ColdFusion 2016 API Manager Update 1 released

Update 1 for ColdFusion 2016 API Manager was released on 9th June 2017.

It introduces new features such as a JavaScript connector for configuring User Store, a new Token-based authentication support and packages enhancements like additional Swagger import options and logging for API request and response.

It also fixes several bugs in security, publisher portal and server core and workflows related to SOAP proxy, Swagger and SOAP to REST. For further details on the new features, the installation instructions and the manual download link refer this technote. For the list of bugs fixed with this update refer this webpage.

To be able to apply this update, ensure that you are using an API Manager installation from the latest API Manager installer. The installer was refreshed on Dec 13, 2016. An API Manager installation that has been installed with the new installer would be on build no. 301768.

Post update installation, the build for the API Manager should change to ColdFusion API Manager 2016,0,1,302960. You can validate this by using the apimanagerinfo (.sh/.bat) utility in <CFAPIM_root>/bin directory.

ColdFusion 2016 : Support for Windows Server 2016

We have updated the Windows 64-bit installer for ColdFusion 2016, to support Microsoft Windows Server 2016. The Add-on services installer and the .NET service installer for ColdFusion 2016 have also been refreshed.
You can access the server installer by clicking on the "free trial" or the "buy now" link in the ColdFusion product page at Adobe.com. You may download the aforementioned additional installers at the ColdFusion support page

The ColdFusion 2016 support matrix would be updated soon to reflect the support for the new platform.

The refreshed installer comes with the Update 3 baked-in. After installing the server, you may bring it up to the current update level, by installing Update 4. You can follow the instructions at this technote to download and install Update 4. If you need any help with installing ColdFusion server you may refer the installation instructions at this technote.

The installers for ColdFusion Builder 2016 and ColdFusion API Manager would soon be refreshed to support Windows Server 2016.

ColdFusion 2016 Update 4, ColdFusion 11 Update 12 and ColdFusion 10 Update 23 released

This post is to announce the release of the following ColdFusion updates:

ColdFusion 2016 Update 4

ColdFusion 2016 Update 4 upgrades Tomcat to version 8.5.11.0 and fixes 115 bugs (including 52 external bugs) in areas such as Security, Language, Charting and Performance. This update also addresses vulnerabilities mentioned in the security bulletin APSB17-14.  For details and instructions on how to apply this update refer this technote.

ColdFusion 11 Update 12

ColdFusion 11 Update 12 upgrades Tomcat to version 7.0.75. It also addresses vulnerabilities mentioned in the security bulletin APSB17-14 and fixes 59 bugs (including 28 external bugs) related to areas such as AJAX, Charting and Language. For details and instructions on how to apply this update refer this technote.

ColdFusion 10 Update 23

ColdFusion 10 Update 23 upgrades Tomcat version to 7.0.75. This update addresses vulnerabilities mentioned in the security bulletin APSB17-14 and includes a total of 17 bug fixes (including 7 external bugs) related to Language, Charting, Scheduler, Document Management and certain other areas. For details and instructions on how to apply this update refer this technote.

The build number after applying thse updates should be:

2106,0,4,302561 for ColdFusion 2016;
11,0,12,302575 for ColdFusion 11.
10,0,23,302580 for ColdFusion 10.

Note:

  • Support for Windows Server 2016 will be introduced with the refreshed full ColdFusion 2016 server installer which will be made available shortly. Update: The new installer is now available, as of Apr 28.
  • The core support for ColdFusion 10 effectively ends on May 16, 2017. It will, therefore, receive no further updates. For detailed support timelines, see this EOL matrix.

 

 

ColdFusion Nginx Connector – Initial Performance Numbers

We recently announced the availability of Nginx connector for ColdFusion 2016. This post talks about the initial performance numbers we have seen with ColdFusion and Nginx. The numbers seen are only indicative. Continued efforts are being put to improve performance on Nginx Connectors.

The Specifics on installing and configuring connector are listed in the following document,
http://cfdownload.adobe.com/pub/adobe/coldfusion/nginx/prerelease/v7/Configuring_Nginx_with_ColdFusion.pdf

 

Nginx Optimizations:
Before collecting performance numbers, a handful of optimizations were done to the Nginx Configurations. The Nginx Tuning Guide was referred before making these changes.

