Tuesday 12 March 2013

More ColdFusion hotfix shenanigans

You're probably aware that Adobe released a new tranche of cumulative hotfixes (CHFs) for ColdFusion 9 last Friday (8 March 2013). The details are blogged-about on the Adobe ColdFusion Blog, and the tech notes are here: ColdFusion 9 CHF 3, and ColdFusion 9.0.1 CHF 4 (these are the only two versions affected by this CHF as far as I can tell).

What you might be less aware of is that - once again - Adobe have gone in and changed one of the CHFs aftet they released it. This is the one for ColdFusion 9.0.1, and it's been changed because they didn't quite get it right the first time. This change was 11 March 2013, so if you installed CHF4 between March 8 and March 11, you might need to do it again. There are some convolutions to it, so it's best you read the associated blog article which kind of explains it.

I've already asked a coupla questions as to - basically - what the hell Adobe are thinking in changing a CHF after releasing it... again (twice in one week, basically).

A distillation of my line of questioning and responses from Nimit Sharma of Adobe is as follows.

Me (AC): Just to be clear, if we'd not installed CHF2, but HAD installed CHF4 on Friday, we now need to do it again?

Nimit Sharma (NS):
No, you need not to apply CHF4 again. You just need to download jpedal.zip file and follow the instructions mentioned in the technote.

AC: And what if we'd installed CHF3 at some stage, but had never installed CHF2?

NS: In this case, you need to apply CHF4, for more details refer: http://helpx.adobe.com/coldfusion/kb/cumulative-hotfix-4-coldfusion-901.html

AC: What's the story behind this? Did CHF2 (correctly) include jpedal, but CHF3 and the first CHF4 accidentally didn't? Just trying to read between the lines here.

NS: Yes, CHF2 had jpedal.jar file, but it is not there in CHF3 or CHF4. So, we added it separately.

AC: Rather than changing an existing hotfix (again!), would it not be more clear to the community to have released this as CHF5?

NS: It is a good suggestion, but we have not made any changes in the files which we shipped with CHF4. There is only one file(jpedal.jar) which we added.

AC (and this is the main thrust of my observation):

Hi Nimit, thanks for clarifying that.

But in regards to this comment "we have not made any changes in the files which we shipped with CHF4"...this just demonstrates that you guys just don't quite get how this stuff is supposed to work.

Once you release a patch (be that a single file, an aggregation of a bunch of files, or just some config instructions), that's it. You're not supposed to then go change it.

We should not be having discussions along the lines of "well if you've installed CHF2 then you don't need this version of CHF4, but if you've only done CHF3 or CHF4 (the one from last week) then you need to do this new CHF4". That's just nonsense.

I have to know that if I installed something called "CHF x" at a given point in time, I know exactly what that patch represents. It mustn't change.

What you SHOULD have done is released this new instruction as CHF5. Even if all the files bar one are the same, it's still a new patch level.

Equally "we have not made any changes in the files which we shipped with CHF4"... well yes you have. We now need to install this jpedal thing too. That's a change in the files you shipped with CHF4, isn't it?

Can you guys PLEASE adopt a coherent and non-ambiguous approach to releasing these patches. And you you also please focus more on whatever internal processes you have to make sure these things are released correctly in the first place. The last week or so have been an absolute joke as far as patching CF goes: it seems like it's just one cock-up after another. And it really really shouldn't be this hard, should it?

I'm sorry if I seem blunt, but this is a mess. And you have to shoulder responsibility for messing your clients around, and being a general disappointment recently (not you personally, Nimit, but the ColdFusion product in general). ColdFusion is better than that, and deserves to be treated better by the Adobe team.
Nimit might come back in response to this, but at the time I am writing this, that's the state of the discussion.

In hindsight the tone of that - especially the last two paras - might have been better to be posted here (where it's up to me what the suitability of the tone is), rather than on their blog, but so be it. I don't think anything I said is out of line, all things considered.

Can I recommend you "subscribe" to that thread, and keep an eye on what the hell is going on with these patches. If I hear anything else that we need to pay attention to, I'll let you know.