Update 4 for ColdFusion Builder 2016 released

ColdFusion Builder 2016 Update 4 is now available for download.

The update adds support for ColdFusion Builder plugin installation on Eclipse Neon and fixes 22 other bugs.  
The bugs fixed are in areas such as Editor (Dictionary, Code Colorization, Code Folding), Security Code Analyzer and  RDS support. 

For instructions on how to download and install the update, refer this technote.
For the list of bugs fixed with this update, refer this technote.

To access the update directly from the ColdFusion Builder GUI, ensure that it it configured with one of the following URLs depending on the CF Builder variant in use :

Stand-alone installation of ColdFusion BuilderClick here!

Plug-in installation of ColdFusion Builder: Click here!

If you need to download the update and apply it manually, you can access the update at:
Stand-alone Update:
Click here! 
Plugin Update:
Click here! 

ColdFusion 2016 : Support for Windows Server 2016

We have updated the Windows 64-bit installer for ColdFusion 2016, to support Microsoft Windows Server 2016. The Add-on services installer and the .NET service installer for ColdFusion 2016 have also been refreshed.
You can access the server installer by clicking on the "free trial" or the "buy now" link in the ColdFusion product page at Adobe.com. You may download the aforementioned additional installers at the ColdFusion support page

The ColdFusion 2016 support matrix would be updated soon to reflect the support for the new platform.

The refreshed installer comes with the Update 3 baked-in. After installing the server, you may bring it up to the current update level, by installing Update 4. You can follow the instructions at this technote to download and install Update 4. If you need any help with installing ColdFusion server you may refer the installation instructions at this technote.

The installers for ColdFusion Builder 2016 and ColdFusion API Manager would soon be refreshed to support Windows Server 2016.

ColdFusion 2016 Update 4, ColdFusion 11 Update 12 and ColdFusion 10 Update 23 released

This post is to announce the release of the following ColdFusion updates:

ColdFusion 2016 Update 4

ColdFusion 2016 Update 4 upgrades Tomcat to version and fixes 115 bugs (including 52 external bugs) in areas such as Security, Language, Charting and Performance. This update also addresses vulnerabilities mentioned in the security bulletin APSB17-14.  For details and instructions on how to apply this update refer this technote.

ColdFusion 11 Update 12

ColdFusion 11 Update 12 upgrades Tomcat to version 7.0.75. It also addresses vulnerabilities mentioned in the security bulletin APSB17-14 and fixes 59 bugs (including 28 external bugs) related to areas such as AJAX, Charting and Language. For details and instructions on how to apply this update refer this technote.

ColdFusion 10 Update 23

ColdFusion 10 Update 23 upgrades Tomcat version to 7.0.75. This update addresses vulnerabilities mentioned in the security bulletin APSB17-14 and includes a total of 17 bug fixes (including 7 external bugs) related to Language, Charting, Scheduler, Document Management and certain other areas. For details and instructions on how to apply this update refer this technote.

The build number after applying thse updates should be:

2106,0,4,302561 for ColdFusion 2016;
11,0,12,302575 for ColdFusion 11.
10,0,23,302580 for ColdFusion 10.


  • Support for Windows Server 2016 will be introduced with the refreshed full ColdFusion 2016 server installer which will be made available shortly. Update: The new installer is now available, as of Apr 28.
  • The core support for ColdFusion 10 effectively ends on May 16, 2017. It will, therefore, receive no further updates. For detailed support timelines, see this EOL matrix.



Security fix for ColdFusion Builder 3 released

An important security fix for ColdFusion Builder 3 is now available for download. For more information on the vulnerability refer APSB16-44.

You can download the patch from here (md5 checksum : b67914e27ca4fb8e0fc5ecd354e9a330). Apply this patch to secure your ColdFusion Server and Builder installation. Follow the installation instructions detailed at this technote

Updates for ColdFusion 2016 and ColdFusion Builder 2016 are available now

This post is to announce the availability of updates for ColdFusion 2016 and ColdFusion Builder 2016.

ColdFusion (2016 release) Update 3

ColdFusion 2016 Update 3 includes support for Windows 10 Version 1607 and IBM Websphere Application Server 9. It also includes approximately 180 bug fixes(including ~100 external bugs) related to Language, Document Management, Serialization, Net Protocols, Database, Administrator and a few other areas.

For more details, refer this tech note.

