ColdFusion Builder constantly polls for the current scan status from the server and displays a progress bar. The progress bar reflects the percentage of completion of the current scan.
Last updated on
Jan 28, 2022
|
Also applies to ColdFusion 2016
Release notes
What's new and changed in ColdFusion (2016 release) Update 17
What's new and changed in ColdFusion (2016 release) Update 16
What's new and changed in ColdFusion (2016 release) Update 15
What's new and changed in ColdFusion (2016 release) Update 14
What's new and changed in ColdFusion (2016 release) Update 13
This update fixes the bugs that were reported in the previous update in the following areas:
- Language
- cfhttp
- Connector configuration
For more information, see the tech note for Update 13.
What's new and changed in ColdFusion (2016 release) Update 12
What's new and changed in ColdFusion (2016 release) Update 11
- Addresses security vulnerabilities mentioned in the security bulletin APSB19-27.
- Added support for the function FileAppend.
- Updates to LiveCycle Data Services. For more information, see the tech note for Update 11.
- Updates to JNBridge. For more information, see the tech note for Update 11.
What's new and changed in ColdFusion (2016 release) Update 10
For more information, see the tech note.
- Addresses security vulnerabilities mentioned in the security bulletin APSB19-14.
- In the ColdFusion Administrator, in Server Settings > Settings, there are is an option Blocked file extensions for CFFile uploads. By default, the following extensions are blocked. For more information, see Server Settings.
- AS
- ASP
- ASPX
- BIN
- CFC
- CFM
- CFML
- CFR
- CFSWF
- DMG
- EXE
- HBXML
- JSP
- JSPX
- JWS
- MXML
- PHP
- SWC
- SWS
- A new application setting blockedExtForFileUpload. For more information, see Application variables.
- The Admin API, setRuntimeProperty has a new property, BlockedExtForFileUpload. The values are a comma-separated list of file extensions to restrict file uploading of the appropriate files. For example,
<cfscript>
runtime = createObject("component", "CFIDE.adminapi.runtime");
runtime.setRuntimeProperty("BlockedExtForFileUpload","CFM,CFC,ASP, JSP");
</cfscript>
What's new and changed in ColdFusion (2016 release) Update 9
ColdFusion (2016 release) Update 9 (release date, 22 February 2019) includes fixes for a few critical bugs that were reported in Update 8.
You can also find the Docker image for Update 9.
For more information on Update 9, see the tech notes for Update 9.
What's new and changed in ColdFusion (2016 release) Update 8
For more information, see the tech note.
- Support for Java 11. To download installers for Java 11, see Downloads.
- Several important bug fixes in security, language, core runtime, document management, AJAX, and several other areas.
- Addresses security vulnerabilities as mentioned in the security bulletin APSB19-10. For the security fixes to take effect, ColdFusion must be on JDK 1.8.0_121 or higher.
- New parameter calendar in dayOfWeek.
- Support for Microsoft Exchange 2016.
- Support for the following OEMs:
- Jetty 9.4.12
- JPedal 8.6.2 for Document Management
- PDFgServlet 9.4.12
- Support for script variant of cfloop over an array, list, struct, or query. For examples,
<cfscript>
// List
myList="1,2,3,4"
cfloop(list=myList, index="i", item="j") {
writeOutput("index:" & i)
writeOutput("item:" & j & "")
}
</cfscript>
<cfscript>
// Array
myArray = ["John", "Paul", "George", "Ringo"];
cfloop(array="#myArray#", index="idx"){
writeOutput(#idx# & "");
}
</cfscript>
<cfscript>
// Struct
Team = {"Marketing" = "John", "Sales" : {"Executive" : "Tom", "Assistant" = "Mike"},"IT":{"Developers":{"Dev1":"Ashley","Dev2"="Jason"}}};
cfloop( collection="#Team#" ,item="key" ){
writeOutput(#Key# & ":");
writeOutput(#SerializeJSon(Team[key])#);
writeOutput("");
}
</cfscript>
<cfscript>
// Query
myQuery = queryNew("id,name,amount","Integer,Varchar,Integer", [ {id=1,name="One",amount=15}, {id=2,name="Two",amount=18}, {id=3,name="Three",amount=32}, {id=4,name="Four",amount=37}, {id=5,name="Five",amount=79}, {id=6,name="Six",amount=26} ]);
Start = 3;
End = 6;
cfloop(query = "myQuery", startRow = "#Start#", endRow = "#End#") {
writeOutput("#name# #amount#" & "");
}
</cfscript>
Bugs fixed in this release
For the detailed list of bugs fixed in this update, refer to Bugs fixed list.
