1.3.13.13 cfprocessingdirective. Buy-Adobe-Software.com is a great place to purchase Adobe ColdFusion and Adobe Flash Builder products. We also sell Adobe Platinum Support for all adobe products. We are an Authorized Adobe Reseller. Hi All, I want installer for ColdFusion 11 developer edition 64 bit. As usual I went to Adobe - ColdFusion Support Center: More Downloads, but it seems only ColdFusion (2016 release) - Developer Edition (Free) installer is there and for other version the add-on instillers are there. Currently we are utilizing ColdFusion 11 with the latest patch installed. We also using Oracle’s JDK 8 Update 192 JRE to keep ColdFusion JVM current with the latest java release. Due to Oracle posting the following information on their website (see below), we would like to know what is Adobe going to do in reference to the licensing issue.
Original author(s) | J. J. Allaire | ||||
---|---|---|---|---|---|
Developer(s) | Adobe Systems Incorporated | ||||
Initial release | 1995; 24 years ago | ||||
Stable release(s) | |||||
| |||||
Written in | Java | ||||
Operating system | Cross-platform | ||||
Available in | English | ||||
Type | Application server | ||||
License | Proprietary | ||||
Website | www.adobe.com/products/coldfusion-family.html |
Adobe ColdFusion is a commercial rapid web-application developmentplatform created by J. J. Allaire in 1995.[3] (The programming language used with that platform is also commonly called ColdFusion, though is more accurately known as CFML.) ColdFusion was originally designed to make it easier to connect simple HTML pages to a database. By version 2 (1996), it became a full platform that included an IDE in addition to a full scripting language.
- 1Overview
- 3Versions
- 5Features
- 5.2ColdFusion Components (Objects)
- 6Interactions with other programming languages
Overview[edit]
One of the distinguishing features of ColdFusion is its associated scripting language, ColdFusion Markup Language (CFML). CFML compares to the scripting components of ASP, JSP, and PHP in purpose and features, but its tag syntax more closely resembles HTML, while its script syntax resembles JavaScript. ColdFusion is often used synonymously with CFML, but there are additional CFML application servers besides ColdFusion, and ColdFusion supports programming languages other than CFML, such as server-side Actionscript and embedded scripts that can be written in a JavaScript-like language known as CFScript.
Originally a product of Allaire and released on July 2, 1995, ColdFusion was developed by brothers Joseph J. Allaire and Jeremy Allaire. In 2001 Allaire was acquired by Macromedia, which in turn was acquired by Adobe Systems Inc in 2005.
ColdFusion is most often used forMETHOD='Celsius2Fahrenheit'TEMP='#tempc#'RETURNVARIABLE='tempf'>[5])
Other implementations of CFML offer similar or enhanced functionality, such as running in a .NET environment or image manipulation.
The engine was written in C and featured, among other things, a built-in scripting language (CFScript), plugin modules written in Java, and a syntax very similar to HTML. The equivalent to an HTML element, a ColdFusion tag begins with the letters 'CF' followed by a name that is indicative of what the tag is interpreted to, in HTML. E.g. <cfoutput> to begin the output of variables or other content.
In addition to CFScript and plugins (as described), CFStudio provided a design platform with a WYSIWYG display. In addition to ColdFusion, CFStudio also supports syntax in other languages popular for backend programming, such as Perl. In addition to making backend functionality easily available to the non-programmer, (version 4.0 and forward in particular) integrated easily with the Apache Web Server and with Internet Information Services.
Other features[edit]
All versions of ColdFusion prior to 6.0 were written using Microsoft Visual C++. This meant that ColdFusion was largely limited to running on Microsoft Windows, although Allaire did successfully port ColdFusion to SunSolaris starting with version 3.1.
The Allaire company was sold to Macromedia, then Macromedia was sold to Adobe. Earlier versions were not as robust as the versions available from version 4.0 forward.[a fact or an opinion?]
With the release of ColdFusion MX 6.0, the engine had been re-written in Java and supported its own runtime environment, which was easily replaced through its configuration options with the runtime environment from Sun. Version 6.1 included the ability to code and debug Shockwave Flash.
