Adobe ColdFusion (2018 release) Updates Release Notes

What's new and changed in ColdFusion (2018 release) Update 4

  • Addresses security vulnerabilities mentioned in the security bulletin APSB19-27.
  • Added support for the function FileAppend.
  • Added support for the following platforms:
    • IBM PowerPC based RHEL 7.6 and SuSE 15
    • Mac OS X 10.14
  • Updates to LiveCycle Data Services. For more information, see the tech note for Update 4.
  • Updates to JNBridge. For more information, see the tech note for Update 4.

What's new and changed in ColdFusion (2018 release) Update 3

  • Addresses security vulnerabilities mentioned in the security bulletin APSB19-14.
  • In the ColdFusion Administrator, in Server Settings > Settings, there are is an option Blocked file extensions for CFFile uploads.  By default, the following extensions are blocked. For more information, see Server Settings
    • AS
    • ASP
    • ASPX
    • BIN
    • CFC
    • CFM
    • CFML
    • CFR
    • CFSWF
    • DMG
    • EXE
    • HBXML
    • JSP
    • JSPX
    • JWS
    • MXML
    • PHP
    • SWC
    • SWS
  • A new application setting blockedExtForFileUpload. For more information, see Application variables.
  • The Admin API, setRuntimeProperty has a new property, BlockedExtForFileUpload. The values are a comma-separated list of file extensions to restrict file uploading of the appropriate files. For example,
    runtime = createObject("component", "CFIDE.adminapi.runtime");
    runtime.setRuntimeProperty("BlockedExtForFileUpload","CFM,CFC,ASP, JSP");

What's new and changed in ColdFusion (2018 release) Update 2

Security update

This update addresses the vulnerabilities mentioned in APSB19-10.


The update includes support for Java 11. To download installers for Java 11, see Downloads.


You can also find the Docker image for Update 2.

Language changes

Script support for cfloop

In Update 2, the script variant of cfloop supports iterating over an array, list, struct, or query.

For examples,



    cfloop(list=myList, index="i", item="j") {
        writeOutput("index:" & i)
        writeOutput("item:" & j & "<br/>")



    myArray = ["John", "Paul", "George", "Ringo"];
    cfloop(array="#myArray#", index="idx"){ 
        writeOutput(#idx# & "<br/>"); 



   Team = {"Marketing" = "John", "Sales" : {"Executive" : "Tom", "Assistant" = "Mike"},"IT":{"Developers":{"Dev1":"Ashley","Dev2"="Jason"}}};
   cfloop( collection="#Team#" ,item="key" ){
        writeOutput(#Key# & ":");



    myQuery = queryNew("id,name,amount","Integer,Varchar,Integer", [ {id=1,name="One",amount=15}, {id=2,name="Two",amount=18}, {id=3,name="Three",amount=32}, {id=4,name="Four",amount=37}, {id=5,name="Five",amount=79}, {id=6,name="Six",amount=26} ]); 
    Start = 3; 
    End = 6; 
    cfloop(query = "myQuery", startRow = "#Start#", endRow = "#End#") { 
        writeOutput("#name# #amount#" & "<br>"); 

OEM support

Support for:

  • Jetty 9.4.12
  • ExtJS 6.6
  • JPedal 8.4.31

Server Auto-Lockdown

Server Auto_lockdown includes a new installer for macOS.

For more information, see Server Auto-Lockdown for macOS.

Performance Monitoring Toolset

Platform support

This update also introduces support for the following:

  • OS
    • Windows Server 2019
    • Solaris 11.3
    • OSX 10.14
  • Application Servers
    • WildFly 14.0
    • WebSphere
  • Web Server 
    • Apache HTTPD 2.4.37
  • Databases
    • Oracle 18c
    • PostGreSQL11 
    • IBM DB2 v11.1
    • Apache Derby-10.14.2 
  • External Services
    • Microsoft Exchange 2016
    • Microsoft SharePoint 2016

Bugs fixed in this release

For a list of bugs fixed in Update 2, see Bugs fixed.

Known issues in this release

For known issues in Update 2, see Known issues.

What's new and changed in ColdFusion (2018 release) Update 1

  • Several important bug fixes.
  • A new function GetCanonicalPath.
  • Addresses vulnerabilities mentioned in APSB18-33.
  • Tomcat is upgraded to version 9.0.10.
  • OpenSSL is upgraded to 1.0.2p for PDFgServlet.

Bugs fixed in this release

For a list of bugs fixed in Update 1, see Bugs fixed.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy