-
Close Search
We have released critical security updates for ColdFusion (2023 release) and ColdFusion (2021 release). Adobe is aware that CVE-2024-53961 has a known proof-of-concept that could cause an arbitrary file system read. View the security bulletin, APSB24-107, and the tech notes for more information. Download the updates from the following locations: ColdFusion (2023 release) Updates ColdFusion (2021 release) Updates For more information, view the following tech notes: ColdFusion (2023 release) Update 12 ColdFusion (2021 release) Update 18 Known issues in the updates […]
In this episode, your hosts Ben Nadel and Ryan Brown are joined by long time Adobe ColdFusion developer and security expert, Justin Scott, to discuss his recent presentation at the Adobe ColdFusion Summit.
Who is Justin Scott
• CISO with Smart Communications
• (ISC)² Certified
• Long time ColdFusion developer
Justin’s Summit Presentation – https://www.darktech.org/advanced-cryptography.pdf
Adobe ColdFusion (2025 release) now uses Tomcat 10.1, upgrading from Tomcat 9, and supports servlet specifications 6.0, replacing 4.0. Why? Availability of new features – Tomcat 10 introduces many new features, while Tomcat 9 primarily focuses on security updates and vulnerability fixes. Improved performance Enhanced security Compatibility with newer Java applications Support for newer specifications Servlet specification upgrade. Tomcat 9 – Servlet 4.0 API specifications Tomcat 10.1 – Servlet 6.0 API specifications What has changed? This namespace change is part […]
[Update 13 Dec]: Added cfencode.sh to the table of removals. Updated Customizing an HTTP response to HTTP reason phrases. Added contact email id cf-deprecation@adobe.com In the upcoming ColdFusion (2025 release), we will deprecate and remove certain features to enhance the overall experience, improve security, stay aligned with the latest technological advancements, and eliminate obsolete libraries. We announced the deprecations and removals on the ColdFusion pre-release forum a few days ago. If you haven’t already signed up, please do so today As part of this exercise, […]
From what I understand, the “java.net.http” package has been included in JREs since Java 11. Coldfusion comes with a Java 17 JRE. However, it seems that there is no “java.net.http” package available with that JRE as executing the following produces a ClassNotFoundException: CreateObject(“java”, “java.net.http.HttpClient”) I’m not quite understanding. Does Coldfusion ship with a special JRE that doesn’t have all the modules that a normal Java 17 JRE would have?
Get an exclusive sneak peek at what’s next for ColdFusion! Sign up for the ColdFusion 2025 Beta Program and get early access to shape the future with us. Engage with the community in the forums, share your thoughts, and keep up with the newest updates and features. Join the Beta program Make Your Voice Heard and Win Big! Join our weekly engagement challenge during the ColdFusion 2025 Beta! Every week, we’ll reward top contributors with exciting prizes. Your feedback matters, […]
Hello CF Developers, We are planning to switch from standard login using a username and password to log in using a CAC card. My lead wrote the code below; he asked us to implement the callback functionality. <cfset requestAuth = AUTH_SERVER & “/oauth2/authorize?client_id=” & CLIENT_ID & “&redirect_uri=” & REDIRECT_URL & “&scope=openid&response_type=” & type & “&response_mode=” & responsemode & “&state=” & randomState &”&nonce=” & nonce > I think the callback functionality captures user information returned from the CAC server (authorization server). […]
The Challenge At xByte Cloud, we work with large ecommerce customers who have millions of shoppers visiting their storefront each month. A performant solution like Load-Balancing is often deployed to help accommodate their growing customer base. But it’s important not to sacrifice user experience for additional performance, and that is one challenge most engineers face. Relying on built-in ColdFusion session management in a load balanced environment can lead to session loss, especially during reboots, server failures, or load balancing transitions. […]
Hello ColdFusion Community! A heartfelt thank you to all our speakers, sponsors, and attendees for making the Adobe ColdFusion Summit 2024 a fantastic success! Your energy, insights, and support made this event truly special. Whether you joined us live or couldn’t catch every session, we’ve got you covered. Below is the list of all the speaker presentations and session decks. Dive in, explore, and keep the learning going! We’ll continue to update this blog as more content becomes available, so […]
is it possible to run the extension in linux vscode
We are excited to announce that the Adobe ColdFusion India Summit 2024 is happening on December 7, 2024, and this year, we’re bringing the event to two vibrant cities: Bengaluru and Noida. Whether you’re a seasoned developer or just beginning your journey in web development, this free summit offers a unique opportunity to learn, connect, and grow with the best minds in the industry. What’s in Store for You? Expert-Led Sessions Gain valuable insights from ColdFusion specialists and industry experts […]
We are pleased to announce that we have released general updates to ColdFusion (2023 release) Update 11 and ColdFusion (2021 release) Update 17. The updates include bug fixes and enhancements in Administrator, Language, CFSetup, Database, and other areas. They also contain library upgrades, such as netty, ehcache, etc. The updates also include enhancements to whitespace management and client variable support in CFPM. Where do I download the updates from Download the updates from the following locations: ColdFusion (2023 release) Updates […]
