Entries Tagged as 'ColdFusion'

Nginx is a high-performance and open-source web server that is widely used in the web communityIt can now be configured with ColdFusion 2016. With this post we are making available the prerelease build of the web-server connector for testing purposes. 

The prerelese build is in the form of an Linux 64-bit installer that packages the following 2 components:

- The Nginx web server installer. This installer is a variant of the standard Nginx installer that packages the AJP modules that enbable the communication between the webserver and ColdFusion.

- WSconfig.jar. This is a modified version of the library present in ColdFusion's <cf_root>/cfusion/lib directory, that is required by the WSConfig tool when configuring a web server connector. 

For detailed instructions on installing the webserver and configuring the connector, refer this document.  

We will look forward to your suggestions and feedback.


This post is to announce the availability of updates for ColdFusion 2016 and ColdFusion Builder 2016.

ColdFusion (2016 release) Update 3

ColdFusion 2016 Update 3 includes support for Windows 10 Version 1607 and IBM Websphere Application Server 9. It also includes approximately 180 bug fixes(including ~100 external bugs) related to Language, Document Management, Serialization, Net Protocols, Database, Administrator and a few other areas.

For more details, refer this tech note.

ColdFusion Builder (2016 release) Update 3

ColdFusion Builder 2016 Update 3 includes:
    1. Important security fixes
    2. Bugs fixes in the areas of Editor and Security Code Analyzer.
    3. Upgraded PhoneGap libraries(from version 5.2.0 to version 6.0.0)
    4. Dictionary (Code Assist) changes to accommodate the changes/enhancements in ColdFusion 2016 Update 3 and earlier.
For more details, refer this tech note.

NOTE: We will be back porting all the important/applicable fixes to ColdFusion 10 and 11 version. Pre-release build for the same will be available in a couple of weeks for your feedback.

ColdFusion Builder (release 2016) Update 3 prerelease build is available for your testing and feedback. This update includes the following changes :

  • 25 bug fixes including an important security fix and some Security Analyzer fixes.
  • PhoneGap has been upgraded from version 5.2.0 to version 6.0.0.
  • Dictionary (Code Assist) changes to accomodate the changes/enhancements in ColdFusion Server Update3. For details on what is new in ColdFusion Server Update 3, refer this blog post.

For instructions on how to apply this update and details on what is new with this udpate refer this document. For the list bugs fixes and the known issue(s) with this update, refer this document. 

After applying this update, the ColdFusion Builder build number should change to

ColdFusion 2016 Update 3 early access build is now available for your testing and feedback. It includes support for Windows 10.1 and IBM Websphere Application Server 9 along with approximately 180 bug fixes.

Please note that this is a test build and should not be used in a production environment.

Refer the documents given below for more details on this update:

1. What's New in this update    
2. Issues Fixed in this update
3. Installation Instructions

The build number after applying this update should be 2016.0.03.300232.

In case, you have configured local site for receiving the update notifications, then please take back up of the URL before changing it to the pre-release URL.

We will look forward to your valuable feedback and suggestions.


You may run into issues if you are using a non-administrator user account to install ColdFusion updates manually, or if an installation is attempted from the ColdFusion administrator console when ColdFusion service is running with a non-administrator account. In such cases, the update may not install successfully. and may complete with errors.

The Windows user account used by the ColdFusion service should have the privileges to start and stop the ColdFusion service. The updater needs to stop the ColdFusion service, so that it can replace the class files used by the service. After the update is installed, the updater starts up the ColdFusion service. Similarly if the updater packages any updates related to the other ColdFusion services, such as ColdFusion Add-On/Jetty service or ColdFusion .NET service or ColdFusion ODBC service, it would stop and start these services as well.

To avoid running into the issue above, one can take either of the following 2 approaches: 

 - Stop the ColdFusion service manually before running the updater jar. Restart the service, once the update is installed. This, of course, would need to be done every time you install an update; or

 - Assign the ColdFusion user account the privileges to start/stop the service. This would be a one-time fix.

If you are using Windows 2003 server, XP you can follow this blog post, to assign start/stop privileges to the ColdFusion service user account. But, if you are on a later edition of Windows such as Windows 7 or Windows 2012 server, you can keep on reading.

Windows Service Controller command can be used to set permissions on a Windows service. We will be using the following 2 variants of the command :

SDSHOW : To display the permissions on a service. 

syntax : sc [<ServerName>] sdshow <ServiceName> <ServiceSecurityDescriptor>

SDSET : To set the permissions on a service.

syntax : sc [<ServerName>] sdset <ServiceName> <ServiceSecurityDescriptor>

The security descriptors in the syntax above are represented by what is known as "Security Descriptor Definition Language" (SDDL). An SDDL descriptor has it's own syntax and formatting conventions which, at first, may seem a bit intimidating, and I might add, somewhat bland. But we will just dwell on the elementary details that are relevant to our purpose. If you want to get into the nuances of the Language you can check out the resources referenced at the end of this post.

Before modifying the permissions to a service , it would be a good idea to view the permissions first. To do that run the following command:

sc SDSHOW "ColdFusion 2016 Application Server"

You can find out the name of the service from the service properties in the Services window. The output should be something similar to the following :


I'll break down the output above into subsections and try to describe them.


The prefix D is for discretionary access control list (DACL) permissions. it identifies users or groups that are allowed or denied access to a secured object.


The prefix S is for system access control list (SACL) which controls how access is audited. It enables administrators to log attempts to access a secured object in security event logs. This section is not pertinent to our interest, and hence will not be discussed further. 

Each segment enclosed by parentheses such as "(A;;CCLCSWRPWPDTLOCRRC;;;SY)", is an ACE or "Access Control Entry". It describes the permissions to a specific user or group.

The first letter in the ACE specifies the ACE type. 'A' here denotes "Allow". Similarly a 'D' would denote "Deny".

The next set of letters ("CCLCSWRPWPDTLOCRRC") denote the permissions. It is a combination of sets of 2 letters that specify the nature of permission. I'll list out the components below :

CC : SERVICE_QUERY_CONFIG – ask the SCM for the service’s current configuration

DC : Delete All Child Objects



RP : Read all properites

WP : Stop the service




SD : Delete

RC : READ_CONTROL – read the security descriptor on this service.

WD : Modify permissions

WO : Modify owner


The last code in ACE denotes the trustee. Some of the values it can take are:

SY : Local system

BU : Built-in users

IU : Interactively logged-on user

BA : Built-in administrators

If the intent is to modify the permission for a specific user and not a group, then you should rather use the SID associated with that user account. Suppose the ColdFusion Application service is running with a non-administrator account called "cfuser". To get the security identifier (SID) for "cfuser" account, you can execute the following WMIC command :

wmic useraccount where name='cfuser' get sid

That should output something similar to the following:



To enable start/stop permission for "cfuser" on ColdFusion Application service, you can use the output generated in the SDSHOW command and append an ACE element for "cfuser" with the desired permission set, as follows : 


And, of course, you should run the command with administrator privileges.

If you are using other ColdFusion services, such as ColdFusion Add-on Services, ColdFusion .NET Service, ODBC Agent and ODBC server, you can follow the same steps as above to change permissions to them.