Server
Adobe ColdFusion (2018 release) Updates Release Notes
What's new and changed in ColdFusion (2018 release) Update 17
What's new and changed in ColdFusion (2018 release) Update 16
ColdFusion (2018 release) Update 16 (release date, 14 March, 2023) addresses vulnerabilities that could lead to arbitrary code execution, arbitrary file system read, and memory leak.
For more information, security bulletin APSB23-25.
New jvm flags
In this update, we've disabled cfclient by default. If you need to enable it, there is a new flag to do it.
- -Dcoldfusion.cfclient.enable=true/false
Doing so will enable cfclient, but will allow only CFCs to be read. To allow other files to be read, use the flag listed below:
- -Dcoldfusion.cfclient.allowNonCfc=true/false
For more information, see the tech note for the update.
What's new and changed in ColdFusion (2018 release) Update 15
What's new and changed in ColdFusion (2018 release) Update 14
ColdFusion (2018 release) Update 14 (release date, 10 May, 2022) addresses vulnerabilities that are mentioned in the security bulletin APSB22-22.
This release also contains the following library upgrades:
- Tomcat 9.0.60
- jQuery 3.6.0
- jQuery UI 1.13.1
- Log4j 2.17.2
For more information, see the tech note for the update.
What's new and changed in ColdFusion (2018 release) Update 13
ColdFusion (2021 release) Update 3 (release date, 17 December, 2021) addresses vulnerabilities that are mentioned in CVE-2021-44228 and CVE-2021-45046.
For more information, see the tech note for the update.
What's new and changed in ColdFusion (2018 release) Update 12
What's new and changed in ColdFusion (2018 release) Update 11
What's new and changed in ColdFusion (2018 release) Update 10
What's new and changed in ColdFusion (2018 release) Update 9
What's new and changed in ColdFusion (2018 release) Update 8
What's new and changed in ColdFusion (2018 release) Update 7
What's new and changed in ColdFusion (2018 release) Update 6
This update fixes the bugs that were reported in the previous update for the following:
- Lambda functions
- Nested structs
- Nested output
- Connector configuration
For more information, see the tech notes for Update 6.
What's new and changed in ColdFusion (2018 release) Update 5
Security
The Update 5 of the 2018 release of ColdFusion addresses security vulnerabilities mentioned in the security bulletin APSB19-47.
For more information, see the tech notes for Update 5.
Language enhancements
New Array functions:
New Struct functions:
New Query functions:
- QuerySome
- QueryEvery
- QueryAppend
- QueryPrepend
- QueryRowSwap
- QuerySlice
- QueryClear
- QueryRecordCount
- QueryReverse
- QueryInsertAt
Other language upates:
- GetMetaData - Changes in Array.GetMetaData() struct keys. See the function history for more information.
- New parameter includeEmptyFields in the following functions:
- QueryNew - Insert rows in a query object as array of structs.
- cfchart - Added attribute base64.
- Member functions - Contains member functions for the newly added functions.
- Array Notation for Strings in ColdFusion - Access sub-strings using array notation by using positional ranges.
- Regex changes for the following functions:
Arrow functions
ColdFusion (2018 release) Update 5 introduces a new way of writing functions, known as Arrow Function or Fat Arrow Function (=>).
For more information, see Arrow functions in ColdFusion.
ColdFusion Administrator changes
- Restore Default Extensions - Restore the list of all file extensions that are blocked for file uploads.
- Use Java as Regex Engine - Specify if Java must be used as regex engine. There is also an equivalent Application.cfc variable, useJavaAsRegexEngine.
Application
Application Server support
|
Version |
---|---|
WildFly |
17 |
Tomcat |
9.0.21 |
OEM upgrades
OEM |
Version |
---|---|
JDK |
12 |
Tomcat |
9.0.21 |
Apache Tika |
1.21 |
Batik XML |
1.11 |
ZingChart |
2.8.6 |
Derby jars |
10.11 |
MySQL |
8 |
Operating System support
OS |
Version |
---|---|
RHEL |
8 |
Ubuntu |
19 |
SLES |
15 |
CentOS |
7.6 |
What's new and changed in ColdFusion (2018 release) Update 4
- Addresses security vulnerabilities mentioned in the security bulletin APSB19-27.
- Added support for the function FileAppend.
