011 for ColdFusion 8.0.1 are applied except if they were superseded by a newer patch and the following:

Both kb404026 and CVE-2009-1876 require modifications to be done to the system configuration. kb404026 requires ability to modify the Windows registry and CVE-2009-1876 will modify the connector configuration. kb403750 is not installed since it does not seem to resolve all the issues and breaks other things.

ColdFusion 9.0.1

All hot fixes and security bulletins published as of December 13, 2011 for ColdFusion 9.0.1 are applied except if they were superseded by a newer patch.

Session Fixation (APSB11-04)

Please refer to the technote about the Session Fixation issue since Unofficial Updater 2 does not modify jvm.config.

Additional information on ColdFusion Session Fixation:


Backups are made one level up of the directory that is modified and are in the form {directory-name}-uu2-{datetime-stamp}.zip