  • Updating the number of worker processes to use one worker per CPU.
    • worker_processes  auto;
  • Worker connections count updated to an appropriate value.
    • worker_connections 1024;
  • Keep Alive request count updated to 150.
    • keepalive_requests  150;
  • Connection queue size updated in /etc/sysctl.conf,
    • net.core.somaxconn = 65536
    • net.ipv4.tcp_max_tw_buckets = 1440000

 

Baselines and Performance Numbers:

To comparatively measure the performance of the Nginx connector, we collected baselines for the following configurations:

  • ColdFusion – Vanilla ColdFusion 2016 with requests served by the bundled Tomcat server.
  • Nginx Proxy – The traditional method to configure ColdFusion with Nginx. The nginx.conf file used for this purpose can be downloaded here.  
  • Apache Connector – Amongst the supported webservers, Apache connector is the most suitable due to parity with platforms.

Baselines were captured for two CFM pages, one, a simple Hello World, and another, a more complex CFM page which uses getRealPath, CGI variables, references static content and invokes a CFC via REST.

All requests were executed with 100 concurrent threads for the duration of 180 seconds and averaged over 3 executions. The results are listed below.

 

Simple CFM – Hello World     

 

Throughput
(req/sec)

ART
(ms)

ColdFusion

10088.80

8.67

Nginx Proxy

10301.27

9

Apache Connector

9933.70

9.33

Nginx Connector

9427.77

9.66

Nginx Connector with CFM handler only

10097.13

9

 

Complex CFM – Includes static content, getRealPath, CGI, POST Request

 

Throughput
(req/sec)

ART
(ms)

ColdFusion

36.90

2658.67

Nginx Proxy

37.13

2650.67

Apache Connector

37.53

2620.33

Nginx Connector

37.37

2635.67

 

 

 

 

 

 

 

Going by the initial numbers, performance on Apache stands uncontested. Nginx Proxy shows better performance than the Nginx connector when smaller payloads are being processed, with ColdFusion doing all the processing. This is because ColdFusion registers a large number of handlers, as seen in the connector configuration file, ‘ajp_location.conf’. Having only the CFM handler registered, results in numbers very similar to Nginx Proxy.

The other benefits that the Nginx connector provides, that Nginx Proxy does not, are CGI scope variables support and Search-Engine-Safe URL support. Additional restrictions such as having a unified webroot for ColdFusion and Nginx also come into play with Nginx Proxy, making it an impractical solution for deployments.

While we continue to work on the connector performance, do share your feedback and inputs on using the Nginx connector. 

ColdFusion 2016 installer refreshed.

The server and express installers for Adobe ColdFusion (release 2016) have been refreshed. The installers are available for download at the ColdFusion product page at www.adobe.com. The new installer includes the following changes:

  • The API Manager installer is decoupled from the ColdFusion Server installer.
  • The new API Manager installer incorporates certain new features such as multi-tenancy, enhanced security, configurable policies, a dedicated update mechanism and support for Redis cluster and request/response compression. For a detailed description of these new features follow the links embedded in this technote. The API Manager installer would be made available very soon. We will update this post to share the location where the installer would be hosted.
  • The ColdFusion installer incorporates ColdFusion 2016 Update 3 and updates JDK to version 1.8.0_112. For details on the changes that went out with Update 3 refer the Update 3 Release Notes document. The build number for this installation should be 2016,00,03,301771.
  • The features listed below have been retired from the product and no longer ship with ColdFusion. For a detailed overview of the affected areas, refer the "Portlets" and "YUI and Spry" sections of the coldfusion-deprecated-features technote. In case you need to use any of these libraries you can download them from locations mentioned below.
    • Portlets. download (md5 checksum : 93273a7b4ab8c650e5fa9cece518e099);
    • YUI. download (md5 checksum : 827e0f8395d176ac28f46ed5e78004fd);
    • Spry. download (md5 checksum : 750c275c20b291f00c1ba92c855a09d7).

