Adobe ColdFusion (2016 release) Updates Release Notes

Adobe ColdFusion Builder is End of Life from Oct 1, 2024

Thank you for being part of the exciting journey of Adobe ColdFusion Builder.

As Adobe continues to focus on ColdFusion Builder extension for Visual Studio Code as the IDE for Adobe ColdFusion, we have decided to End of Life (EOL) Adobe ColdFusion Builder on Oct 1, 2024.

View the End of Life (EOL) announcement for ColdFusion Builder.

Release notes

What's new and changed in ColdFusion (2016 release) Update 17

ColdFusion (2016 release) Update 17 (release date, 22 March, 2021) includes fixes for the the security vulnerabilities that were reported in APSB21-16.

For more information, see the tech note for Update 17.

What's new and changed in ColdFusion (2016 release) Update 16

ColdFusion (2016 release) Update 16 (release date, 14 July, 2020) includes fixes for the the security vulnerabilities that were reported in APSB20-43.

For more information, see the tech note for Update 16.

What's new and changed in ColdFusion (2016 release) Update 15

ColdFusion (2016 release) Update 15 (release date, 14 April, 2020) includes fixes for the the security vulnerabilities that were reported in APSB20-18.

For more information, see the tech note for Update 15.

What's new and changed in ColdFusion (2016 release) Update 14

This update (release date: 17 March, 2020) addresses security vulnerabilities mentioned in the security bulletin APSB20-16.

For more information, see the tech note for Update 14.

What's new and changed in ColdFusion (2016 release) Update 13

This update fixes the bugs that were reported in the previous update in the following areas:

  • Language
  • cfhttp
  • Connector configuration

For more information, see the tech note for Update 13.

What's new and changed in ColdFusion (2016 release) Update 12

  • Addresses security vulnerabilities mentioned in the security bulletin APSB19-47.
  • Support for JDK 12.
  • The following have been upgraded to:
    • Apache Tika 1.21
    • Batik XML 1.11
    • Tomcat 8.5.42
    • ZingChart 2.8.6

 For more information, see the tech note for Update 12.

What's new and changed in ColdFusion (2016 release) Update 11

  • Addresses security vulnerabilities mentioned in the security bulletin APSB19-27.
  • Added support for the function FileAppend.
  • Updates to LiveCycle Data Services. For more information, see the tech note for Update 11.
  • Updates to JNBridge. For more information, see the tech note for Update 11.

What's new and changed in ColdFusion (2016 release) Update 10

For more information, see the tech note.

  • Addresses security vulnerabilities mentioned in the security bulletin APSB19-14.
  • In the ColdFusion Administrator, in Server Settings > Settings, there are is an option Blocked file extensions for CFFile uploads.  By default, the following extensions are blocked. For more information, see Server Settings
    • AS
    • ASP
    • ASPX
    • BIN
    • CFC
    • CFM
    • CFML
    • CFR
    • CFSWF
    • DMG
    • EXE
    • HBXML
    • JSP
    • JSPX
    • JWS
    • MXML
    • PHP
    • SWC
    • SWS
  • A new application setting blockedExtForFileUpload. For more information, see Application variables.
  • The Admin API, setRuntimeProperty has a new property, BlockedExtForFileUpload. The values are a comma-separated list of file extensions to restrict file uploading of the appropriate files. For example,
<cfscript>
    runtime = createObject("component", "CFIDE.adminapi.runtime");
    runtime.setRuntimeProperty("BlockedExtForFileUpload","CFM,CFC,ASP, JSP");
</cfscript>

What's new and changed in ColdFusion (2016 release) Update 9

ColdFusion (2016 release) Update 9 (release date, 22 February 2019) includes fixes for a few critical bugs that were reported in Update 8.

You can also find the Docker image for Update 9.

For more information on Update 9, see the tech notes for Update 9.

What's new and changed in ColdFusion (2016 release) Update 8

For more information, see the tech note.

