Womp womp.   You might want to encourage him to start one, for future auditing as well as general problem solving.   ... View more

Please don't implement that solution until you can accurately describe the problem you're having. If you're not having a problem, don't do anything!   First, this response is marked as the correct answer. I don't know who did that, but what question does it answer? The CFCONTENT tag works well enough for most uses. Have you encountered a problem with CFCONTENT?   Second, there's at least one error in your message. The IIS response buffer just buffers the response - the communication between IIS and the browser. If you're using IIS exclusively to serve a CF application, you almost certainly don't need to worry about the default IIS setting.   Third, none of your proposed solution has anything to do with IIS response buffering. In fact, I think you'd need to keep IIS response buffering disabled to get any value from your solution.   Fourth - and don't take this the wrong way - a lot of your messages in this thread have a bad AI smell. There's nothing wrong with using AI to help answer questions or learn something, but you don't want to use an AI solution without understanding the code it gives you, and without understanding your problem.   ... View more

I seem to recall you're in a restricted environment and have to wait for your administrator a lot. Is there a run book you can access and share?   ... View more

Why does it seem it could be a serious issue, or any issue at all? It's sort of common* to set it to zero if you're using IIS with PHP via FastCGI, and IIS buffered output could cause problems rendering dynamic content if you have, say, short amounts of text to output.   * "sort of" in the sense that it's pretty rare to run PHP apps on IIS   ... View more

I'd investigate further. This isn't something CF does automatically to arbitrary hosts, I think - someone please correct me if I'm wrong about that - but it's conceivably something your CF developers might do. What's the DNS name of the IP address?   ... View more

You might try sending an email to cfsup@adobe.com.   ... View more

I vaguely recall hearing about occasionally needing to delete the contents of felix-cache and restarting CF to use newly-added packages.   ... View more

The "ColdFusion and the underlying (Tomcat/Jetty) servlet container may use ports different from 80 and 443." really does make the story make sense.  As stated earlier, we are running a scheduled task (on each of the 6 instances) every 30 seconds.  That task then does in fact make a cfhttp call to yet another module.  It certainly does explain the AMOUNT of sockets.  I'm just curious as to why they remain established.  The whole routing that the scheduled task is calling returns immediately (not some long running process). Well, not really. I mean, you may well have too many CFHTTP requests. But so far, I haven't seen any indication of them in this thread.   First, if you're using different ports, you'd be the first one to know! CFHTTP, like any HTTP client, automatically expects you're using the standard ports. If you're not, you'd have to specify that right in the CFHTTP tag. When you use your browser to connect to, say, www.adobe.com, you don't have to specify TCP/80 (for plaintext HTTP) or TCP/443 (for HTTPS). It automatically opens a connection to the appropriate port and sends whatever it's supposed to send, something like this:   GET /path/to/resource HTTP/1.1 Host: www.adobe.com User-Agent: ... Accept: ... Accept-Language: ...   Now, if you're using a non-standard port, the client has to know what that port is:   <cfhttp url="https://www.whatever.com:8080/ ...>   It's simply not possible for an HTTP client to find an unknown non-standard port, you need to tell it what the port is.   Also, on an unrelated note, a CF application uses TCP internally for a lot of things. A LOT. I have no idea whether they'd all show up as TCP connections from coldfusion.exe (arbitrary client port) to coldfusion.exe (arbitrary server port) because, until now, I didn't have to worry about it. I'm answering from the world's slowest computer so it's hard for me to look too deeply into it, but I started three CF 2018 services: ColdFusion 2018 Application Server ColdFusion 2018 ODBC Agent ColdFusion 2018 ODBC then, without doing anything else, I went to TCPView, which is basically a GUI for netstat with some extra features, available as part of Sysinternals here:   https://learn.microsoft.com/en-us/sysinternals/downloads/tcpview   I used that instead of netstat because I couldn't figure out how to see just entries with coldfusion.exe in the name. (If anyone knows how, let me know!) Anyway, with no CFHTTP tags - or any other code - running, I had quite a few of these established connections.     I don't know what they are, but I can make some guesses. I stopped the ODBC Agent and ODBC Server services and retried this, and got the same thing.   So, again, while you may have a problem with coldfusion.exe making too many connections and while that may be caused by too many CFHTTP tags, these aren't it. My not-so-educated guess is that it's related to database connections, but I have no databases (or applications) against which to test. You could try disabling "Maintain Connections" in your test environment for all of your databases to see if that helps.   ... View more

