ColdFusion 11 Update 11 and ColdFusion 10 Update 22 released

This post is to announce the release of ColdFusion 11 Update 11 and ColdFusion 10 Update 22.
Update 11 and Update 22 fix approximately 164 and 45 bugs respectively. For the list of bugs fixed in these updates, refer the following documents:
Bugs fixed with Update 11
Bugs fixed with Update 22

Follow the steps below to apply the updates:

  1. Navigate to ColdFusion Administrator -> Server Updates -> Updates.
  2. Switch to the "Settings" tab.
  3. Ensure that the update site URL is set to the right value by clicking on the "Restore Default URL" button.
  4. Click on "Submit changes" to save your changes.
  5. Switch to "Available Updates" tab. Click on "Check for Updates".
  6. "ColdFusion 11 Update 11" or "ColdFusion 10 Update 22" should be listed under the "Available updates" tab. 
  7. Click on the "Download and Install" button to install the update.

Refer the following technotes for instructions and other details related to the updates:

ColdFusion 11 Update 11 technote 
ColdFusoin 10 Update 22 technote

To apply these updates manually, download the required update by clicking on one of the applicable links below:

ColdFusion 11 Update 11 jar
ColdFusoin 10 Update 22 jar
 
To run the downloaded jar, execute the following command:
java -jar <jar-file-dir>/hotfix_0xx.jar
You should use the JRE used by ColdFusion for running the update jar (for standalone CF, it should be <cf_root>/jre/bin)
For further details on the manual application of the updater follow this help article.
 
The build number after applying this update should be:
11,0,11,301867 for ColdFusion 11;
10,0,22,301868 for ColdFusion 10.

Security fix for ColdFusion Builder 3 released

An important security fix for ColdFusion Builder 3 is now available for download. For more information on the vulnerability refer APSB16-44.

You can download the patch from here (md5 checksum : b67914e27ca4fb8e0fc5ecd354e9a330). Apply this patch to secure your ColdFusion Server and Builder installation. Follow the installation instructions detailed at this technote

ColdFusion 2016 installer refreshed.

The server and express installers for Adobe ColdFusion (release 2016) have been refreshed. The installers are available for download at the ColdFusion product page at www.adobe.com. The new installer includes the following changes:

  • The API Manager installer is decoupled from the ColdFusion Server installer.
  • The new API Manager installer incorporates certain new features such as multi-tenancy, enhanced security, configurable policies, a dedicated update mechanism and support for Redis cluster and request/response compression. For a detailed description of these new features follow the links embedded in this technote. The API Manager installer would be made available very soon. We will update this post to share the location where the installer would be hosted.
  • The ColdFusion installer incorporates ColdFusion 2016 Update 3 and updates JDK to version 1.8.0_112. For details on the changes that went out with Update 3 refer the Update 3 Release Notes document. The build number for this installation should be 2016,00,03,301771.
  • The features listed below have been retired from the product and no longer ship with ColdFusion. For a detailed overview of the affected areas, refer the "Portlets" and "YUI and Spry" sections of the coldfusion-deprecated-features technote. In case you need to use any of these libraries you can download them from locations mentioned below.
    • Portlets. download (md5 checksum : 93273a7b4ab8c650e5fa9cece518e099);
    • YUI. download (md5 checksum : 827e0f8395d176ac28f46ed5e78004fd);
    • Spry. download (md5 checksum : 750c275c20b291f00c1ba92c855a09d7).

 To integrate the downloaded library, follow the instructions below:

  1. Stop ColdFusion sever.
  2. Download the libraries from the links mentioned above.
  3. Extract the downloaded files to the following locations:
    • Extract portlets.zip file to <cf_root>/cfusion directory. Update the web.xml file at <CF_HOME>/cfusion/wwwroot/WEB-INF to re-introduce the mappings mentioned in the "Portlets" section of this technote.
    • Extract yui.zip and spry.zip to ColdFusion's webroot at <cf_root>/cfusion. If your scripts directory is mapped to a non-default location (setting at CF admin > Settings > Default ScriptSrc Directory), unpack the zipped package manually and place it in the custom location following the structure in the package.
  4. Restart ColdFusion server.

If you are restoring just the YUI or Spry libraries, restarting the ColdFusion server is not required.

Revisions

20 Dec, 2016 –  added the web.xml mappings step in restoring portlets instruction. added reference to coldfusion-deprecated-features article.

 

 

ColdFusion 11 Update 11 and ColdFusion 10 Update 22 PreRelease build available for download

NOTE: THIS POST has been made obsolete with the final release of these updates in Dec 2016. Please see the post announcing that.

The information below, this post and its comments, is left for history sake.

ColdFusion 11 Update 11 and ColdFusion Update 22 early access builds are now available for your testing and feedback. Please note that these are test builds and should not be used in a production environment.

For the list of bugs fixed with these updates, refer the following documents:

Follow the steps below to apply the update.