 To integrate the downloaded library, follow the instructions below:

  1. Stop ColdFusion sever.
  2. Download the libraries from the links mentioned above.
  3. Extract the downloaded files to the following locations:
    • Extract portlets.zip file to <cf_root>/cfusion directory. Update the web.xml file at <CF_HOME>/cfusion/wwwroot/WEB-INF to re-introduce the mappings mentioned in the "Portlets" section of this technote.
    • Extract yui.zip and spry.zip to ColdFusion's webroot at <cf_root>/cfusion. If your scripts directory is mapped to a non-default location (setting at CF admin > Settings > Default ScriptSrc Directory), unpack the zipped package manually and place it in the custom location following the structure in the package.
  4. Restart ColdFusion server.

If you are restoring just the YUI or Spry libraries, restarting the ColdFusion server is not required.

Revisions

20 Dec, 2016 –  added the web.xml mappings step in restoring portlets instruction. added reference to coldfusion-deprecated-features article.

 

 

Prerelease build of Nginx connector for ColdFusion 2016 now available

Nginx is a high-performance and open-source web server that is widely used in the web communityIt can now be configured with ColdFusion 2016. With this post we are making available the prerelease build of the web-server connector for testing purposes. 

The prerelese build is in the form of an Linux 64-bit installer that packages the following 2 components:

– The Nginx web server installer. This installer is a variant of the standard Nginx installer that packages the AJP modules that enbable the communication between the webserver and ColdFusion.

– WSconfig.jar. This is a modified version of the library present in ColdFusion's <cf_root>/cfusion/lib directory, that is required by the WSConfig tool when configuring a web server connector. 

For detailed instructions on installing the webserver and configuring the connector, refer this document.  

We will look forward to your suggestions and feedback.

Click on this link to download the source for the Ngnix Connector.

Revision (09 Jan 2017): The download link for Ngnix Connector source added.

 

 

Removing Corrupt Connector Dependencies from IIS

This blog post talks about a few scenarios related to connector misconfiguration and ways to handle them. The most common scenarios discussed in this article are

  • Connectors that are created for ALL and individual websites at the same time.
  • Multiple attempts to add/remove the connectors during configuration.

As a best practice, remove the connector using the WSCONFIG utility. Once the connectors are removed, verify that there are no residual files/settings/configuration remains, using the steps mentioned below. (WSCONFIG Utility location: ColdFusion<instance>runtimebin)

Consider a scenario where, upon launching the WSCONFIG utility, you see the following dialog box:

In this scenario, configuration conflict might occur, since the same connector is created for both ALL and individual website (for this case).

Follow the below steps to fix the connector misconfiguration:

  1. Remove both the connectors one by one, as shown in the below image. Select the connector and click “Remove”.

  1. In the dialog below, click “Yes” to continue.

  1. You can see that the first connector is now removed.

  1. Repeat the process for the other connectors. In this scenario, there are only two connectors.
  2. Launch IIS Manager.
  3. Click on any website (in this case, CF11) and double-click Handler Mappings.

 

 

  1. Manually remove all the ColdFusion handlers as shown below (if present):

 

  1. Navigate to “CF11” website and double-click ISAPI Filters.

 

 

  1. Remove “tomcat” entries (if any), as shown below:

 

  1. Repeat steps “-6-” to “-9-”, for all the sites with duplicate or corrupted connector settings.
  1. Navigate to the IIS Server home and double-click Handler Mappings.

 

 

  1. Remove all ColdFusion handler entries (if any), as shown below:

 

  1. Navigate to IIS Server and double-click on ISAPI Filters

 

 

  1. Remove entries for tomcat if any as shown below:

 

 

  1. Navigate to IIS Server and double-click ISAPI & CGI Restrictions.

 

  1. Remove all entries of tomcat as shown below:

 

  1. Once all the above entries have been verified and removed, launch the command prompt as Administrator (or with elevated privileges) and run IISRESET.

  1. Run the WSCONFIG utility to recreate the connector and test your website

 

Configuring Data Sources using Admin API in ColdFusion

Today, APIs are widely used and are very popular in the developer community. APIs make work easier, as developers can perform difficult task programmatically and automate repeatable routines.

In ColdFusion, there are Admin APIs available through which developers can add, modify, and delete Admin task programmatically. This is helpful for developers who do not have access to ColdFusion Administrator, for example, component event gateway, data sources, mail, and so on.