2. The connections occur as two-way ESTABLISHED TCP pairs (for example, 51139 <==> 51140): This indicates that duplex communication is happening internally (that is, probably an actual HTTP call rather than some passive listener). This only happens if the same process is opening a client and a server socket. Which is exactly what happens when ColdFusion makes a local HTTP request. Yet another clue pointing to HTTP calls. I respectfully disagree. While there may be too many HTTP requests, these aren't HTTP requests. HTTP, like most services, usually relies on established, well-known ports (TCP/80 for HTTP, TCP/443 for HTTPS in most cases). While it's possible to specify non-standard ports, they're usually going to be in the range of registered ports (1024-49151). And, while I'm less sure about this part, I think it's unlikely you'd have an exact amount of established connections for HTTP/HTTPS connections and their clients even with CFHTTP. There's always going to be a pattern of the client trying to make a connection without finding an open server port, or an open server port waiting for a client, etc.   I hope all that makes sense, and doesn't slow down the diagnostic process too much.   ... View more

The only thing I did different, which was strongly against my will, is to uncheck "Maintain Connections". This is good, from a diagnostic perspective. It tells you that your JDBC connection pool is causing the error, probably from having too many concurrent connections open. If you're not the Oracle DBA, you might want to ask what's the recommended setting for this DB.   Of course, it's not a great permanent solution. But you might find the recommended setting for your environment is much lower than expected. You could start with, say, 20, then test that. If it works ok, try 40, then maybe 60. I've never used a higher max connection pool value than that with Oracle - although it's been a while since I've worked with Oracle. Or, maybe @BKBK gave a good minimum value and you could use that. Try it out, if you can!   ... View more

If you don't know what's in there, you should be able to check yourself and decide what to do. My other answer, posted a few seconds ago, might be more helpful.   ... View more

but, if someone were to manually alter the link to xxx.com/company/?company_id=true the page invokes the function, getCompany with company_id=#url.company_id# the function returns a record where company_id=1   Well, there's your problem right there! Look, it's nice you have CFQUERYPARAM to tell the database what types it should expect. But that's not intended to replace all validation in your code.   You should have something basically like this:   <cfif isValid("integer", url.company_id)> ... do all your other stuff, including your queries ... <cfelse> ... report the problem ... </cfif>   ... or, better yet, use CFTRY/CFCATCH/CFTHROW: https://helpx.adobe.com/coldfusion/developing-applications/the-cfml-programming-language/extending-coldfusion-pages-with-cfml-scripting/handling-exceptions.html   Note: my CF skills are a bit rusty, there are a lot of CF versions out there, and I'm not sure whether isValid will work for you. You might want to look at this: https://stackoverflow.com/questions/46124664/best-way-to-check-if-value-is-integer-coldfusion-9   Anyway, wrap your entire page/function/whatever in some conditional or error handling logic before you get to your CFQUERY.   ... View more

I wouldn't go so far as to say this is the intended behavior, but it's unsurprising. While CFQUERYPARAM requires a strict type for DB parameter validation, that's really only used by the DB. CFML itself is very loosely typed. So, if you happen to have a Boolean value where you think you should have an integer value, that Boolean value will automatically be converted to integer if it fits. And that's what's happening here! CFML is like a cat: "if it fits, I sits". In CFML, the fact that Boolean values are often expressed as if they were strings makes all this a bit more complicated, too.   The way around this is to not use Boolean values when you want integer values. The programmer should know which is which.   ... View more

Like @BKBK recommended, you should definitely share your code. In addition to that, you should provide some additional details. What got upgraded exactly? What errors are you seeing? What version of CF is covered by your book? Basically, any information you can provide may help us help you.   ... View more

Yeah, you're going to need to contact cfsup at adobe.com and file a bug in tracker.adobe.com.   ... View more

I enjoyed learning the stack, but I wouldn't want to do it today. Everything is more complicated. I recently worked on a (non-CF) project for a large org without any sensitive info or authentication that involved a dedicated cloud vendor and a top-tier CDN ... and still, STILL there were problems. I think that between the three teams - us as the contractors, the cloud vendor, the CDN vendor - we had probably ten people regularly involved. Yecch. When I started, it was a lot different, that's for sure.   ... View more

So, I'm just following up here, and am not an expert with VFS in ColdFusion. @BKBK noted that it looked like you had it enabled, because the last line of your error dump references it. But this file path is not using VFS, which had me scratching my head. My guess would be that @BKBK is right and that the CF user account doesn't have permissions to read and write to it. By default, the CF user account is actually a security context, LocalSystem or SYSTEM, that has full privileges to the local machine but absolutely no privilege to network resources at all. So, check that out in your Services control panel. I'm not sure why VFS is coming up here, but it's in your error message.   ... View more

