Adobe ColdFusion (2018 release) Updates Release Notes

ColdFusion (2018 release) Update 17 (release date, 11 July, 2023) addresses vulnerabilities that could lead to arbitrary code execution and security feature bypass.

For more information, see the security bulletin APSB23-40.

For more information, see the tech note for the update.

ColdFusion (2018 release) Update 16 (release date, 14 March, 2023) addresses vulnerabilities that could lead to arbitrary code execution, arbitrary file system read, and memory leak.

For more information, security bulletin APSB23-25.

New jvm flags

In this update, we've disabled cfclient by default. If you need to enable it, there is a new flag to do it.

• -Dcoldfusion.cfclient.enable=true/false
  

Doing so will enable cfclient, but will allow only CFCs to be read. To allow other files to be read, use the flag listed below:

• -Dcoldfusion.cfclient.allowNonCfc=true/false

For more information, see the tech note for the update.

ColdFusion (2018 release) Update 15 (release date, 11 October 2022) addresses vulnerabilities that are mentioned in the security bulletin APSB22-44.

This release also contains support for macOS 12 (Monterey).

For more information, see the tech note for the update.

ColdFusion (2018 release) Update 14 (release date, 10 May, 2022) addresses vulnerabilities that are mentioned in the security bulletin APSB22-22.

This release also contains the following library upgrades:

• Tomcat 9.0.60
• jQuery 3.6.0
• jQuery UI 1.13.1
• Log4j 2.17.2

For more information, see the tech note for the update.

ColdFusion (2021 release) Update 3 (release date, 17 December, 2021) addresses vulnerabilities that are mentioned in CVE-2021-44228 and CVE-2021-45046.

For more information, see the tech note for the update.

ColdFusion (2018 release) Update 12 (release date, 14 September, 2021) addresses vulnerabilities mentioned in the security bulletin, APSB21-75, and contains bug fixes.

For more information, see the tech note for the update.

ColdFusion (2018 release) Update 11 (release date, 22 March, 2021) addresses vulnerabilities that are mentioned in the security bulletin, APSB21-16.

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2018 release) Update 10

ColdFusion (2018 release) Update 10 (release date, 14 July, 2020) addresses vulnerabilities that are mentioned in the security bulletin, APSB20-43.

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2018 release) Update 9

ColdFusion (2018 release) Update 9 (release date, 14 April, 2020) addresses vulnerabilities that are mentioned in the security bulletin, APSB20-18.

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2018 release) Update 8

ColdFusion (2018 release) Update 8 (release date, 17 March, 2020) addresses vulnerabilities that are mentioned in the security bulletin, APSB20-16.

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2018 release) Update 7

ColdFusion (2018 release) Update 7 (release date, 10 Dec, 2019) addresses vulnerabilities that are mentioned in the security bulletin, APSB19-58.

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2018 release) Update 6

This update fixes the bugs that were reported in the previous update for the following:

• Lambda functions
• Nested structs
• Nested output
• Connector configuration

For more information, see the tech notes for Update 6.

What's new and changed in ColdFusion (2018 release) Update 5

Security

The Update 5 of the 2018 release of ColdFusion addresses security vulnerabilities mentioned in the security bulletin APSB19-47.

For more information, see the tech notes for Update 5.

Language enhancements

New Array functions:

• ArraySome
• ArrayEvery
• ArraySplice

New Struct functions:

• StructSome
• StructEvery

New Query functions:

• QuerySome
• QueryEvery
• QueryAppend
• QueryPrepend
• QueryRowSwap
• QuerySlice
• QueryClear
• QueryRecordCount
• QueryReverse
• QueryInsertAt

Other language upates:

• GetMetaData - Changes in Array.GetMetaData() struct keys. See the function history for more information.
• New parameter includeEmptyFields in the following functions:
  • ListAppend    
  • ListPrepend
• QueryNew -  Insert rows in a query object as array of structs.
• cfchart - Added attribute base64.
• Member functions - Contains member functions for the newly added functions.
• Array Notation for Strings in ColdFusion - Access sub-strings using array notation by using positional ranges.
  
• Regex changes for the following functions:
  • ReFind    
  • ReFindNoCase
  • ReReplace
  • ReReplaceNoCase
  • ReMatch
  • ReMatchNoCase

Arrow functions

ColdFusion (2018 release) Update 5 introduces a new way of writing functions, known as Arrow Function or Fat Arrow Function (=>).

For more information, see Arrow functions in ColdFusion.

ColdFusion Administrator changes

• Restore Default Extensions - Restore the list of all file extensions that are blocked for file uploads.
• Use Java as Regex Engine - Specify if Java must be used as regex engine. There is also an equivalent Application.cfc variable, useJavaAsRegexEngine.

Application

Application Server support

OEM upgrades

Operating System support

What's new and changed in ColdFusion (2018 release) Update 4

• Addresses security vulnerabilities mentioned in the security bulletin APSB19-27.
• Added support for the function FileAppend.
  
• Added support for the following platforms:
  • IBM PowerPC based RHEL 7.6 and SuSE 15
  • Mac OS X 10.14
• Updates to LiveCycle Data Services. For more information, see the tech note for Update 4.
• Updates to JNBridge. For more information, see the tech note for Update 4.

What's new and changed in ColdFusion (2018 release) Update 3

For more information, see the tech note for Update 3.

What's new and changed in ColdFusion (2018 release) Update 2

Security update

This update addresses the vulnerabilities mentioned in APSB19-10.

Java

The update includes support for Java 11. To download installers for Java 11, see Downloads.

Docker

You can also find the Docker image for Update 2.

Language changes

• New actions create and modify in cfschedule.
• New parameter calendar in dayOfWeek.

Script support for cfloop

In Update 2, the script variant of cfloop supports iterating over an array, list, struct, or query.

For examples,

List

Array

Struct

Query

OEM support

Support for:

• Jetty 9.4.12
• ExtJS 6.6
• JPedal 8.4.31

Server Auto-Lockdown

Server Auto_lockdown includes a new installer for macOS.

For more information, see Server Auto-Lockdown for macOS.

Performance Monitoring Toolset

Performance Monitoring Toolset Update 1 includes the following changes:

• HTTPS support
• Tree view of Code Profiler data
• Datastore health monitoring
• Theme change
• Most frequently run queries chart
• Tracked and un-tracked servers in Topology

Platform support

For more information, see the tech note for Update 2

This update also introduces support for the following:

• OS
  • Windows Server 2019
  • Solaris 11.3
  • OSX 10.14
• Application Servers
  • WildFly 14.0
  • WebSphere 9.0.0.9
• Web Server 
  • Apache HTTPD 2.4.37
• Databases
  • Oracle 18c
  • PostGreSQL11 
  • IBM DB2 v11.1
  • Apache Derby-10.14.2 
• External Services
  • Microsoft Exchange 2016
  • Microsoft SharePoint 2016

Bugs fixed in this release

For a list of bugs fixed in Update 2, see Bugs fixed.

Known issues in this release

For known issues in Update 2, see Known issues.

What's new and changed in ColdFusion (2018 release) Update 1

• Several important bug fixes.
• A new function GetCanonicalPath.
• Addresses vulnerabilities mentioned in APSB18-33.
• Tomcat is upgraded to version 9.0.10.
• OpenSSL is upgraded to 1.0.2p for PDFgServlet.

Bugs fixed in this release

For a list of bugs fixed in Update 1, see Bugs fixed.