Release history[edit]
- 1995-July-02: Allaire Cold Fusion version 1.0
- 1996: Allaire Cold Fusion version 1.5
- 1996-November: Allaire Cold Fusion version 2.0
- 1997-June: Allaire Cold Fusion version 3.0
- 1998-January: Allaire Cold Fusion version 3.1
- 1998-November: Allaire ColdFusion version 4.0 (space eliminated between Cold and Fusion to make it ColdFusion)
- 1999-November: Allaire ColdFusion version 4.5
- 2001-June: Macromedia ColdFusion version 5.0
- 2002-May: Macromedia ColdFusion MX version 6.0 (build 6,0,0,48097), Updater 1 (build 6,0,0,52311), Updater 2 (build 6,0,0,55693), Updater 3 (build 6,0,0,58500)
- 2003-July: Macromedia ColdFusion MX version 6.1 (build 6,1,0,63958), hot fix (6,1,0,xxxxx), Updater 1 (build 6,1,0,83762)
- 2005-February-07: Macromedia ColdFusion MX 7 (build 7,0,0,91690)
- 2005-September-27: Macromedia ColdFusion MX 7.0.1 (build 7,0,1,116466)
- 2006-June-28: Macromedia ColdFusion MX 7.0.2 (build 7,0,2,142559)
- 2007-July-30: Adobe ColdFusion 8 (build 8,0,0,176276)
- 2008-April-03: Adobe ColdFusion 8.0.1 (build 8,0,1,195765)
- 2009-October-05: Adobe ColdFusion 9 (build 9,0,0,251028)
- 2010-July-13: Adobe ColdFusion 9.0.1 (build 9,0,1,274733)
- 2012-May-15: Adobe ColdFusion 10 (build 10,0,0,282462)
- 2012-May-31: Adobe ColdFusion 9.0.2 (build 9,0,2,282541)
- 2012-August-31: Adobe ColdFusion 10 Update 1 (build 10,0,0,282462)
- 2012-September-11: Adobe ColdFusion 10 Update 2 (build 10,0,0,283111)
- 2012-October-16: Adobe ColdFusion 10 Update 3 (build 10,0,3,283145)
- 2012-November-02: Adobe ColdFusion 10 Update 4 (build 10,0,4,283281)
- 2012-November-19: Adobe ColdFusion 10 Update 5 (build 10,0,5,283319)
- 2012-December-11: Adobe ColdFusion 10 Update 6 (build 10,0,6,283435)
- 2013-January-15: Adobe ColdFusion 10 Update 7 (build 10,0,7,283649)
- 2013-February-27: Adobe ColdFusion 10 Update 8 (build 10,0,8,284032)
- 2013-Apr-10: Adobe ColdFusion 10 Update 9 (build 10,0,9,284568)
- 2013-May-14: Adobe ColdFusion 10 Update 10 (build 10,0,10,284825)
- 2013-July-09: Adobe ColdFusion 10 Update 11 (build 10,0,11,285437)
- 2013-November-12: Adobe ColdFusion 10 Update 12 (build 10,0,12,286680)
- 2013-November-21: Adobe ColdFusion 10 Mandatory Update (build 10,283922) - Not needed if you already have Update 8 or later installed.
