How to update the AntiSamy jar file in ColdFusion 11?

Question

I need to update the OWASP AntiSamy jar file which is located at ColdFusion11\cfusion\lib

The file currently in there is antisamy-1.4.4.jar but I want to update this to the latest version which is antisamy-1.5.3.jar which I have downloaded from OWASP and placed in the cfusion\lib folder.

Does anyone know how I can tell ColdFusion to use the latest version of the file? Is the path to the file in some configuration file anywhere?

In CF Administrator I can see both the old file and new file under 'Settings Summary' but how do I know which one its using to power the GetSafeHTML function?

Answer 1

I want to update this to the latest version

AFAIK, there is no list of individual files. At least not for the "core" jar files used by the CF Server. It simply checks certain directories like {cf_root}\lib, web-inf\lib, etcetera and loads any *.jar files it finds.

If you want CF to use a different version for core tags and functions, you must replace the existing jar file with the new one. The actual jar file ame does not matter. What is important is having only a single version of the library in the CF class path. Otherwise, CF will simply use the first version it finds.

You can also try placing the new jar file in the jvm's lib/ext directory. IIRC, those jars should take precedence over the ones in {cf_root}\lib.

NB: Since you are replacing/overriding the version used by CF, you should do some testing to verify the new version of the library is backward compatible and that replacing it does not break anything. As noted in the comments below, there is always a risk of problems when messing with CF's built in jar files...