To access the components, use the below link, RDS needs to be enabled.

    http://{ip address}:<port>/CFIDE/adminapi/

 

How to enable RDS in ColdFusion Administrator

  • Login to ColdFusion Administrator>Security>RDS

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Let us see how the Data Sources can be added in ColdFusion Administrator using the Data Sources Admin API. You can use the syntax to add and modify the Data Sources without affecting the other admin settings. There are multiple attributes that can be used to add the DB which are supported in ColdFusion. For attribute details, please refer to this doc:
http://helpx.adobe.com/coldfusion/configuring-administering/data-source-management-for-coldfusion.html

We will discuss about Microsoft SQL server and Oracle (RAC) with Macromedia driver and Thin drivers. Before that, let us take a look into the Data Source Management for ColdFusion, where users can add parameters.

 

Data Source Management for ColdFusion

This document has all the components which user can define create database connection using Admin API. Please refer to the link below https://helpx.adobe.com/coldfusion/configuring-administering/data-source-management-for-coldfusion.html

 

Using Macromedia driver MSSQL

ColdFusion provides MSSQL driver in both Standard and Enterprise editions. This example is with Macromedia drivers:

See the sample script below:

<cfscript>

    // Login is always required. This example uses two lines of code.

    adminObj = createObject("component","cfide.adminapi.administrator");

    adminObj.login("PASSWORD");  //CF admin password.

    // Instantiate the data source object.

    myObj = createObject("component","cfide.adminapi.Data Sources");

    // Create a DSN.

    myObj.setOther(driver="macromedia.jdbc.MacromediaDriver",

                                url="jdbc:macromedia:sqlserver://localhost:1433;databaseName=CaseResolution"       

                                class="macromedia.jdbc.MacromediaDriver"

        name="jd",

        login_timeout = "29",

        timeout = "23",

        interval = 6,

        buffer = "64000",

        blob_buffer = "64000",

        setStringParameterAsUnicode = "false",

        description = "JD",

        pooling = true,

        maxpooledstatements = 999,

        enableMaxConnections = "true",

        maxConnections = "299",

        disable_clob = true,

        disable_blob = true,

        disable = false,

        storedProc = true,

        alter = false,

        grant = true,

        select = true,

        update = true,

        create = true,

        delete = true,

        drop = false,

        revoke = false );

</cfscript>

 

Using Macromedia driver MSSQL when using OTHER as driver

Copy the MSSQL driver in cfusionlib and restart ColdFusion service.

See the sample script below:

<cfscript>

    // Login is always required. This example uses two lines of code.

    adminObj = createObject("component","cfide.adminapi.administrator");

    adminObj.login("PASSWORD"); //CF Admin password

    // Instantiate the data source object.

    myObj = createObject("component","cfide.adminapi.Data Sources");

    // Create a DSN.

    myObj.setOther(driver="macromedia.jdbc.MacromediaDriver",

                                url="jdbc:microsoft:sqlserver://HOST:1433;DatabaseName=DATABASE",      

                                class=" com.microsoft.jdbc.sqlserver.SQLServerDriver",

        name="jd",

        username="",

        password="");

</cfscript> 

 

Using Macromedia driver Oracle when using OTHER as driver

This example describes when users using Oracle RAC with a service name, as ColdFusion do not allow users to add Service name in ColdFusion Admin because only SID is available.

See the sample script below:

<cfscript>

    // Login is always required. This example uses two lines of code.

    adminObj = createObject("component","cfide.adminapi.administrator");

    adminObj.login("PASSWORD");  //CF Admin password

    // Instantiate the data source object.

    myObj = createObject("component","cfide.adminapi.Data Sources");

    // Create a DSN.

    myObj.setOther(driver="macromedia.jdbc.MacromediaDriver",

                                url="jdbc:macromedia:oracle://localhost:1521; service_name=DEV",            

                                class="macromedia.jdbc.MacromediaDriver",

        name="DATA SOURCE NAME",

        username="DB USERNAME",

        password="PASSWORD");

</cfscript>

 

Using Oracle thin driver Oracle when using OTHER as driver

ColdFusion Standard does not provide Oracle driver as it is part of ColdFusion Enterprise. To add Oracle DB in Standard edition, use Oracle thin driver and place it in cfusionlib and restart ColdFusion to load it.