  • Support for Java 11. To download installers for Java 11, see Downloads.
  • Several important bug fixes in security, language, core runtime, document management, AJAX, and several other areas.
  • Addresses security vulnerabilities as mentioned in the security bulletin APSB19-10. For the security fixes to take effect, ColdFusion must be on JDK 1.8.0_121 or higher.
  • New parameter calendar in dayOfWeek.
  • Support for Microsoft Exchange 2016.
  • Support for the following OEMs:
    • Jetty 9.4.12
    • JPedal 8.6.2 for Document Management
    • PDFgServlet 9.4.12
  • Support for script variant of cfloop over an array, list, struct, or query. For examples,

<cfscript>
    // List
    myList="1,2,3,4"
    cfloop(list=myList, index="i", item="j") {
        writeOutput("index:" & i)
        writeOutput("item:" & j & "")
    }
</cfscript>

 

<cfscript>
    // Array
    myArray = ["John", "Paul", "George", "Ringo"];
    cfloop(array="#myArray#", index="idx"){
        writeOutput(#idx# & "");
    }
</cfscript>

 

<cfscript>
    // Struct
   Team = {"Marketing" = "John", "Sales" : {"Executive" : "Tom", "Assistant" = "Mike"},"IT":{"Developers":{"Dev1":"Ashley","Dev2"="Jason"}}};
   cfloop( collection="#Team#" ,item="key" ){
        writeOutput(#Key# & ":");
        writeOutput(#SerializeJSon(Team[key])#);
        writeOutput("");
    }
</cfscript>

 

<cfscript>
    // Query
    myQuery = queryNew("id,name,amount","Integer,Varchar,Integer", [ {id=1,name="One",amount=15}, {id=2,name="Two",amount=18}, {id=3,name="Three",amount=32}, {id=4,name="Four",amount=37}, {id=5,name="Five",amount=79}, {id=6,name="Six",amount=26} ]);
    Start = 3;
    End = 6;
    cfloop(query = "myQuery", startRow = "#Start#", endRow = "#End#") {
        writeOutput("#name# #amount#" & "");
    }
</cfscript>

Bugs fixed in this release

For the detailed list of bugs fixed in this update, refer to Bugs fixed list.

Known issues in this release

For known issues in this release, refer to Known issues.

What's new and changed in ColdFusion (2016 release) Update 7

For more information, see the tech note.

  • Security updates and bug fixes.
  • Added a new function GetCanonicalPath.
  • Addresses security vulnerabilities as mentioned in the security bulletin APSB18-33.
  • Tomcat is upgraded from 8.5.28 to 8.5.32.
  • OpenSSL is upgraded to 1.0.2p for PDFgServlet.

Bugs fixed in this release

For the detailed list of bugs fixed in this update, refer to Bugs fixed list.

Known issues in this release

For known issues in this release, refer to Known issues.

What's new and changed in ColdFusion (2016 release) Update 6

For more information, see the tech note.

  • Security updates
  • Bug fixes
  • Addresses vulnerabilities mentioned in APSB18-14
  • Tomcat is upgraded to version 8.5.28 and OpenSSL is upgraded to 1.0.2n.

Bugs fixed in this release

For a list of bugs fixed in Update 6, see Bugs fixed.

Known issues in this release

For known issues in Update 6, see Known issues.

What's new and changed in ColdFusion (2016 release) Update 5

For more information, see the tech note.

  • Security updates
  • Bug fixes
  • Addresses vulnerabilities mentioned in APSB17-30

Bugs fixed in this release

For a list of bugs fixed in Update 5, see Bugs fixed.

Known issues in this release

For known issues in Update 5, see Known issues.

What's new and changed in ColdFusion (2016 release) Update 4

For more information, see the tech note.

New attributes for tags

Configuring properties related to scheduler in cluster setup

We have added a new file quartz.cluster.properties, located in cfusion /lib/quartz.