- 2014-January-10: Adobe ColdFusion 10 Update 13 (build 10,0,13,287689)
- 2014-October-14: Adobe ColdFusion 10 Update 14[6]
- 2014-December-9: Adobe ColdFusion 10 Update 15 (build 10,0,15,292620)[7]
- 2014-April-29: Adobe ColdFusion 11 (build 11,0,0,289822)
- 2014-September-22: Adobe ColdFusion 11 Update 1[8]
- 2014-October-14: Adobe ColdFusion 11 Update 2[9]
- 2014-December-9: Adobe ColdFusion 11 Update 3[10]
- 2015-November-17: Adobe ColdFusion 11 Update 7[11]
- 2016-February-16: Adobe ColdFusion (2016 release) (build 2016,0,0,297996)
- 2016-May-10: Adobe ColdFusion 11 Update 8[12]
- 2016-May-10: Adobe ColdFusion 2016 Update 1[13]
- 2016-June-14: Adobe ColdFusion 11 Update 9[14]
- 2016-June-14: Adobe ColdFusion 2016 Update 2[15]
- 2016-August-30: Adobe ColdFusion 11 Update 10[16]
- 2016-October-7: Adobe ColdFusion 2016 Update 3[17]
- 2016-December-20: Adobe ColdFusion 11 Update 11[18]
- 2017-April-25: Adobe ColdFusion 11 Update 12[19]
- 2017-April-25: Adobe ColdFusion 2016 Update 4[20]
- 2017-September-12: Adobe ColdFusion 11 Update 13[21]
- 2017-September-12: Adobe ColdFusion 2016 Update 5[22]
- 2018-April-10: Adobe ColdFusion 11 Update 14[23]
- 2018-April-10: Adobe ColdFusion 2016 Update 6[24]
- 2018-July-12: Adobe ColdFusion (2018 Release) (2018.0.0.310739)[25]
Versions[edit]
Cold Fusion 3.1[edit]
Version 3.1 brought about a port to the Sun Solaris operating system. Cold Fusion studio gained a live page preview and HTML syntax checker.
ColdFusion 4[edit]
'Cold Fusion' moniker renamed simply as 'ColdFusion' - possibly to distinguish it from Cold fusion theory.
ColdFusion 4.5[edit]
Version 4.5 brought the ability to natively invoke Java objects, execute system commands, and talk directly to a Java EE server.
ColdFusion 5[edit]
First release from Macromedia after the Allaire Corporation acquisition. The last to be legacy coded for a specific platform.
On January 16, 2001, Allaire announced a pending merger with Macromedia. Macromedia continued its development and released the product under the name ColdFusion 5.0. It retained the name 'ColdFusion' through the remainder of version 5 releases.
ColdFusion MX 6[edit]
Prior to 2000, Edwin Smith, an Allaire architect on JRun and later the Flash Player, initiated a project codenamed 'Neo'.[26] This project was later revealed as a ColdFusion Server re-written completely using Java. This made portability easier and provided a layer of security on the server, because it ran inside a Java Runtime Environment.
In June 2002 Macromedia released the version 6.0 product under a slightly different name, ColdFusion MX, allowing the product to be associated with both the Macromedia brand and its original branding. ColdFusion MX was completely rebuilt from the ground up and was based on the Java EE platform. ColdFusion MX was also designed to integrate well with Macromedia Flash using Flash Remoting.
With the release of ColdFusion MX, the CFML language API was released with an OOP interface.
ColdFusion MX 7[edit]
With the release of ColdFusion 7.0 on February 7, 2005, the naming convention was amended, rendering the product name 'Macromedia ColdFusion MX 7' (the codename for CFMX7 was 'Blackstone'). CFMX 7 added Flash-based and XForms-based web forms, and a report builder that output in Adobe PDF as well as FlashPaper, RTF and Excel. The Adobe PDF output is also available as a wrapper to any HTML page, converting that page to a quality printable document. The enterprise edition also added Gateways. These provide interaction with non-HTTP request services such as IM Services, SMS, Directory Watchers, and an asynchronous execution. XML support was boosted in this version to include native schema checking.
ColdFusion MX 7.0.1 (codename 'Merrimack') added support for Mac OS X, improvements to Flash forms, RTF support for CFReport, the new CFCPRoxy feature for Java/CFC integration, and more. ColdFusion MX 7.0.2 (codenamed 'Mystic') included advanced features for working with Adobe Flex 2 as well as more improvements for the CF Report Builder.
Adobe ColdFusion 8[edit]
On July 30, 2007, Adobe Systems released ColdFusion 8, dropping 'MX' from its name.[27] During beta testing the codename used was 'Scorpio' (the eighth sign of the zodiac and the eighth iteration of ColdFusion as a commercial product). More than 14,000 developers worldwide were active in the beta process - many more testers than the 5,000 Adobe Systems originally expected. The ColdFusion development team consisted of developers based in Newton/Boston, Massachusetts and offshore in Bangalore, India.
