ColdFusion (2016 release) – Security audit report

As you are probably aware, with each version of ColdFusion, security is at the top of the priority list. With the latest release of ColdFusion, it is not just the security related features. Emphasis was laid on the inherent security of the ColdFusion platform by itself. To validate this, the PSIRT (Product Security Incident Response Team) at Adobe helped arrange a third party security audit for ColdFusion. The audit did come up with a few findings. Our Product engineers did an excellent job of mitigating all the findings to the fullest. 

To validate the above claim, we now have a public facing security report, from the agency that performed the security audit, indicating that 100% of all findings have been mitigated. Here is the public facing report with all the details. You can also view the link to this security audit report under datasheets and whitepapers section of the ColdFusion product home page on the Adobe website.

Submitting your wishlist for the next version of ColdFusion

Here is a way to let us know your wishlist for the future versions of ColdFusion. The process is really simple.

 

1. Log into the public bug tracker https://bugbase.adobe.com

2. Click on Add Bug. 

3. Choose ColdFusion as the product and version as 2016. Remember, the version to be selected is 2016.

4. Select product area as wishlist and submit your list in the bug description.

 

That’s it! We would love to hear your thoughts on what you would like to see as a part of upcoming versions.

 

 

Installers for ColdFusion (2016 release) and ColdFusion Builder (2016 release) refreshed

The installers for ColdFusion (2016 release) and ColdFusion Builder (2016 release) have been refreshed. The only change between the old and new installers is the refresh of certain branding assets (no change in the underlying code). 

The new build number for ColdFusion (2016 release) is 298074 (was 297996 earlier) and for ColdFusion Builder (2016 release) is 298077 (was 298004 earlier). Some, if not all, branding assets refresh will also be fixed as a part of the first update so that users on previous installation get the latest branding assets.

Pre-release for API Management capabilities in ColdFusion Raijin

Organizations today are unlocking the value of their data, IP and services  by sharing the same with their ecosystem(customers, internal teams, partners, vendors, suppliers etc.) at a furious pace– often over the mobile networks. With Raijin we now add the capability to not just build and share REST/SOAP services easily we will now allow you to manage, monitor, regulate and secure these services easily.

Our research shows, once a API is written, the next questions, that a company or organization has to answer before making the API production ready are:

1. Who do I give access to APIs?

2. How do I control the access to these APIs? For instance how do I restrict the usage of certain APIs to a selected few? Even within an API how do I provide granular control over the methods available in an API?

3. How do I let developers wanting to use my APIs understand the APIs that I have exposed and test them out before writing applications to consume these APIs?

4. How do I monetize the APIs by creating various access plans and associating end developers to a particular plan based on their subscription?

5. How do I track the usage of APIs so that I align backend to the demand and also gain insights to how my end developers are using the APIs?

6. How do I track and manage various versions of the APIs I create?

7. How do I transform my legacy APIs into newer RESTful services with all the best practices associated while still maintaining the usage of the legacy API?

 

With Raijin, we are introducing an API manager that can accomplish all of the above and more.

 

If you are interested in trying out the API manager with the REST or SOAP based APIs that you have, then please reach out to us at CFPrerelease@adobe.com so that we can add you the pre-release for API manager component in Raijin.

We look forward to your participation.

 

 

 

 

Running ColdFusion 10 and 11 on Windows 10

 

Important update: Note that ColdFusion 10 and 11 have been updated to support Windows 10, a few weeks after this blog post was first written. Consider applying that update rather than this preliminary wsconfig update.

 

Windows 10 is not certified yet with ColdFusion 10 and 11. The certification will be available as part of the next update. However, you can run ColdFusion 10 or ColdFusion 11 on your development environment by following the below outlined steps. 

ColdFusion 11 32-bit/64-bit

Link for updated wsconfig.jar

1.       Please take a backup of the existing wsconfig.jar at ColdFusion11cfusionruntimelib and move it outside ColdFusion directory.

2.       Stop the ColdFusion services and remove the older wsconfig.jar. 

3.       Download the jar files from the links above.

4.       Place them in the location mentioned in Step1 and restart IIS/ColdFusion.

5.       Please take a backup of the connector folder at ColdFusion11configwsconfig[magic number].

6.       Recreate the connector and test your application.

 

ColdFusion 10 32-bit/64-bit

Link for updated wsconfig.jar

1.       Please take a backup of the existing wsconfig.jar at ColdFusion10cfusionruntimelib and move it outside ColdFusion directory.

2.       Stop the ColdFusion services and remove the older wsconfig.jar. 

3.       Download the jar files from the links above.

4.       Place them in the location mentioned in Step1 and restart IIS/ColdFusion.

5.       Please take a backup of the connector folder at ColdFusion10configwsconfig[magic number].

6.       Recreate the connector and test your application.

 

In case you will have any questions please feel free to contact us at cf.install@adobe.com and we will be more than happy to assist you.

New Product Roadmap for ColdFusion

Here is the public facing roadmap for the upcoming two major versions of ColdFusion. The document lists out only the high level directions that are being considered for the future releases.

ColdFusion Product Roadmap (2015)

Here is the disclaimer about this public facing roadmap.

The intended future features or directions described in this document are under consideration by Adobe Systems and are not commitments for future products, technologies, or services. The roadmap is subject to change at Adobe Systems’ sole discretion and Adobe Systems does not guarantee the features or release dates.

Code names for ColdFusion server and ColdFusion Builder

Here are the new code names for the next versions of ColdFusion server and ColdFusion Builder. 

The next major version of ColdFusion server is codenamed Raijin. Raijin is the Japanese lightning God

The subsequent version of ColdFusion server post Raijin has been codenamed Aether. Aether is the greek god of upper atmosphere.

We continue to the trend of basing our code names on mythological characters. Also note that the next version of ColdFusion server was previously announced as Dazzle. Dazzle is no longer our code name and instead comes Raijin.

For ColdFusion Builder the next version is codenamed Blizzard (as previously announced) and the version post that is code named Avalanche.

Thanks to Dave Epler and Aaron Neff for recommending the code names Raijin and Aether.

The pre-release for Raijin will commence shortly.

Say hello to Raijin and Blizzard!

 

 

 

 

 

Winner of the Mobile Application Development Contest

A few months ago we announced the ColdFusion 11 Mobile Application Development Contest. The entries have now been judged. Thanks to Simon Free and Dave Ferguson for their contributions in judging the winner of the contest.

We got only two final submissions for the contest although many others expressed interest in submitting one.

The two submissions were,

1. Shakesperean Curses by Nicholas Claaszen and

2. CFClient Sampler by Brad Wood

A big round of applause to both Nicholas and Brad for their participation in the contest!

The winner of the contest is Brad Wood for his submission CFClient Sampler.

Congratulations Brad.