Adobe ColdFusion (2018 release) Updates Release Notes

What's new and changed in ColdFusion (2018 release) Update 9

ColdFusion (2018 release) Update 9 (release date, 14 April, 2020) addresses vulnerabilities that are mentioned in the security bulletin, APSB20-18.

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2018 release) Update 8

ColdFusion (2018 release) Update 8 (release date, 17 March, 2020) addresses vulnerabilities that are mentioned in the security bulletin, APSB20-16.

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2018 release) Update 7

ColdFusion (2018 release) Update 7 (release date, 10 Dec, 2019) addresses vulnerabilities that are mentioned in the security bulletin, APSB19-58.

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2018 release) Update 6

This update fixes the bugs that were reported in the previous update for the following:

  • Lambda functions
  • Nested structs
  • Nested output
  • Connector configuration

For more information, see the tech notes for Update 6.

What's new and changed in ColdFusion (2018 release) Update 5

Security

The Update 5 of the 2018 release of ColdFusion addresses security vulnerabilities mentioned in the security bulletin APSB19-47.

For more information, see the tech notes for Update 5.

Language enhancements

New Array functions:

New Struct functions:

New Query functions:

Other language upates:

Arrow functions

ColdFusion (2018 release) Update 5 introduces a new way of writing functions, known as Arrow Function or Fat Arrow Function (=>).

For more information, see Arrow functions in ColdFusion.

ColdFusion Administrator changes

Application

Application Server support

Server Version
WildFly 17
Tomcat 9.0.21

OEM upgrades

OEM Version
JDK 12
Tomcat 9.0.21
Apache Tika 1.21
Batik XML 1.11
ZingChart 2.8.6
Derby jars 10.11
MySQL 8

Operating System support

OS Version
RHEL 8
Ubuntu 19
SLES 15
CentOS 7.6

What's new and changed in ColdFusion (2018 release) Update 4

  • Addresses security vulnerabilities mentioned in the security bulletin APSB19-27.
  • Added support for the function FileAppend.
  • Added support for the following platforms:
    • IBM PowerPC based RHEL 7.6 and SuSE 15
    • Mac OS X 10.14
  • Updates to LiveCycle Data Services. For more information, see the tech note for Update 4.
  • Updates to JNBridge. For more information, see the tech note for Update 4.

What's new and changed in ColdFusion (2018 release) Update 3

For more information, see the tech note for Update 3.

  • Addresses security vulnerabilities mentioned in the security bulletin APSB19-14.
  • In the ColdFusion Administrator, in Server Settings > Settings, there are is an option Blocked file extensions for CFFile uploads.  By default, the following extensions are blocked. For more information, see Server Settings
    • AS
    • ASP
    • ASPX
    • BIN
    • CFC
    • CFM
    • CFML
    • CFR
    • CFSWF
    • DMG
    • EXE
    • HBXML
    • JSP
    • JSPX
    • JWS
    • MXML
    • PHP
    • SWC
    • SWS
  • A new application setting blockedExtForFileUpload. For more information, see Application variables.
  • The Admin API, setRuntimeProperty has a new property, BlockedExtForFileUpload. The values are a comma-separated list of file extensions to restrict file uploading of the appropriate files. For example,
<cfscript>
    runtime = createObject("component", "CFIDE.adminapi.runtime");
    runtime.setRuntimeProperty("BlockedExtForFileUpload","CFM,CFC,ASP, JSP");
</cfscript>

What's new and changed in ColdFusion (2018 release) Update 2

Security update

This update addresses the vulnerabilities mentioned in APSB19-10.

Java

The update includes support for Java 11. To download installers for Java 11, see Downloads.

Docker

You can also find the Docker image for Update 2.

Language changes

Script support for cfloop

In Update 2, the script variant of cfloop supports iterating over an array, list, struct, or query.

For examples,

List

 

<cfscript>
    myList="1,2,3,4"
    cfloop(list=myList, index="i", item="j") {
        writeOutput("index:" & i)
        writeOutput("item:" & j & "<br/>")
    }
</cfscript>

Array

 

<cfscript>
    myArray = ["John", "Paul", "George", "Ringo"];
    cfloop(array="#myArray#", index="idx"){ 
        writeOutput(#idx# & "<br/>"); 
    } 
</cfscript>

Struct

 

<cfscript>
   Team = {"Marketing" = "John", "Sales" : {"Executive" : "Tom", "Assistant" = "Mike"},"IT":{"Developers":{"Dev1":"Ashley","Dev2"="Jason"}}};
   cfloop( collection="#Team#" ,item="key" ){
        writeOutput(#Key# & ":");
        writeOutput(#SerializeJSon(Team[key])#);
        writeOutput("<br/>");
    }
</cfscript>

Query

 

<cfscript>
    myQuery = queryNew("id,name,amount","Integer,Varchar,Integer", [ {id=1,name="One",amount=15}, {id=2,name="Two",amount=18}, {id=3,name="Three",amount=32}, {id=4,name="Four",amount=37}, {id=5,name="Five",amount=79}, {id=6,name="Six",amount=26} ]); 
    Start = 3; 
    End = 6; 
    cfloop(query = "myQuery", startRow = "#Start#", endRow = "#End#") { 
        writeOutput("#name# #amount#" & "<br>"); 
    } 
</cfscript>

OEM support

Support for:

  • Jetty 9.4.12
  • ExtJS 6.6
  • JPedal 8.4.31

Server Auto-Lockdown

Server Auto_lockdown includes a new installer for macOS.

For more information, see Server Auto-Lockdown for macOS.

Performance Monitoring Toolset

Platform support

For more information, see the tech note for Update 2

This update also introduces support for the following:

  • OS
    • Windows Server 2019
    • Solaris 11.3
    • OSX 10.14
  • Application Servers
    • WildFly 14.0
    • WebSphere 9.0.0.9
  • Web Server 
    • Apache HTTPD 2.4.37
  • Databases
    • Oracle 18c
    • PostGreSQL11 
    • IBM DB2 v11.1
    • Apache Derby-10.14.2 
  • External Services
    • Microsoft Exchange 2016
    • Microsoft SharePoint 2016

Bugs fixed in this release

For a list of bugs fixed in Update 2, see Bugs fixed.

Known issues in this release

For known issues in Update 2, see Known issues.

What's new and changed in ColdFusion (2018 release) Update 1

For more information, see the tech note for Update 1.
  • Several important bug fixes.
  • A new function GetCanonicalPath.
  • Addresses vulnerabilities mentioned in APSB18-33.
  • Tomcat is upgraded to version 9.0.10.
  • OpenSSL is upgraded to 1.0.2p for PDFgServlet.

Bugs fixed in this release

For a list of bugs fixed in Update 1, see Bugs fixed.