Known issues in this release
For known issues in this release, refer to Known issues.
What's new and changed in ColdFusion (2016 release) Update 7
For more information, see the tech note.
- Security updates and bug fixes.
- Added a new function GetCanonicalPath.
- Addresses security vulnerabilities as mentioned in the security bulletin APSB18-33.
- Tomcat is upgraded from 8.5.28 to 8.5.32.
- OpenSSL is upgraded to 1.0.2p for PDFgServlet.
Bugs fixed in this release
For the detailed list of bugs fixed in this update, refer to Bugs fixed list.
Known issues in this release
For known issues in this release, refer to Known issues.
What's new and changed in ColdFusion (2016 release) Update 6
For more information, see the tech note.
- Security updates
- Bug fixes
- Addresses vulnerabilities mentioned in APSB18-14
- Tomcat is upgraded to version 8.5.28 and OpenSSL is upgraded to 1.0.2n.
Bugs fixed in this release
For a list of bugs fixed in Update 6, see Bugs fixed.
Known issues in this release
For known issues in Update 6, see Known issues.
What's new and changed in ColdFusion (2016 release) Update 5
For more information, see the tech note.
- Security updates
- Bug fixes
- Addresses vulnerabilities mentioned in APSB17-30
Bugs fixed in this release
For a list of bugs fixed in Update 5, see Bugs fixed.
Known issues in this release
For known issues in Update 5, see Known issues.
What's new and changed in ColdFusion (2016 release) Update 4
For more information, see the tech note.
New attributes for tags
- cflogout has a new attribute applicationToken
- cfmailparam has a new attribute decode
Configuring properties related to scheduler in cluster setup
We have added a new file quartz.cluster.properties, located in cfusion /lib/quartz.
This file can be used to configure properties related to scheduler when setting up a cluster.
The basic properties that are added in the file are:
org.quartz.scheduler.rmi.export: false org.quartz.scheduler.rmi.proxy: false org.quartz.scheduler.wrapJobExecutionInUserTransaction: false org.quartz.threadPool.class: org.quartz.simpl.SimpleThreadPool org.quartz.threadPool.threadCount: 13 org.quartz.threadPool.threadPriority: 5 org.quartz.threadPool.threadsInheritContextClassLoaderOfInitializingThread: true org.quartz.jobStore.misfireThreshold: 60000
Enabling Search Engine Safe (SES) URLs on an app server
To enable SES URLs on an app server other than Tomcat, modify the web.xml file present inside WEB-INF. For more information, see Enabling SES URLs.
Tomcat upgrade
Tomcat has been upgraded to ver 8.5.11.
Bugs fixed in this release
For a list of bugs fixed in Update 4, see Bugs fixed.
Known issues in this release
For a list of known issues in Update 4, see Known issues.
Note:
This update contains support for Windows Server 2016.
What's new and changed in ColdFusion (2016 release) Update 3
For more information, see the tech note.
Coldfusion (2016 release) includes support for Windows 10 version 1067 and IBM Websphere Application Server 9.
Support for sorted structs
In Update 3, there is support for sorted structs. You can create a struct of type ordered with sort type as text and sort order as ascending. For example,
<cfscript>
someStruct=StructNew("ordered","text","asc",false);
someStruct.jonas = {age=26, department="IT"};
someStruct.jason= {age=29, department="Analytics"};
someStruct.johnnie = {age=31, department="Accounting"};
someStruct.john = {age=31, department="Audit"};
WriteDump(someStruct);
</cfscript>
For more information, refer to the following documentation:
Change in ArraySum function
There is a new parameter ignoreUndefined in ArraySum.
If you set this parameter to true, the function ignores null or " " values when adding array elements.
For more information, see ArraySum.
StructToSorted function
In this release, there is a new function StructToSorted that converts any struct to a sorted struct. For more information, see StructToSorted.
There is also the equivalent member function ToSorted. See member functions for more information.
Changes in cfhtmltopdfitem tag
There is a new attribute evalAtPrint for cfhtmltopdfitem tag.
If set to true, then the content of cfhtmltopdfitem is evaluated after the PDF has been generated and the page numbers are available for each page. This allows you to have some conditional code inside the cfhtmltopdfitem .
For more information, see cfhtmltopdfitem .
Change in cfhtmltopdf tag
There is a new attribute language in cfhtmltopdf tag.
Use this attribute to set the language in the document. The default is "English".
For more information see cfhtmltopdf .
Also in cfhtmltopdf tag, processing directive tag is now available for all tags for NeoPageContext.
Changes in cfobject tag and createobject function
There are new attributes domain, username, and password for cfobject tag and CreateObject function.
For more information, refer to the following documentation:
QueryGetResult function
In Update 3, there is a new function QueryGetResult that returns the metadata of a query.
For more information, see QueryGetResult.
Updated image functions
In the functions imageScaleToFit and imageResize, you can now specify the blurFactor as zero. The valid range for blurFactor is 0-10. For more information, see:
IsDateObject function
There is a new function IsDateObject that determines whether a value is a date/time object.
For more information, see IsDateObject.
Change in IsValid function
In the IsValid function, a new type datetime_object is added. This type represents any valid ColdFusion date/time object. For more information, see IsValid.
For example, the code sample below returns true.
<cfscript>
writeoutput(isValid("datetime_object",now())); //returns TRUE
</cfscript>
Change in LSTimeFormat function
In the LSTimeFormat function, the time format is now in hh:mm:ss, instead of hh:mm. For example, LSTimeFormat(CreateDateTime(2003,05,14,17,22,00)) displays 5:22:00 PM instead of 5:22 PM.
For more information, see LSTimeFormat.
Change in DateFormat function
In the DateFormat function, the following are new and updated:
- You can use both lowercase and uppercase letters as mask characters.
- There are new masks.
For more information, see DateFormat.
Change in DateTimeFormat function
In the DateTimeFormat function, you can use the following masks as shown below:
- t: Displays single-character time marker string, for example, A or P.
- tt: Displays multi-character time marker string, for example, AM or PM.
For more information, see DateTimeFormat.
In the code sample below,
<cfscript>
WriteOutput(DateTimeFormat(now(),"tt")); // Displays AM or PM
WriteOutput(DateTimeFormat(now(),"t")); // Displays A or P
</cfscript>
Change in LSDateTimeFormat function
In the LSDateTimeFormat function, you can use the following masks as shown below:
- t: Displays single-character time marker string, for example, A or P.
- tt: Displays multi-character time marker string, for example, AM or PM.
For more information, see LSDateTimeFormat.
In the code sample below,
<cfscript>
WriteOutput(LSDateTimeFormat(now(),"tt")); // Displays AM or PM
WriteOutput(LSDateTimeFormat(now(),"t")); // Displays A or P
</cfscript>
Change in LSParseDateTime function
In the LSParseDateTime function, you can use the masks t and tt to create a date/time object. For single-character time marker string, use t. For multiple-character time marker string, use tt.
In addition, to specify minutes, use nn instead of mm.
For more information, see LSParseDateTime.
In the code sample below,
<cfscript>
WriteOutput(LSParseDateTime("9/19/2016 1:52 PM","en","m/dd/yyyy h:nn tt")); // Returns {ts '2016-09-19 13:52:00'}
</cfscript>
Bugs fixed in this release
For the list of bugs fixed in Update 3, see the Bugs fixed document.
Known issues in this release
To view the known issue in Update 3, see Known issues.
What's new and changed in ColdFusion (2016 release) Update 2
Installation of Update 2
JSON serialization of struct and array
Serializing structs
The Update 2 introduces a way of specifying the datatype for keys in a struct. You set the datatype through the function setMetadata. The function takes an argument of type struct. The struct contains the value as the datatype.
For example:
<cfscript>
example = structnew("ordered");
example.firstname = "Yes";
example.lastname = "Man";
// Default serialization converting string Yes to true
writeoutput(SerializeJSON(example) & "|");
</cfscript>
The sample produces the output:
{"FIRSTNAME":true,"LASTNAME":"Man"}
In the output, you can see that the key=" firstname " has a Boolean value because there is no datatype information for the key value.
Using the setMedata function,
<cfscript>
example = structnew("ordered");
example.firstname = "Yes";
example.lastname = "Man";
// Default Serialization Converting String Yes to true
writeoutput(SerializeJSON(example) & "|");
// changing the default serialization by specifying the type of "firstname" as string
metadata = {firstname: {type:"string"}};
example.setMetadata(metadata);
writeoutput(SerializeJSON(example));
</cfscript>
The sample produces the following output:
{"FIRSTNAME":true,"LASTNAME":"Man"}
{"FIRSTNAME":"Yes","LASTNAME":"Man"}
For more information, see Serializing structs.