Some of the new features are the CFPDFFORM tag, which enables integration with Adobe Acrobat forms, some image manipulation functions, Microsoft .NET integration, and the CFPRESENTATION tag, which allows the creation of dynamic presentations using Adobe Acrobat Connect, the Web-based collaboration solution formerly known as Macromedia Breeze. In addition, the ColdFusion Administrator for the Enterprise version ships with built-in server monitoring. ColdFusion 8 is available on several operating systems including Linux, Mac OS X and Windows Server 2003.
Other additions to ColdFusion 8 are built-in Ajax widgets, file archive manipulation (CFZIP), Microsoft Exchange server integration (CFEXCHANGE), image manipulation including automatic CAPTCHA generation (CFIMAGE), multi-threading, per-application settings, Atom and RSS feeds, reporting enhancements, stronger encryption libraries, array and structure improvements, improved database interaction, extensive performance improvements, PDF manipulation and merging capabilities (CFPDF), interactive debugging, embedded database support with Apache Derby, and a more ECMAScript compliant CFSCRIPT.
For development of ColdFusion applications, several tools are available: primarily Adobe Dreamweaver CS4, Macromedia HomeSite 5.x, CFEclipse, Eclipse and others. 'Tag updaters' are available for these applications to update their support for the new ColdFusion 8 features.
Adobe ColdFusion 9[edit]
ColdFusion 9 (Codenamed: Centaur) was released on October 5, 2009. New features for CF9 include:
- Ability to code ColdFusion Components (CFCs) entirely in CFScript.
- An explicit 'local' scope that does not require local variables to be declared at the top of the function.
- Implicit getters/setters for CFC.
- Implicit constructors via method called 'init' or method with same name as CFC.
- New CFFinally tag for Exception handling syntax and CFContinue tag for Control flow.
- Object-relational mapping (ORM) Database integration through Hibernate (Java).
- Server.cfc file with onServerStart and onServerEnd methods.
- Tighter integration with Adobe Flex and Adobe AIR.
- Integration with key Microsoft products including Word, Excel, SharePoint, Exchange, and PowerPoint.
- In Memory Management - or Virtual File System: an ability to treat content in memory as opposed to using the HDD.
- Exposed as Services - an ability to access, securely, functions of the server externally.
Adobe ColdFusion 10[edit]
ColdFusion 10 (Codenamed: Zeus) was released on May 15, 2012. New or improved features available in all editions (Standard, Enterprise, and Developer) include (but are not limited to):
- Security enhancements
- Hotfix installer and notification
- Improved scheduler (based on a version of quartz)
- Improved web services support (WSDL 2.0, SOAP 1.2)
- Support for HTML5 web sockets
- Tomcat integration
- Support for RESTful web services
- Language enhancements (closures, and more)
- Search integration with Apache Solr
- HTML5 video player and Adobe Flash Player
- Flex and Adobe AIR lazy loading
- XPath integration
- HTML5 enhancements
Additional new or improved features in ColdFusion Enterprise or Developer editions include (but are not limited to):
- Dynamic and interactive HTML5 charting
- Improved and revamped scheduler (additional features over what is added in CF10 Standard)
- Object relational mapping enhancements
The lists above were obtained from the Adobe web site pages describing 'new features', as listed first in the links in the following list.
CF10 was originally referred to by the codename Zeus, after first being confirmed as coming by Adobe at Adobe MAX 2010, and during much of its prerelease period. It was also commonly referred to as 'ColdFusion next' and 'ColdFusion X' in blogs, on Twitter, etc., before Adobe finally confirmed it would be 'ColdFusion 10'. For much of 2010, ColdFusion Product Manager Adam Lehman toured the US setting up countless meetings with customers, developers, and user groups to formulate a master blueprint for the next feature set. In September 2010, he presented the plans to Adobe where they were given full support and approval by upper management.[28]
The first public beta of ColdFusion 10 was released via Adobe Labs on 17 February 2012.