This file can be used to configure properties related to  scheduler  when setting up a cluster.

The basic properties that are added in the file are:

org.quartz.scheduler.rmi.export: false
org.quartz.scheduler.rmi.proxy: false
org.quartz.scheduler.wrapJobExecutionInUserTransaction: false
org.quartz.threadPool.class: org.quartz.simpl.SimpleThreadPool

org.quartz.threadPool.threadCount: 13
org.quartz.threadPool.threadPriority: 5

org.quartz.threadPool.threadsInheritContextClassLoaderOfInitializingThread: true
org.quartz.jobStore.misfireThreshold: 60000

Enabling Search Engine Safe (SES) URLs on an app server

To enable SES URLs on an app server other than Tomcat, modify the web.xml file present inside WEB-INF. For more information, see Enabling SES URLs.

Tomcat upgrade

Tomcat has been upgraded to ver 8.5.11.

Bugs fixed in this release

For a list of bugs fixed in Update 4, see Bugs fixed.

Known issues in this release

For a list of known issues in Update 4, see Known issues.

Note:

This update contains support for Windows Server 2016.

What's new and changed in ColdFusion (2016 release) Update 3

For more information, see the tech note.

Coldfusion (2016 release) includes support for Windows 10 version 1067 and IBM Websphere Application Server 9. 

Support for sorted structs

In Update 3, there is support for sorted structs. You can create a struct of type ordered with sort type as text and sort order as ascending. For example,

<cfscript>
       someStruct=StructNew("ordered","text","asc",false);
       someStruct.jonas = {age=26, department="IT"};
       someStruct.jason= {age=29, department="Analytics"};
       someStruct.johnnie = {age=31, department="Accounting"};
       someStruct.john = {age=31, department="Audit"};
       WriteDump(someStruct);     
</cfscript>

For more information, refer to the following documentation:

Change in ArraySum function

There is a new parameter ignoreUndefined in ArraySum.

If you set this parameter to true, the function ignores null or " " values when adding array elements.

For more information, see ArraySum.

StructToSorted function

In this release, there is a new function StructToSorted that converts any struct to a sorted struct. For more information, see StructToSorted.

There is also the equivalent member function ToSorted. See member functions for more information.

Changes in cfhtmltopdfitem tag

There is a new attribute evalAtPrint for cfhtmltopdfitem tag.

If set to true, then the content of cfhtmltopdfitem is evaluated after the PDF has been generated and the page numbers are available for each page. This allows you to have some conditional code inside the cfhtmltopdfitem .

For more information, see  cfhtmltopdfitem .

Change in cfhtmltopdf tag

There is a new attribute language in cfhtmltopdf tag.

Use this attribute to set the language in the document. The default is "English".

For more information see cfhtmltopdf .

Also in cfhtmltopdf tag, processing directive tag is now available for all tags for NeoPageContext.

Changes in cfobject tag and createobject function

There are new attributes domain, username, and password for cfobject tag and CreateObject function.

For more information, refer to the following documentation:

QueryGetResult function

In Update 3, there is a new function QueryGetResult that returns the metadata of a query.

For more information, see QueryGetResult.

Updated image functions

In the functions imageScaleToFit and imageResize, you can now specify the blurFactor as zero. The valid range for blurFactor is 0-10. For more information, see:

IsDateObject function

There is a new function IsDateObject that determines whether a value is a date/time object.

For more information, see IsDateObject.

Change in IsValid function

In the IsValid function, a new type datetime_object is added. This type represents any valid ColdFusion date/time object. For more information, see IsValid.

For example, the code sample below returns true.

<cfscript>
       writeoutput(isValid("datetime_object",now())); //returns TRUE
</cfscript>

Change in LSTimeFormat function

In the LSTimeFormat function, the time format is now in hh:mm:ss, instead of hh:mm. For example, LSTimeFormat(CreateDateTime(2003,05,14,17,22,00)) displays 5:22:00 PM instead of 5:22 PM.