ColdFusion Builder (2016 release) Update 3

ColdFusion Builder 2016 Update 3 includes:
    1. Important security fixes
    2. Bugs fixes in the areas of Editor and Security Code Analyzer.
    3. Upgraded PhoneGap libraries(from version 5.2.0 to version 6.0.0)
    4. Dictionary (Code Assist) changes to accommodate the changes/enhancements in ColdFusion 2016 Update 3 and earlier.
For more details, refer this tech note.

NOTE: We will be back porting all the important/applicable fixes to ColdFusion 10 and 11 version. Pre-release build for the same will be available in a couple of weeks for your feedback.

ColdFusion 2016 Update 3 early access build is now available

ColdFusion 2016 Update 3 early access build is now available for your testing and feedback. It includes support for Windows 10.1 and IBM Websphere Application Server 9 along with approximately 180 bug fixes.

Please note that this is a test build and should not be used in a production environment.

Refer the documents given below for more details on this update:

1. What's New in this update    
2. Issues Fixed in this update
3. Installation Instructions

The build number after applying this update should be 2016.0.03.300232.

In case, you have configured local site for receiving the update notifications, then please take back up of the URL before changing it to the pre-release URL.

We will look forward to your valuable feedback and suggestions.


ColdFusion Builder 2016 Update 1 released

This update is a companion update to ColdFusion 2016 Update 1 and primarily addresses issues related to Security Code Analyzer and it’s performance.

The issues fixed for this release are listed in this document

This update is applicable for a standalone as well as a plugin installation of ColdFusion Builder. After applying this update, ColdFusion Builder build number should be 298831.

ColdFusion Builder has an automatic update notification that notifies the user of the updates availability.

Application deployed on Network/Remote Path – Identifying Network Latency – Improve Performance

Many a time, ColdFusion application code is deployed on a network path when your ColdFusion deployments are of large-scale and mandated to use network paths.

After setting up the server for the first time, if there is any performance hit, as the first thing you would want to cross-check few things. One of the things to determine is if there is any network latency.

Though you would have got same network within your organization same as earlier, your OS version also would have changed.

Follow the steps below to see if the performance hit is due to network latency-

When the server is under moderate or full load(with at least 8-10 requests under process), take 2 or 3 thread dumps with 30 seconds interval.

It is not appropriate to take thread dump when the server has negligible load and anlyze that as there may not be any in-process requests.

If you are not sure how to take thread dump, you can simply follow the following blog.

( Taking Thread Dumps From ColdFusion Server Programmatically )

Open the thread dump file:

Under moderate or full load server conditions, if you see more than 5-8% of running ColdFusion threads containing “WinNTFileSystem” in the thread’s stack trace –> It means that there is lot of time being spent in trying to resolve the application file paths.

Following are the sample threads having WinNTFileSystem in its dump.

"ajp-bio-8014-exec-6861" Id=13898 in RUNNABLE
 java.lang.Thread.State: RUNNABLE
 prio=5 blockedtime=28963 blockedcount=6819 waitedtime=421762 waitedcount=115
    at java.io.WinNTFileSystem.getBooleanAttributes(Native Method)
    at java.io.File.isFile(File.java:876)


"ajp-bio-8014-exec-6861" Id=13898 in RUNNABLE (running in native)
 java.lang.Thread.State: RUNNABLE
 prio=5 blockedtime=28961 blockedcount=6814 waitedtime=421762 waitedcount=115
    at java.io.WinNTFileSystem.canonicalize0(Native Method)
    at java.io.Win32FileSystem.canonicalize(Win32FileSystem.java:414)
    at java.io.File.getCanonicalPath(File.java:618)


(Note: ColdFusion threads can be identified by the name starting with "ajp-" )

For Example, if there are 50 threads with thread name starting "ajp-bio-" in the thread dump, if you see WinNTFileSystem in more than 2-3 threads, it is the time you start looking at minimizing the network latency.


Once you know there is latency, you would want to know how much is the latency when compared to the application existing locally.

Created a very basic network latency test program to validate this.

You can take the jar from here.

And run it from command prompt as follows:

> C:ColdFusion11jrebinjava -jar <Path of NetworkPathsTest.jar> <Network or Local Directory Path >

If the network path (Ex:- \orgserverd$) is accessible only to the ColdFusion service user, open command prompt as that user ( runas /user:<cfserviceaccount domainname>cfserviceusername CMD )



Path Arguments can be one or more. More Path arguments is a good measure to see the difference clearly.