Adobe ColdFusion 11[edit]
ColdFusion 11 (Codenamed: Splendor) was released on April 29, 2014.
New or improved features available in all editions (Standard, Enterprise, and Developer) include:
- End-to-end mobile development
- A new lightweight edition (ColdFusion Express)
- Language enhancements
- WebSocket enhancements
- PDF generation enhancements
- Security enhancements
- Social enhancements
- REST enhancements
- Charting enhancements
- Compression enhancements
ColdFusion 11 also removed many features previously identified simply as 'deprecated' or no longer supported in earlier releases. For example, the CFLOG tag long offered date and time attributes which were deprecated (and redundant, as the date and time is always logged). As of CF11, their use would not cause the CFLOG tag to fail.
Adobe ColdFusion (2016 release)[edit]
Adobe ColdFusion (2016 release), Codenamed: Raijin (and also known generically as ColdFusion 2016) was released on February 16, 2016.
New or improved features available in all editions (Standard, Enterprise, and Developer) include:
- Language enhancements
- Command Line Interface (CLI)
- PDF generation enhancements
- Security enhancements
- External session storage (Redis)
- Swagger document generation
- NTLM support
- API Manager
Adobe ColdFusion 2018[edit]
Adobe ColdFusion (2018 release), known generically as ColdFusion 2018, was released on July 12, 2018. [29] ColdFusion 2018 was codenamed Aether during prerelease.[30]
Adobe Coldfusion Version History
New or improved features available in all editions (Standard, Enterprise, and Developer) include[31]:
- Language enhancements (including NULL, abstract classes and methods, covariants and finals, closures in tags, and more)
- Asynchronous programming, using Futures
- Command line REPL
- Auto lockdown capability
- Distributed cache support (Redis, memcached, JCS)
- REST playground capability
- Modernized Admin UI
- Performance Monitoring Toolset
Development roadmap[edit]
On August 13, 2012 Adobe announced the new Roadmap for ColdFusion including the code names, 'Splendor', 'Thunder' and 'Dazzle', for the next two release versions.[32] Adobe announced new features for ColdFusion including (but not limited to); Mobile - Streamlined Mobile Application Development, Revamped and new PDF functionalities, Enabling Enterprise to easily integrate with Social Media Streams, Enterprise mobility, Support for responsive multi screen content, Digital Marketing – Web, Mobile & Social Analytics and Customizable Enterprise Video Portal. Adobe also announced in the same Roadmap upcoming cloud enhancements. The Roadmap projects ColdFusion development out to the year 2021.
Coldfusion 11 Download
Features[edit]
PDF generation[edit]
ColdFusion can generate PDF documents using standard HTML (i.e. no additional coding is needed to generate documents for print). CFML authors place HTML and CSS within a pair of cfdocument tags (or new in ColdFusion 11, cfhtmltopdf tags). The generated document can then either be saved to disk or sent to the client's browser. ColdFusion 8 introduced also the cfpdf tag to allow for control over PDF documents including PDF forms, and merging of PDFs. These tags however do not use Adobe's PDF engine but cfdocument uses a combination of the commercial JPedal Java PDF library and the free and open source Java library iText, and cfhtmltopdf uses an embedded WebKit implementation.[33]
ColdFusion Components (Objects)[edit]
ColdFusion was originally not an object-oriented programming language like PHP versions 3 and below. ColdFusion falls into the category of OO languages that do not support multiple inheritance (along with Java, Smalltalk, etc.).[34] With the MX release (6+), ColdFusion introduced basic OO functionality with the component language construct which resembles classes in OO languages. Each component may contain any number of properties and methods. One component may also extend another (Inheritance). Components only support single inheritance. Object handling feature set and performance enhancing has occurred with subsequent releases. With the release of ColdFusion 8, Java-style interfaces are supported. ColdFusion components use the file extension cfc to differentiate them from ColdFusion templates (.cfm).