@Charlie Arehart or @BKBK might be able to help you all out, but sometimes @mattf48248714 's solution is the best one: don't use CF for everything, let some dedicated service figure it out. CF has to provide a solution for everything. That solution might not do all the stuff you want. It might be discontinued, leaving you legacy code you need to rewrite. Sometimes it's best to learn additional new solutions and pick the best tool for the job, even if it's more work. I'm reminded of all the middling-quality CF-JavaScript integrations that depended on the Yahoo! YUI libraries ... which have been discontinued for a while. Anyway, I think websockets are complicated enough that they might warrant a separate product just for themselves if you can get it.   @Michael_Evolve , going back to your specific problem, I can pick up some potential problems. First, the words "concurrent users" are going to mean different things when you talk about HTTP/1.1 vs websockets, where you essentially have "always-on" connections. Second, sending all messages to all users instead of just their intended recipients is likely to cause issues, I think. I'd try to retrofit that to your CF websockets implementation if you can. If you can't, and no one can help you, maybe take a look at this library, which serves - and I quote - a "metric buttload" of websockets:   https://github.com/uNetworking/uWebSockets.js       ... View more

Do you have anything like Microsoft SQL Server running on the same machine? You might have to add the DependOnService registry value to these services so they don't stumble over each other.   Also, out of curiosity, are you using ODBC from ColdFusion? This is pretty rare nowadays. Usually, you can connect with JDBC directly and see better performance - not always, though.   ... View more

You should post the solution and mark it as the correct answer, if you have time.   ... View more

I'm not sure how you do this on a Mac exactly, but you need to install it with administration privileges. I think you do that with xattr, but you might need some additional switches. See if this helps:   https://community.jamf.com/t5/jamf-pro/need-help-with-xattr-command/m-p/262044   ... View more

I find it really difficult to believe that this behavior is caused by a CF patch, since you're still getting the appropriate response from the server. Try a different browser and see what happens.   ... View more

This is a long shot, but do you think you might have run out of space in your Azure container while making all these changes? It's weird that it worked intermittently.   ... View more

The migration should be smooth, unless you're doing something wacky in your CFML code that's not supported in Lucee. I don't do a lot with shared hosting so can't help you there. It seems like the best value proposition is when you're doing your own hosting - either on-premises or cloud - because you'll get the direct benefit of not having to pay for licensing. (I assume Lucee is free and open source, I could be wrong.)   Note that proprietary licensing does provide its own value in some cases, and might be a requirement in some situations. I suspect it would be difficult to get FedRAMP certification with an open-source product where you can't identify and protect the supply chain, for example. Also, support can be helpful.   ... View more

Thanks, @xfreeman89x !   Hey, @dwaynea8754223 , I also marked Salvatore's answer as correct. It seemed to work! If you have no objection, you might try this approach instead of creating a jvm.config entry.   ... View more

That sounds like a better solution, if it works. Let us know, thanks!   ... View more

Ugh. I recommend opening a support ticket at https://tracker.adobe.com/. Sorry.   ... View more

This is a difficult concept for me. I'm not sure I recall it exactly, but my recollection is that the CFLOCK tag in general doesn't lock the code within it. Instead, it only tells the application not to execute this code if other blocks of code with the same CFLOCK identifier are already running AND if this CFLOCK has TYPE="EXCLUSIVE". Using CFLOCK SCOPE="SESSION" won't have any effect unless there might be two requests running from the same session - multiple tabs or windows within the same browser using the same session ID, for example, or the user right-clicks on a link to open another browser tab or window. Anyway, the type doesn't mean there's automatically a lock on the session or application or whatever, unless any other code within that whatever also has the same kind of CFLOCK with the same identifier. (I used to make a lot of money based on CFLOCK bad practices, so you'd think I'd remember better, but here we are.)   Anyway, I think (1) could be true if you clearly define what you mean as the lock's scope, and you have all the code that needs to be locked within this CFLOCK or some similar CFLOCK. I'm not sure about (2) and would need to test that out to be confident about it - this doesn't mean you're wrong or anything, just that I can't independently confirm that without writing some tests.   ... View more

I'm happy to help! I'm also happy about the Vivio upgrade that broke the code. I'm pretty sure it doesn't have anything to do with certificates, though. When I mentioned I thought it was an encoding issue, I meant how different environments might treat invalid or non-standard characters. So, for example, to transfer Unicode back and forth within ASCII, you need an escape sequence that represents a single Unicode character within a set of ASCII characters. That's a long and painful explanation, but I hope you get my drift.   (In case you're interested, you can play around with this site to identify Unicode characters: https://www.vertex42.com/ExcelTips/unicode-symbols.html#utf8 ... and this site to convert Unicode to pretty much everything else: https://r12a.github.io/app-conversion/ Or, you can just skip over this entire paragraph because you don't really need it!)   So, back to your issue: your best bet is to use something like Fiddler or Postman as a recording proxy, then see what's invalid in your CF 2023 request. Or, you can just log whatever you're sending to the outside provider. It would be helpful if you can do the same with a working CF 2021 environment, so you can quickly find the difference.   I'll probably just picture you in a cape.       ... View more