C:ColdFusion11jrebinjava -jar C:ColdFusion11NetworkPathTest.jar \orgserverd$deploycfm

C:ColdFusion11jrebinjava -jar C:ColdFusion11NetworkPathTest.jar \orgserverd$deploycfm \orgserverd$deploycfmapi

Try the same paths keeping the content same on the local machine and see the time differences.

For the same paths on local and remote, the difference in time should not be exponential.

These tests are to be performed on your ColdFusion server machine.

Once you have validations and found any latencies, it is the time to call for network optimization expertise.



getHeaders – a new attribute in the cfexchangemail tag

With ColdFusion 11 Update 3, we have introduced a new parameter called “getHeaders”, in the “cfExchangeMail” tag. It accepts a boolean value. When set to true, cfExchangeMail returns a query with an additional “InternetHeader” column. This column contains a struct containing key-value pairs of the email-headers associated with each message.

Email message headers provide technical details about the message, such as who sent it, the software used to compose it, the version of the MIME protocol used by the sender etc. 

On Exchange 2010, the fields that are returned are: CC, Content-Transfer-Encoding, Content-Type, Date, From, MIME-Version, Message-ID, Received, Return-Path, Subject, To, X-MS-Exchange-Organization-AuthAs, X-MS-Exchange-Organization-AuthSource, X-Mailer.

You may reference this weblink for the detailed list of the fields and their description.

You can put this new feature to any good use that suites your purpose. I will dwell on one such use case below.

In MS Exchange 2010 and later, the “ToId” column in the retrieved messages query contains the primary email address of the sender. A primary email address can have multiple aliases. If you need to retrieve the email-alias the message was sent to, you can make use of this new attribute.

Here’s an example that demonstrates the usage the tag in the context of the use case discussed above:

<cfmail from=”#frm_usr_email#” to=”#to_usr_alias#” cc=”#cc_usr_alias#” subject=”#msg_sub#”  server= “#exchangeServerIP#” port = “25”>

———– testing mail to an alias address ————


<cfset sleep(5000)>

<cfexchangeConnection action=”open” username =”#to_usr#” password=”#password#” server=”#exchangeServerIP#” serverversion=”#version#” protocol=”#protocol#” connection=”excon”>

<cfexchangemail action=”get” name=”usr_msgs” connection=”excon” getheaders=true folder=”Inbox”>

<cfexchangefilter name=”fromID” value=’#frm_usr#’>

<cfexchangefilter name=”subject” value=”#msg_sub#”>


<cfif usr_msgs.recordcount GTE 1>

info from cfexchangemail fields:<br>

<cfloop query=”usr_msgs”>







info from cfexchangemail.internetHeaders fields:<br>

<cfloop query=”usr_msgs”>


#ReplaceList(usr_msgs.internetHeaders[“from”][1], “>,<“, “,”, “,”, “,”)#<br>

#ReplaceList(usr_msgs.internetHeaders[“to”][1], “>,<“, “,”, “,”, “,”)#<br>

#ReplaceList(usr_msgs.internetHeaders[“cc”][1], “>,<“, “,”, “,”, “,”)#<br>





You can reference the bugbase, for the enhancement request originally logged for this feature.

Taking Thread Dumps from ColdFusion Server Programmatically

Many times you would want to tweak the performance of the ColdFusion server or want to debug the bottlenecks that make the server unresponsive.

To analyze this, ideally you would want to have Thead dumps and Server memory snapshot(Heap Space, Eden Space, Survivor Space, Old Gen, Perm Gen).

While you can use JDK tools like jstack to get the dumps, it is tedious to install it and schedule the thread dumps.

So, programmatically thread dumps and memory snapshots are are triggered and can be configured as a scheduler task and can be triggered on-demand as well.

Download the following zip file and move it to the server where you want to take thread dumps.



This zip file contains two files. One is threaddump.jar file.

Place this file under: C:ColdFusion11cfusionwwwrootWEB-INFlib and restart the server for it to load.

And the other file is the cfm file takethreaddump.cfm where the call to ThreadDump class is made and the path where the dump content should be written.

By default it is dumped to the file #GetTempDirectory()#/threaddump<Day>-<Month>-<Year>.log

(Depending on the server location it translates similar to C:ColdFusion11cfusionruntimeworkCatalinalocalhosttmpthreaddump12-8-2015.log)

You can change this to any other convenient path in the cfm file.

You can call this cfm on-demand at point of time or configure a new scheduled task to schedule it at some interval.

More number of Thread dumps are more helpful for problem analysis. So, it is better to take at some interval.

On every new day, dump is rotated automatically to a new file name.