Adobe ColdFusion (2018 release) Updates Release Notes

Adobe ColdFusion (2018 release) Updates Release Notes

What's new and changed in ColdFusion (2018 release) Update 17

ColdFusion (2018 release) Update 17 (release date, 11 July, 2023) addresses vulnerabilities that could lead to arbitrary code execution and security feature bypass.

For more information, see the security bulletin APSB23-40.

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2018 release) Update 16

ColdFusion (2018 release) Update 16 (release date, 14 March, 2023) addresses vulnerabilities that could lead to arbitrary code execution, arbitrary file system read, and memory leak.

For more information, security bulletin APSB23-25.

New jvm flags

In this update, we've disabled cfclient by default. If you need to enable it, there is a new flag to do it.

  • -Dcoldfusion.cfclient.enable=true/false

Doing so will enable cfclient, but will allow only CFCs to be read. To allow other files to be read, use the flag listed below:

  • -Dcoldfusion.cfclient.allowNonCfc=true/false

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2018 release) Update 15

ColdFusion (2018 release) Update 15 (release date, 11 October 2022) addresses vulnerabilities that are mentioned in the security bulletin APSB22-44.

This release also contains support for macOS 12 (Monterey).

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2018 release) Update 14

ColdFusion (2018 release) Update 14 (release date, 10 May, 2022) addresses vulnerabilities that are mentioned in the security bulletin APSB22-22.

This release also contains the following library upgrades:

  • Tomcat 9.0.60
  • jQuery 3.6.0
  • jQuery UI 1.13.1
  • Log4j 2.17.2

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2018 release) Update 13

ColdFusion (2021 release) Update 3 (release date, 17 December, 2021) addresses vulnerabilities that are mentioned in CVE-2021-44228 and CVE-2021-45046.

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2018 release) Update 12

ColdFusion (2018 release) Update 12 (release date, 14 September, 2021) addresses vulnerabilities mentioned in the security bulletin, APSB21-75, and contains bug fixes.

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2018 release) Update 11

ColdFusion (2018 release) Update 11 (release date, 22 March, 2021) addresses vulnerabilities that are mentioned in the security bulletin, APSB21-16.

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2018 release) Update 10

ColdFusion (2018 release) Update 10 (release date, 14 July, 2020) addresses vulnerabilities that are mentioned in the security bulletin, APSB20-43.

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2018 release) Update 9

ColdFusion (2018 release) Update 9 (release date, 14 April, 2020) addresses vulnerabilities that are mentioned in the security bulletin, APSB20-18.

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2018 release) Update 8

ColdFusion (2018 release) Update 8 (release date, 17 March, 2020) addresses vulnerabilities that are mentioned in the security bulletin, APSB20-16.

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2018 release) Update 7

ColdFusion (2018 release) Update 7 (release date, 10 Dec, 2019) addresses vulnerabilities that are mentioned in the security bulletin, APSB19-58.

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2018 release) Update 6

This update fixes the bugs that were reported in the previous update for the following:

  • Lambda functions
  • Nested structs
  • Nested output
  • Connector configuration

For more information, see the tech notes for Update 6.

What's new and changed in ColdFusion (2018 release) Update 5

Security

The Update 5 of the 2018 release of ColdFusion addresses security vulnerabilities mentioned in the security bulletin APSB19-47.

For more information, see the tech notes for Update 5.

Language enhancements

New Array functions:

New Struct functions:

New Query functions:

Other language upates:

Arrow functions

ColdFusion (2018 release) Update 5 introduces a new way of writing functions, known as Arrow Function or Fat Arrow Function (=>).

For more information, see Arrow functions in ColdFusion.

ColdFusion Administrator changes

Application

Application Server support

Server

Version

WildFly

17

Tomcat

9.0.21

OEM upgrades

OEM

Version

JDK

12

Tomcat

9.0.21

Apache Tika

1.21

Batik XML

1.11

ZingChart

2.8.6

Derby jars

10.11

MySQL

8

Operating System support

OS

Version

RHEL

8

Ubuntu

19

SLES

15

CentOS

7.6

What's new and changed in ColdFusion (2018 release) Update 4

  • Addresses security vulnerabilities mentioned in the security bulletin APSB19-27.
  • Added support for the function FileAppend.
  • Added support for the following platforms:
    • IBM PowerPC based RHEL 7.6 and SuSE 15
    • Mac OS X 10.14
  • Updates to LiveCycle Data Services. For more information, see the tech note for Update 4.
  • Updates to JNBridge. For more information, see the tech note for Update 4.