  1. Navigate to ColdFusion Administrator -> Server Updates -> Updates.
  2. Under Settings tab, check "Automatically Check for Updates" check box
  3. Change the Site URL to https://cfdownload.adobe.com/pub/adobe/coldfusion/PR/updates.xml. 
  4. Click Submit to save your changes.
  5. Under the "Available Updates" tab, click on the “Check for Updates” button.
  6. "ColdFusion 11 Update 11" or "ColdFusion 10 Update 22" should be listed under the "Available updates" tab. 
  7. Click on the "Download and Install" button to install the update.
To apply this update manually, download the required update by clicking on one of the applicable links below:
 
To run the downloaded jar, execute the following command:
java -jar <jar-file-dir>/hotfix_0xx.jar
You should use the JRE used by CF for running the update jar (for standalone CF, it should be <cf_root>/jre/bin)
For further details on the manual application of the updater follow this help article.
 
The build number after applying this update should be
11,0,11,300779 (Pre-Release) for ColdFusion 11;
10,0,22,300783 (Pre-Release) for ColdFusion 10.
 

In case, you have configured local site for receiving the update notifications, then please take back up of the URL before changing it to the prerelease URL.

We will look forward to your valuable feedback and suggestions.

Updates for ColdFusion 2016 and ColdFusion Builder 2016 are available now

This post is to announce the availability of updates for ColdFusion 2016 and ColdFusion Builder 2016.

ColdFusion (2016 release) Update 3

ColdFusion 2016 Update 3 includes support for Windows 10 Version 1607 and IBM Websphere Application Server 9. It also includes approximately 180 bug fixes(including ~100 external bugs) related to Language, Document Management, Serialization, Net Protocols, Database, Administrator and a few other areas.

For more details, refer this tech note.

ColdFusion Builder (2016 release) Update 3

ColdFusion Builder 2016 Update 3 includes:
    1. Important security fixes
    2. Bugs fixes in the areas of Editor and Security Code Analyzer.
    3. Upgraded PhoneGap libraries(from version 5.2.0 to version 6.0.0)
    4. Dictionary (Code Assist) changes to accommodate the changes/enhancements in ColdFusion 2016 Update 3 and earlier.
    
For more details, refer this tech note.

NOTE: We will be back porting all the important/applicable fixes to ColdFusion 10 and 11 version. Pre-release build for the same will be available in a couple of weeks for your feedback.

ColdFusion Builder (2016 release) Update 3 prerelease available

ColdFusion Builder (release 2016) Update 3 prerelease build is available for your testing and feedback. This update includes the following changes :

  • 25 bug fixes including an important security fix and some Security Analyzer fixes.
  • PhoneGap has been upgraded from version 5.2.0 to version 6.0.0.
  • Dictionary (Code Assist) changes to accomodate the changes/enhancements in ColdFusion Server Update3. For details on what is new in ColdFusion Server Update 3, refer this blog post.

For instructions on how to apply this update and details on what is new with this udpate refer this document. For the list bugs fixes and the known issue(s) with this update, refer this document. 

After applying this update, the ColdFusion Builder build number should change to 3.1.3.300251.

ColdFusion 2016 Update 3 early access build is now available

ColdFusion 2016 Update 3 early access build is now available for your testing and feedback. It includes support for Windows 10.1 and IBM Websphere Application Server 9 along with approximately 180 bug fixes.

Please note that this is a test build and should not be used in a production environment.

Refer the documents given below for more details on this update:

1. What's New in this update    
2. Issues Fixed in this update
3. Installation Instructions

The build number after applying this update should be 2016.0.03.300232.

In case, you have configured local site for receiving the update notifications, then please take back up of the URL before changing it to the pre-release URL.

We will look forward to your valuable feedback and suggestions.

 

ColdFusion 11 Update 10 and ColdFusion 10 Update 21 released

This post is to announce the release of updates for ColdFusion 11 and ColdFusion 10.
These updates address the security vulnerability CVE-2014-3529, mentioned in the bulletin APSB16-30.
ColdFusion 2016 is not affected by this vulnerability.
Refer the following KB articles for instructions on how to download and install the updates.
ColdFusion 11 Update 10
ColdFusion 10 Update 21

Updates for ColdFusion 2016, ColdFusion Builder 2016, ColdFusion 11 and ColdFusion 10 released

This article announces the release of updates for ColdFusion 2016, ColdFusion Builder 2016, ColdFusion 11 and ColdFusion 10.

These updates address a common vulnerability mentioned in security bulletin APSB16-22.

ColdFusion 2016 Update 2

ColdFusion 2016 Update 2 fixes an important security issue. It also includes some other important fixes related to Language, Security Analyzer, AJAX, document management, SharePoint, CLI, API Manager and a few other areas.

For details, refer this technote.

