In the excitement surrounding the descent of Zeus from the heavens, an apparently important Java update from Oracle seems to have been missed, in the blogs I follow at least.

Charlie Arehart has explained why it is highly advisable to update the JVM which shipped with ColdFusion 8 and 9, but he was at pains to note that this doesn't necessarily mean always installing the latest patch, and certainly not the new 1.7 version of Java.

Adobe's official support currently extends only to Update 24 of Java 1.6, but there have been further patches since and the latest — number 31, issued on 14 February — contains "14 new security fixes across Java SE products" according to the advisory from Oracle.

Whether or not to install patches should always be considered carefully, but we have generally kept our servers current with the 1.6 Updates without any apparent issues.

Solr and the JVM

If like us you are running CF9 on 64bit Windows, then another worthwhile configuration tweak is to tell the bundled Solr service to use the same updated JVM as CF instead of the 32bit Jetty it's set to use by default. But thereafter you'll need to remember to update your solr.lax file as well as CF's jvm.config each time you update the JVM.