Remoting[edit]
Component methods may be made available as web services with no additional coding and configuration. All that is required is for a method's access to be declared 'remote'. ColdFusion automatically generates a WSDL at the URL for the component in this manner: http://path/to/components/Component.cfc?wsdl. Aside from SOAP, the services are offered in Flash Remoting binary format.
Methods which are declared remote may also be invoked via an HTTP GET or POST request. Consider the GET request as shown.
This will invoke the component's search function, passing 'your query' and 'strict' as arguments.
This type of invocation is well-suited for Ajax-enabled applications. ColdFusion 8 introduced the ability to serialize ColdFusion data structures to JSON for consumption on the client.
The ColdFusion server will automatically generate documentation for a component if you navigate to its URL and insert the appropriate code within the component's declarations. This is an application of component introspection, available to developers of ColdFusion components. Access to a component's documentation requires a password. A developer can view the documentation for all components known to the ColdFusion server by navigating to the ColdFusion URL. This interface resembles the Javadoc HTML documentation for Java classes.
Custom Tags[edit]
ColdFusion provides several ways to implement custom markup language tags, i.e. those not included in the core ColdFusion language. These are especially useful for providing a familiar interface for web designers and content authors familiar with HTML but not imperative programming.
The traditional and most common way is using CFML. A standard CFML page can be interpreted as a tag, with the tag name corresponding to the file name prefixed with 'cf_'. For example, the file IMAP.cfm can be used as the tag 'cf_imap'. Attributes used within the tag are available in the ATTRIBUTES scope of the tag implementation page. CFML pages are accessible in the same directory as the calling page, via a special directory in the ColdFusion web application, or via a CFIMPORT tag in the calling page. The latter method does not necessarily require the 'cf_' prefix for the tag name.
A second way is the developments of CFX tags using Java or C++. CFX tags are prefixed with 'cfx_', for example 'cfx_imap'. Tags are added to the ColdFusion runtime environment using the ColdFusion administrator, where JAR or DLL files are registered as custom tags.
Finally, ColdFusion supports JSP tag libraries from the JSP 2.0 language specification. JSP tags are included in CFML pages using the CFIMPORT tag.
Interactions with other programming languages[edit]
ColdFusion and Java[edit]
Adobe Coldfusion 11 Tutorials Setup Part 2
The standard ColdFusion installation allows the deployment of ColdFusion as a WAR file or EAR file for deployment to standalone application servers, such as Macromedia JRun, and IBM WebSphere. ColdFusion can also be deployed to servlet containers such as Apache Tomcat and Mortbay Jetty, but because these platforms do not officially support ColdFusion, they leave many of its features inaccessible. As of ColdFusion 10 Macromedia JRun was replaced by Apache Tomcat.
Because ColdFusion is a Java EE application, ColdFusion code can be mixed with Java classes to create a variety of applications and use existing Java libraries. ColdFusion has access to all underlying Java classes, supports JSP custom tag libraries, and can access JSP functions after retrieving the JSP page context (GetPageContext()).
Prior to ColdFusion 7.0.1, ColdFusion components could only be used by Java or .NET by declaring them as web services. However, beginning in ColdFusion MX 7.0.1, ColdFusion components can now be used directly within Java classes using the CFCProxy class.[35]
Recently, there has been much interest in Java development using alternate languages such as Jython, Groovy and JRuby. ColdFusion was one of the first scripting platforms to allow this style of Java development.
ColdFusion and .NET[edit]
ColdFusion 8 natively supports .NET within the CFML syntax. ColdFusion developers can simply call any .NET assembly without needing to recompile or alter the assemblies in any way. Data types are automatically translated between ColdFusion and .NET (example: .NET DataTable → ColdFusion Query).
A unique feature for a Java EE vendor, ColdFusion 8 offers the ability to access .NET Assemblies remotely through proxy (without the use of .NET Remoting). This allows ColdFusion users to leverage .NET without having to be installed on a Windows operating system.