For more information, see LSTimeFormat.

Change in DateFormat function

In the DateFormat function, the following are new and updated:

  • You can use both lowercase and uppercase letters as mask characters.
  • There are new masks.

For more information, see DateFormat.

Change in DateTimeFormat function

In the DateTimeFormat function, you can use the following masks as shown below:

  • t: Displays single-character time marker string, for example, A or P.
  • tt: Displays multi-character time marker string, for example, AM or PM.

For more information, see DateTimeFormat.

In the code sample below,

<cfscript>
       WriteOutput(DateTimeFormat(now(),"tt")); // Displays AM or PM
       WriteOutput(DateTimeFormat(now(),"t")); // Displays A or P
</cfscript>

Change in LSDateTimeFormat function

In the LSDateTimeFormat function, you can use the following masks as shown below:

  • t: Displays single-character time marker string, for example,  A or  P.
  • tt: Displays multi-character time marker string, for example, AM or PM.

For more information, see LSDateTimeFormat.

In the code sample below,

<cfscript>
       WriteOutput(LSDateTimeFormat(now(),"tt")); // Displays AM or PM
       WriteOutput(LSDateTimeFormat(now(),"t")); // Displays A or P
</cfscript>

Change in LSParseDateTime function

In the LSParseDateTime function, you can use the masks t and tt to create a date/time object. For single-character time marker string, use t. For multiple-character time marker string, use tt.

In addition, to specify minutes, use nn instead of mm.

For more information, see LSParseDateTime.

In the code sample below,

<cfscript>
       WriteOutput(LSParseDateTime("9/19/2016 1:52 PM","en","m/dd/yyyy h:nn tt")); // Returns {ts '2016-09-19 13:52:00'}
</cfscript>

Bugs fixed in this release

For the list of bugs fixed in Update 3, see the Bugs fixed document.

Known issues in this release

To view the known issue in Update 3, see Known issues.

What's new and changed in ColdFusion (2016 release) Update 2

Installation of Update 2

For more information, see the tech note.

To install Update 2, refer to this document.

JSON serialization of struct and array

Serializing structs

The Update 2 introduces a way of specifying the datatype for keys in a struct. You set the datatype through the function setMetadata. The function takes an argument of type struct. The struct contains the value as the datatype.

For example:

<cfscript>
 example = structnew("ordered");
 example.firstname = "Yes";
 example.lastname = "Man";
 // Default serialization converting string Yes to true
 writeoutput(SerializeJSON(example) & "|");
</cfscript>

The sample produces the output:

{"FIRSTNAME":true,"LASTNAME":"Man"}

In the output, you can see that the key=" firstname " has a Boolean value because there is no datatype information for the key value.

Using the setMedata function, 

<cfscript>
 example = structnew("ordered");
 example.firstname = "Yes";
 example.lastname = "Man";
 // Default Serialization Converting String Yes to true
 writeoutput(SerializeJSON(example) & "|");
 // changing the default serialization by specifying the type of "firstname" as string
 metadata = {firstname: {type:"string"}};
 example.setMetadata(metadata);
 writeoutput(SerializeJSON(example));
</cfscript>

The sample produces the following output:

{"FIRSTNAME":true,"LASTNAME":"Man"}

{"FIRSTNAME":"Yes","LASTNAME":"Man"}

For more information, see Serializing structs.

New Application.cfc variable

To set the metadata for a value in a struct, there is a new variable, serialization.structmetadata.

For example, if this .serialization. structmetadata = {zipcode="String"}; ,  you need not define the data type for zipcode for the struct that contains this key.

If you define the datatype for zipcode in the struct itself, then the defined datatype at struct level takes priority over the one defined in Application.cfc.

Fore more information, see Application.cfc variables.