- Added support for the following platforms:
- IBM PowerPC based RHEL 7.6 and SuSE 15
- Mac OS X 10.14
- Updates to LiveCycle Data Services. For more information, see the tech note for Update 4.
- Updates to JNBridge. For more information, see the tech note for Update 4.
What's new and changed in ColdFusion (2018 release) Update 3
For more information, see the tech note for Update 3.
- Addresses security vulnerabilities mentioned in the security bulletin APSB19-14.
- In the ColdFusion Administrator, in Server Settings > Settings, there are is an option Blocked file extensions for CFFile uploads. By default, the following extensions are blocked. For more information, see Server Settings.
- AS
- ASP
- ASPX
- BIN
- CFC
- CFM
- CFML
- CFR
- CFSWF
- DMG
- EXE
- HBXML
- JSP
- JSPX
- JWS
- MXML
- PHP
- SWC
- SWS
- A new application setting blockedExtForFileUpload. For more information, see Application variables.
- The Admin API, setRuntimeProperty has a new property, BlockedExtForFileUpload. The values are a comma-separated list of file extensions to restrict file uploading of the appropriate files. For example,
<cfscript> runtime = createObject("component", "CFIDE.adminapi.runtime"); runtime.setRuntimeProperty("BlockedExtForFileUpload","CFM,CFC,ASP, JSP"); </cfscript>
What's new and changed in ColdFusion (2018 release) Update 2
Security update
This update addresses the vulnerabilities mentioned in APSB19-10.
Java
The update includes support for Java 11. To download installers for Java 11, see Downloads.
Docker
You can also find the Docker image for Update 2.
Language changes
- New actions create and modify in cfschedule.
- New parameter calendar in dayOfWeek.
Script support for cfloop
<cfscript> myList="1,2,3,4" cfloop(list=myList, index="i", item="j") { writeOutput("index:" & i) writeOutput("item:" & j & "<br/>") } </cfscript>
<cfscript> myArray = ["John", "Paul", "George", "Ringo"]; cfloop(array="#myArray#", index="idx"){ writeOutput(#idx# & "<br/>"); } </cfscript>
<cfscript> Team = {"Marketing" = "John", "Sales" : {"Executive" : "Tom", "Assistant" = "Mike"},"IT":{"Developers":{"Dev1":"Ashley","Dev2"="Jason"}}}; cfloop( collection="#Team#" ,item="key" ){ writeOutput(#Key# & ":"); writeOutput(#SerializeJSon(Team[key])#); writeOutput("<br/>"); } </cfscript>
<cfscript> myQuery = queryNew("id,name,amount","Integer,Varchar,Integer", [ {id=1,name="One",amount=15}, {id=2,name="Two",amount=18}, {id=3,name="Three",amount=32}, {id=4,name="Four",amount=37}, {id=5,name="Five",amount=79}, {id=6,name="Six",amount=26} ]); Start = 3; End = 6; cfloop(query = "myQuery", startRow = "#Start#", endRow = "#End#") { writeOutput("#name# #amount#" & "<br>"); } </cfscript>
OEM support
Support for:
- Jetty 9.4.12
- ExtJS 6.6
- JPedal 8.4.31
Server Auto-Lockdown
Server Auto_lockdown includes a new installer for macOS.
For more information, see Server Auto-Lockdown for macOS.
Performance Monitoring Toolset
Performance Monitoring Toolset Update 1 includes the following changes:
Platform support
For more information, see the tech note for Update 2
This update also introduces support for the following:
- OS
- Windows Server 2019
- Solaris 11.3
- OSX 10.14
- Application Servers
- WildFly 14.0
- WebSphere 9.0.0.9
- Web Server
- Apache HTTPD 2.4.37
- Databases
- Oracle 18c
- PostGreSQL11
- IBM DB2 v11.1
- Apache Derby-10.14.2
- External Services
- Microsoft Exchange 2016
- Microsoft SharePoint 2016
Bugs fixed in this release
For a list of bugs fixed in Update 2, see Bugs fixed.
Known issues in this release
For known issues in Update 2, see Known issues.
What's new and changed in ColdFusion (2018 release) Update 1
- Several important bug fixes.
- A new function GetCanonicalPath.
- Addresses vulnerabilities mentioned in APSB18-33.
- Tomcat is upgraded to version 9.0.10.
- OpenSSL is upgraded to 1.0.2p for PDFgServlet.
Bugs fixed in this release
For a list of bugs fixed in Update 1, see Bugs fixed.