Acronyms[edit]
The acronym for the ColdFusion Markup Language is CFML. When ColdFusion templates are saved to disk, they are traditionally given the extension .cfm or .cfml. The .cfc extension is used for ColdFusion Components. The original extension was DBM or DBML, which stood for Database Markup Language. When talking about ColdFusion, most users use the acronym CF and this is used for numerous ColdFusion resources such as user groups (CFUGs) and sites.
CFMX is the common abbreviation for ColdFusion versions 6 and 7 (a.k.a. ColdFusion MX).
Alternative server environments[edit]
ColdFusion originated as proprietary technology based on Web technology industry standards. However, it is becoming a less closed technology through the availability of competing products. Such alternative products include (in alphabetical order):
- BlueDragon - Proprietary .NET-based CFML Engine and Free Open Source Java-based CFML Engine (Open BlueDragon).
- Coral Web Builder
- OpenBD - OpenBD is the world's first truly open source and free GPL Java CFML runtime.
- Lucee - Free, open source CFML Engine forked from Railo. Lucee's aim is to provide the functionality of CFML using less resources and giving better performance and to move CFML past its roots and into a modern and dynamic web programming platform. Lucee is backed by community supporters and members of the Lucee Association.
- Railo - Free, Open Source CFML Engine. It comes in three main product editions, and other versions.
The argument can be made that ColdFusion is even less platform-bound than raw Java EE or .NET, simply because ColdFusion will run on top of a .NET app server (New Atlanta), or on top of any servlet container or Java EE application server (JRun, WebSphere, JBoss, Geronimo, Tomcat, Resin Server, Jetty (web server), etc.). In theory, a ColdFusion application could be moved unchanged from a Java EE application server to a .NET application server.
Vulnerabilities[edit]
In March 2013, a known issue affecting ColdFusion 8, 9 and 10 left the National Vulnerability Database open to attack.[36] The vulnerability had been identified and a patch released by Adobe for CF9 and CF10 in January.[37]
In April 2013, a ColdFusion vulnerability was blamed by Linode for an intrusion into the Linode Manager control panel website.[38] A security bulletin and hotfix for this had been issued by Adobe a week earlier.[39]
In May 2013, Adobe identified another critical vulnerability, reportedly already being exploited in the wild, which targets all recent versions of ColdFusion on any servers where the web-based administrator and API have not been locked down. The vulnerability allows unauthorized users to upload malicious scripts and potentially gain full control over the server.[40] A security bulletin and hotfix for this was issued by Adobe 6 days later.[41]
In April 2015 there was reported a Cross-site scripting (XSS) vulnerability[42]in Adobe ColdFusion 10 before Update 16, and in ColdFusion 11 before Update 5,that allowed remote attackers to inject arbitrary web script or HTML;[43] however, it's exploitable only by users who have authenticated through the administration panel.[44]
In September 2019 there was reported two flaws in cold fusion.Command injection vulnerability, stemming from a vulnerable component (CVE-2019-8073) that could enable arbitrary code undertaking; and a alleyway traversal vulnerability(CVE-2019-8074) that could own going on an attacker to bypass entry manage.
See also[edit]
- Adobe ColdFusion Builder - Builder Software
References[edit]
- ^'Release notes for Adobe ColdFusion 2018'. Adobe ColdFusion 2018 Updates. Retrieved June 26, 2019.
- ^'Release notes for Adobe ColdFusion 2016'. Adobe ColdFusion 2016 Updates. Retrieved June 26, 2019.
- ^
- Wallack, Todd (January 23, 1999). 'Allaire sees stellar market debut'. Boston Herald. Archived from the original on November 2, 2015. Retrieved 2015-11-02.
- Metz, Cade (October 9, 2014). 'Beef up your browser'. PC Mag. Retrieved 2015-11-02.
- Auerbach, Jon; Kerber, Ross (January 30, 1998). 'Massachusetts Rises Despite Passing of High-Tech Giants'. Wall Street Journal. Retrieved 2015-11-02.
- Hilwa, Al (January 2015). 'Turning Up the Heat on Mobile Application Development with ColdFusion 11'(PDF). IDC White Paper. Retrieved 2015-11-02.