New Application.cfc variable
To set the metadata for a value in a struct, there is a new variable, serialization.structmetadata.
For example, if this .serialization. structmetadata = {zipcode="String"}; , you need not define the data type for zipcode for the struct that contains this key.
If you define the datatype for zipcode in the struct itself, then the defined datatype at struct level takes priority over the one defined in Application.cfc.
Fore more information, see Application.cfc variables.
Serializing arrays
You can use the setMetadata function to set the datatype to the array members. If all the items in the array have the same datatype, you can specify the datatype of a value as a struct, as shown in the samples below:
<cfscript>
tags = ["struct", "json", "serialization", 2016, "HF2", "metadata"];
WriteOutput(serializejSON(tags));
</cfscript>
The sample produces the following output:
["struct","json","serialization",2016,"HF2","metadata"]
Using the setMetadata function,
<cfscript>
tags = ["struct", "json", "serialization", 2016, "HF2", "metadata"];
tags.setmetadata({items: "string"});
writeoutput(serializejSON(tags));
</cfscript>
The sample produces the following output:
["struct","json","serialization","2016","HF2","metadata"]
For more information, see Array serialization.
Configuring SSL in API Manager
Configure SSL so that you can access the API Manager portals over HTTPS for better security and encryption. For more information, see Configuring SSL.
Changes in NTLM
The ntlmDomain attribute is required if a user is part of a domain. When the user is not part of a domain, the ntlmDomain attribute is optional. For more information, refer to the documentation of the following:
Applying Update 2 to API Manager
Perform the following steps before applying the update using the ColdFusion administrator and being logged as a non-root user:
- Stop the API Manager Analytics and Datastore services that are running as root.
- Use the command below to set the permissions for the API Manager database file system objects:
chown -R
For example, chwon -R nobody /opt/coldfusion2016apimanager/database
CAR settings migration
After deploying a car file in ColdFusion (2016 release) Update 2, some settings are not migrated. To see the list of non-migrated settings, refer to Deploying ColdFusion applications.
New member functions
The Update 2 includes new member functions for the following:
For more information, see Member functions in ColdFusion.
Introduction of CK Editor
FCK Editor has been deprecated. You can now customize and design text areas in a form using CK Editor in the cftextarea tag. For more information, refer to the following:
Bugs fixed in this release
For a list of bugs fixed in Update 2, see Bugs fixed.
Known issues in this release
For a list of known issues in Update 2, see Known issues.
What's new and changed in ColdFusion (2016 release) Update 1
For more information, see the tech note.
Installation of Update 1
To install Update 1, refer to this document.
New version of Tomcat
Apache Tomcat has been upgraded to version 8.0.32.
Updates to Security Analyzer
The update 1 consists of significant enhancements and fixes to Security Code Analyzer that was introduced in ColdFusion (2016 release).
Security Analyzer enables developers to avoid common security pitfalls and vulnerabilities, such as, SQL Injection and XSS attacks while writing code.
The updates to Security Analyzer are as follows:
-
-
You can cancel a current scan and run a new one. Click Cancel to terminate the current scan.
-
You can choose multiple files or folders and scan specific files in a directory instead of scanning the entire directory.
-
There is a new tab Unscanned Files that displays a list of encrypted files and files with syntax errors.
-
Security Analyzer relies on asynchronous calls to the server, which results in better performance during scans and avoid RDS timeouts.
-
The status command now returns the following fields:
- percentage: Shows the percentage of scan completed
- totalfiles: Number of files to be scanned
- scannedfiles: Number of files scanned so far
- lastupdated: Timestamp of the last scanned file
Updates to API Manager
You can reset a password in ColdFusion API Manager. Click Forgot Password in the login screen and enter your user name to receive an email to reset the password.
As an administrator, you can enforce the number of invalid password attempts and password lockout via the following settings in the Security Configuration screen.
For more information, see Security settings.
You can also add an e-mail address from where users get password reset mails . For more information, see Mail configuration.
In addition, you can modify the mail template including the subject and the body. For more information, see Modify template.
Note:
In this release, only Portal users can request for a new password using the Forgot Password link.
Known issues in this release
For a list of known issues, see Known issues.
Issues fixed in this release
For a list of issues fixed, see Bug fixes in update 1.