Serializing arrays

You can use the setMetadata function to set the datatype to the array members. If all the items in the array have the same datatype, you can specify the datatype of a value as a struct, as shown in the samples below:

<cfscript>
       tags  = ["struct", "json", "serialization", 2016, "HF2", "metadata"];
       WriteOutput(serializejSON(tags));
</cfscript>

The sample produces the following output:

["struct","json","serialization",2016,"HF2","metadata"]

Using the setMetadata function,

<cfscript>
       tags  = ["struct", "json", "serialization", 2016, "HF2", "metadata"];
       tags.setmetadata({items: "string"});
       writeoutput(serializejSON(tags));
</cfscript>

The sample produces the following output:

["struct","json","serialization","2016","HF2","metadata"]

For more information, see Array serialization.

Configuring SSL in API Manager

Configure SSL so that you can access the API Manager portals over HTTPS for better security and encryption. For more information, see Configuring SSL.

Changes in NTLM

The ntlmDomain attribute is required if a user is part of a domain. When the user is not part of a domain, the ntlmDomain attribute is optional. For more information, refer to the documentation of the following:

Applying Update 2 to API Manager

Perform the following steps before applying the update using the ColdFusion administrator and being logged as a non-root user:

  1. Stop the API Manager Analytics and Datastore services that are running as root.
  2. Use the command below to set the permissions for the API Manager database file system objects:

    chown  -R

    For example,   chwon  -R nobody /opt/coldfusion2016apimanager/database

CAR settings migration

After deploying a car file in ColdFusion (2016 release) Update 2, some settings are not migrated. To see the list of non-migrated settings, refer to Deploying ColdFusion applications.

New member functions

The Update 2 includes new member functions for the following:

For more information, see Member functions in ColdFusion.

Introduction of CK Editor

FCK Editor has been deprecated. You can now customize and design text areas in a form using CK Editor in the cftextarea  tag. For more information, refer to the following:

Bugs fixed in this release

For a list of bugs fixed in Update 2, see Bugs fixed.

Known issues in this release

For a list of known issues in Update 2, see Known issues.

What's new and changed in ColdFusion (2016 release) Update 1

For more information, see the tech note.

Installation of Update 1

To install Update 1, refer to this document.

New version of Tomcat

Apache Tomcat has been upgraded to version 8.0.32. 

Updates to Security Analyzer 

The update 1 consists of significant enhancements and fixes to Security Code Analyzer that was introduced in ColdFusion (2016 release).

Security Analyzer enables developers to avoid common security pitfalls and vulnerabilities, such as, SQL Injection and XSS attacks while writing code.

The updates to Security Analyzer are as follows:

  1. ColdFusion Builder constantly polls for the current scan status from the server and displays a progress bar. The progress bar reflects the percentage of completion of the current scan.

  2. You can cancel a current scan and run a new one. Click Cancel to terminate the current scan.

  3. You can choose multiple files or folders and scan specific files in a directory instead of scanning the entire directory.

  4. There  is  a new tab Unscanned Files that displays a list of encrypted files and files with syntax errors.

  5. Security Analyzer relies on asynchronous calls to the server, which results in better performance during scans and avoid RDS timeouts.

  6. The status command now returns the following fields:

    • percentage: Shows the percentage of scan completed
    • totalfiles: Number of files to be scanned
    • scannedfiles: Number of files scanned so far
    • lastupdated: Timestamp of the last scanned file

Updates to API Manager

You can reset a password in ColdFusion API Manager. Click Forgot Password in the login screen and enter your user name  to receive an email to reset the password.

As an administrator, you can enforce the number of invalid password attempts and password lockout via the following settings in the Security Configuration screen.

For more information, see Security settings.

You can also add an e-mail address from where users get password reset mails . For more information, see Mail configuration.

In addition, you can modify the mail template including the subject and the body. For more information, see Modify template.

Note:

In this release, only Portal users can request for a new password using the Forgot Password link.

Known issues in this release

For a list of known issues, see Known issues.

Issues fixed in this release

For a list of issues fixed, see Bug fixes in update 1.

Get help faster and easier

New user?