What's new and changed in ColdFusion (2018 release) Update 3

For more information, see the tech note for Update 3.

  • Addresses security vulnerabilities mentioned in the security bulletin APSB19-14.
  • In the ColdFusion Administrator, in Server Settings > Settings, there are is an option Blocked file extensions for CFFile uploads.  By default, the following extensions are blocked. For more information, see Server Settings
    • AS
    • ASP
    • ASPX
    • BIN
    • CFC
    • CFM
    • CFML
    • CFR
    • CFSWF
    • DMG
    • EXE
    • HBXML
    • JSP
    • JSPX
    • JWS
    • MXML
    • PHP
    • SWC
    • SWS
  • A new application setting blockedExtForFileUpload. For more information, see Application variables.
  • The Admin API, setRuntimeProperty has a new property, BlockedExtForFileUpload. The values are a comma-separated list of file extensions to restrict file uploading of the appropriate files. For example,
<cfscript>
    runtime = createObject("component", "CFIDE.adminapi.runtime");
    runtime.setRuntimeProperty("BlockedExtForFileUpload","CFM,CFC,ASP, JSP");
</cfscript>

What's new and changed in ColdFusion (2018 release) Update 2

Security update

This update addresses the vulnerabilities mentioned in APSB19-10.

Java

The update includes support for Java 11. To download installers for Java 11, see Downloads.

Docker

You can also find the Docker image for Update 2.

Language changes

Script support for cfloop

In Update 2, the script variant of cfloop supports iterating over an array, list, struct, or query.

For examples,

List

 

<cfscript>
    myList="1,2,3,4"
    cfloop(list=myList, index="i", item="j") {
        writeOutput("index:" & i)
        writeOutput("item:" & j & "<br/>")
    }
</cfscript>

Array

 

<cfscript>
    myArray = ["John", "Paul", "George", "Ringo"];
    cfloop(array="#myArray#", index="idx"){ 
        writeOutput(#idx# & "<br/>"); 
    } 
</cfscript>

Struct

 

<cfscript>
   Team = {"Marketing" = "John", "Sales" : {"Executive" : "Tom", "Assistant" = "Mike"},"IT":{"Developers":{"Dev1":"Ashley","Dev2"="Jason"}}};
   cfloop( collection="#Team#" ,item="key" ){
        writeOutput(#Key# & ":");
        writeOutput(#SerializeJSon(Team[key])#);
        writeOutput("<br/>");
    }
</cfscript>

Query

 

<cfscript>
    myQuery = queryNew("id,name,amount","Integer,Varchar,Integer", [ {id=1,name="One",amount=15}, {id=2,name="Two",amount=18}, {id=3,name="Three",amount=32}, {id=4,name="Four",amount=37}, {id=5,name="Five",amount=79}, {id=6,name="Six",amount=26} ]); 
    Start = 3; 
    End = 6; 
    cfloop(query = "myQuery", startRow = "#Start#", endRow = "#End#") { 
        writeOutput("#name# #amount#" & "<br>"); 
    } 
</cfscript>

OEM support

Support for:

  • Jetty 9.4.12
  • ExtJS 6.6
  • JPedal 8.4.31

Server Auto-Lockdown

Server Auto_lockdown includes a new installer for macOS.

For more information, see Server Auto-Lockdown for macOS.

Performance Monitoring Toolset

Platform support

For more information, see the tech note for Update 2

This update also introduces support for the following:

  • OS
    • Windows Server 2019
    • Solaris 11.3
    • OSX 10.14
  • Application Servers
    • WildFly 14.0
    • WebSphere 9.0.0.9
  • Web Server 
    • Apache HTTPD 2.4.37
  • Databases
    • Oracle 18c
    • PostGreSQL11 
    • IBM DB2 v11.1
    • Apache Derby-10.14.2 
  • External Services
    • Microsoft Exchange 2016
    • Microsoft SharePoint 2016

Bugs fixed in this release

For a list of bugs fixed in Update 2, see Bugs fixed.

Known issues in this release

For known issues in Update 2, see Known issues.

What's new and changed in ColdFusion (2018 release) Update 1

For more information, see the tech note for Update 1.
  • Several important bug fixes.
  • A new function GetCanonicalPath.
  • Addresses vulnerabilities mentioned in APSB18-33.
  • Tomcat is upgraded to version 9.0.10.
  • OpenSSL is upgraded to 1.0.2p for PDFgServlet.

Bugs fixed in this release

For a list of bugs fixed in Update 1, see Bugs fixed.

 Adobe

Get help faster and easier

New user?