See the sample script below:

<cfscript>

    // Login is always required. This example uses two lines of code.

    adminObj = createObject("component","cfide.adminapi.administrator");

    adminObj.login("admin");

    // Instantiate the data source object.

    myObj = createObject("component","cfide.adminapi.Data Sources");

    // Create a DSN.

    myObj.setOther(driver="oracle.jdbc.driver.OracleDriver",

                                url="jdbc:oracle:thin:@//localhost:1521/DEV", 

                                class="oracle.jdbc.driver.OracleDriver",

        name="DATA SOURCE NAME",

        username="DB USERNAME",

        password="DB PASSWORD");

</cfscript>

 

Note: If you are using Sandbox security, user has to provide access to Admin API. Refer this doc: http://help.adobe.com/en_US/ColdFusion/10.0/Admin/WSc3ff6d0ea77859461172e0811cbf364104-7fcf.html

 

Installing and troubleshooting Java updates in ColdFusion

With the recent ColdFusion releases, we have come across many queries regarding Java updates. The table below shows the default Java shipped with the supported versions.

 ColdFusion Version  Base Installer  Refreshed Installer
 ColdFusion 2016  1.8.0_72   NA
 ColdFusion 11  1.7.0_55   1.8 _25
 ColdFusion 10  1.6.0_29  1.7.0_15

 

Now, let us look at the supported Java versions for ColdFusion 2016,11 & 10.

Java Version  ColdFusion 2016  ColdFusion 11  ColdFusion 10
Java 1.8  All the updates  Update 3 and above  Update 14 and Above
Java 1.7  Not Supported  Update 2 and earlier  Update 8 and Above
Java 1.6  Not Supported  Not Supported  Update 7 and earlier

 

Once the support for a major version of Java is added, it also covers all the minor/sub versions.

 

Upgrading to Java 1.8:

  1. Download the latest version of Java from http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html. Please make sure that you download 64-bit Java for 64-bit ColdFusion and 32-bit Java for 32 bit ColdFusion.
  2. Run the installer to install Java.
  3. Take a backup of jvm.config(located at <cf_install_root>cfusionbin)
  4. To change from ColdFusion’s default Java, modify the Java home url in either jvm.config or in ColdFusion administrator (Settings ->Java and JVM -> Java virtual machine path).
  5. Restart ColdFusion after making the changes.
  6. To verify the update, log in to ColdFusion Administrator and see verify the newer Java version .

If you are using Web Services, please do the following:

  1. Take a backup of tools.jar from {cf_install_home}/cfusion/lib/
  2. Copy tools.jar from {JDK8_Home}/lib to {cf_install_home}/cfusion/lib/
  3. Clear the stubs from {cf_install_home}/cfusion/stubs/ to get the newly compiled classes.

 

Note: Any SSL certificates added to the previous JDK will also need to be re-added to the new JDK (cacerts) file.

You can use Java keytool tool located in Javajre1.8.0_XXbin to import the certificate.  You can use the below command:

keytool -import -alias name -keystore Javajre1.8.0_XXlibsecuritycacerts -file mycert.cer

 

Java upgrade issues and troubleshooting

  1. If you are unable to start ColdFusion after the Java update:
  • Check the location of Java home in jvm.config.
  • The Java auto-update modifies the Java install directory location, which causes failure to ColdFusion start. Disable the java auto upgrade.
  • Try starting ColdFusion from command line to see specific errors. If the error is "Error loading: C:Program FilesJavajdk1.X.Xjrebinserverjvm.dll", then copy the msvcr100.dll file to <cf_install_root>/cfusion/bin from {JDK8_Home}/bin (for Windows OS).
  1. After importing certificates, if you have issues related to SSL, then you need to enable debugging for SSL. Take a backup of jvm.config at ColdFusioncfusionbin and add -Djavax.net.debug=all under the “Arguments to VM” in jvm.config. This would require a CF service restart. The argument would append the debugging info to the coldfusion-out.log at ColdFusioncfusionlogs.