- ^Consuming a Web Service in ASP.NET TutorialArchived December 23, 2008, at the Wayback Machine. Digital Colony (2007-08-23). Retrieved on 2013-07-21.
- ^[1]Archived July 20, 2006, at the Wayback Machine
- ^'ColdFusion 10 Update 14'.
- ^'ColdFusion 10 Update 15'.
- ^'ColdFusion 11 Update 1'.
- ^'ColdFusion 11 Update 2'.
- ^'ColdFusion 11 Update 3'.
- ^'ColdFusion 11 Update 7'.
- ^'ColdFusion 11 Update 8'.
- ^'ColdFusion 2016 Update 1'.
- ^'ColdFusion 11 Update 9'.
- ^'ColdFusion 2016 Update 2'.
- ^'ColdFusion 11 Update 10'.
- ^'ColdFusion 2016 Update 3'.
- ^'ColdFusion 11 Update 11'.
- ^'ColdFusion 11 Update 12'.
- ^'ColdFusion 2016 Update 4'.
- ^'ColdFusion 11 Update 13'.
- ^'ColdFusion 2016 Update'.
- ^'ColdFusion 11 Update 14'.
- ^'ColdFusion 2016 Update 6'.
- ^'ColdFusion 2018 Release'.
- ^ColdFusion's 10th Birthday Party
- ^'Adobe Ships ColdFusion 8'. Adobe Systems Incorporated. 2007-07-30.
- ^'Adrocknaphobia - 'The Modern age of ColdFusion''. Archived from the original on 2011-06-15. Retrieved 2012-12-28.
- ^'New ColdFusion Release Adds Performance Monitoring Toolset for Measuring, Monitoring and Managing High-Performing Web Apps'. Adobe Systems Incorporated. 2018-07-12.
- ^'Code names for ColdFusion server and ColdFusion Builder » Adobe ColdFusion Blog'.
- ^'ColdFusion 2018 Features'. Adobe Systems Incorporated.
- ^https://web.archive.org/web/20140801152454/http://blogs.coldfusion.com/assets/content/roadmap/ColdFusionRoadMap.pdf
- ^'PDF Generation in ColdFusion'. Adobe.
- ^'Ramblings of an Internet MoFo'.
- ^'Using the CFC Proxy'.
- ^Cloud; Aws; Amazon; Microsoft; Google; cloud, SHOCK and AWS: The fall of Amazon's deflationary; Put down that Oracle database patch: It could cost $23, 000 per CPU; Sales, Amazon Reveals One Weird Trick: A. Loss On Almost $20bn In. 'Downed US vuln catalog infected for at least TWO MONTHS'.
- ^Security Advisories: APSA13-01 - Security Advisory for ColdFusion. Adobe. Retrieved on 2013-07-21.
- ^'Linode Blog » Security incident update'.
- ^Adobe – Security Bulletins: APSB13-10 – Security update: Hotfix available for ColdFusion. Adobe.com. Retrieved on 2013-07-21.
- ^
- 0-Day Exploit for ColdFusion | Edge Web HostingEdge Web Hosting. Blog.edgewebhosting.net (2013-05-08). Retrieved on 2013-07-21.
- 'Adobe - Security Advisories: APSA13-03 - Security Advisory for ColdFusion'.
- ^'Adobe - Security Bulletins: APSB13-13 - Security update: Hotfix available for ColdFusion'.
- ^'Adobe Unscheduled Update Fixes Critical ColdFusion Flaws(CVE-2019-8072)'.
- ^NIST National Vulnerability Database. 'National Cyber Awareness System: Vulnerability Summary for CVE-2015-0345'. Retrieved 2015-08-31.
- ^Shubham Shah. 'ColdFusion Bomb: A Chain Reaction From XSS to RCE'. Retrieved 2015-08-31.
External links[edit]
Wikibooks has a book on the topic of: Programming:ColdFusion |
Adobe Coldfusion 11 Enterprise
- Official website