ColdFusion Builder 2016 Update 2

ColdFusion Builder 2016 Update 2 (standalone) has been upgraded from Kepler to Mars. It includes important updates to Security Analyzer, a few bug fixes related to performance and other bug fixes. PhoneGap has been upgraded to 5.2.

For details, refer this technote.

ColdFusion 11 Update 9

ColdFusion 11 Update 9 fixes an important vulnerability mentioned in the security bulletin APSB16-22. It also includes a few other fixes.

For details, refer this technote.

ColdFusion 10 Update 20

ColdFusion 10 Update 20 fixes an important vulnerability mentioned in the security bulletin APSB16-22. It also includes a few other fixes

For details, refer this technote.

 

ColdFusion 2016 and ColdFusion Builder 2016 Update 2 are available for early access

ColdFusion 2016 and ColdFusion Builder 2016 Update 2 early access builds are now available for your testing and feedback.


Note: The early access builds mentioned here have now been released in final form. So do not use the prerelease files or info below, but rather see the later blog post:

http://blogs.coldfusion.com/updates-for-coldfusion-2016-coldfusion-builder-2016-coldfusion-11-and-coldfusion-10-released


Note that this is a test build and should not be used in a production environment.

ColdFusion 2016 Server

Change the update URL in ColdFusion Administrator -> Server Updates -> Updates -> Settings to the following:

https://cfdownload.adobe.com/pub/adobe/coldfusion/2016/prerelease/updates.xml

Refer this document for issues fixed.

Here are the install instructions for Server.

The build number after applying this update for ColdFusion 2016 should be 2016.0.02.299076

ColdFusion Builder 2016

Refer this document for issues fixed.

Here are the install instructions for Builder

Standalone installation:

Change the update URL in ColdFusion Builder -> Help -> Install New Software -> Add -> Enter this URL in the location field:

For Windows/Linux – https://cfdownload.adobe.com/pub/adobe/coldfusion/2016/prerelease/cfb31standalonerepo/

For OS X – https://cfdownload.adobe.com/pub/adobe/coldfusion/2016/prerelease/cfb31standalonerepomac/

Plugin installation:

Change the update URL in Elicpse 4.5.2 or above -> Help -> Install New Software -> Add -> Enter this URL in the location field:

https://cfdownload.adobe.com/pub/adobe/coldfusion/2016/prerelease/cfb31pluginsrepo/

What’s new in this Update

ColdFusion 2016 Update 2 :

  • Struct Serialization and Array Serialization :

For a struct, there isn’t a way to derive the data type info correctly and hence even today we see serialization issue where a "lastname" is being serialized as Boolean Bug #3337394.

We are providing an API on the Struct class to add metadata information to that struct object. This function will take a struct object wherein the key will be the actual key of the struct and value will be the data type of the value corresponding to that key. For example,

mystruct = StructNew() ;

mystruct.setMetadata({"lastname": "String", "age": "number"}) ;

structsetmetadata(simple,{"value":"boolean","firstname":"string", "currency": { "type": "numeric","name": "usd"}});

writedump (#mystruct.getMetadata()#); //returns: {ordered="insertion|unordered", keys={lastname="string", age="number"}}

For Array also we can set the metadata using setmetadata & getmetadata methods. Array metadata should contain the key “items” in the metadata which specifies the type of the array members.

array.setmetadata({"items":"numeric"});

writedump (#myArray.getMetadata()#); //returns: {"type":"synchronized", items="string"}

Application level support

Other than passing the type info at struct level, you can also define the at application level, like

this.serialization.structmetadata = {zipcode="String"};

If defined as above, you don’t need to define the data type for zipcode for all the struct which contains this key. At run-time, if the metadata of the struct is not passed at struct level but is defined at application level then we will resolve the struct value appropriately as per application metadata info. But if defined at struct, then the defined type at struct level will take priority over the application one.

  • Configure SSL– Access API Manager portals over HTTPS for better encryption and security
  • CAR settings migration– After deploying a CAR file, some settings are not migrated. You can view the list in the Archive Summary page (under the section Settings Never Migrated) while creating CAR as well as during deploying the CAR.
  • New member functions – ArrayDeleteNoCase, YesNoFormat, and BooleanFormat
  • CKEditor – FCK Editor has been deprecated. You can now customize and design text areas in a form using CK Editor in the cftextarea tag.
  • NTLM changes – The ntlmDomain attribute is required if a user is part of a domain. When the user is not part of a domain, the ntlmDomain attribute is optional.
  • Other bug fixes – API Manager, PDF, language, etc.

 

ColdFusion Builder 2016 Update 2

• Security Analyzer – You can view partial scan results after canceling a scan. Search for a file using the filename in Unscanned Files.

• PhoneGap – PhoneGap is upgraded to version 5.2.

• Other bug fixes – Performance, editor, Security Analyzer, etc.

We will look forward to your valuable feedback and suggestions.