The official community for ColdFusion.
Recently active
A recent update has broken Scheduled Tasks for us. The small Pause, Resume and Play icons work but we are not able to create a new Scheduled Task or Edit an existing one. We have CF 2023.0.19.330899 on both local and live servers and does this on both. It also does this on CF 11,0,19,314546. Whenever a new task schedule is attempted, or edit an existing one, after hitting the “Submit” button on the form, the browser says “Server sent back an empty page”. I have tried in different browsers and it gives same results. Can you help?
The syntax highlighting is one of the most important features for IDEs because they tell coders if there are problems with the code. I'm currently using version 1.0.701 and noticed an annoying problem whenever the “#” is found on the script. CF Builder assumes that every time it encounters a #, it is part of a variable evaluation, which is commonly used in CF tag attributes or between <cfoutput> tags. But in html, the # is used such as in css settings for colour. As a result, we get problems like these: In this example above, the # is used properly, and is part of standard html that is not parsed by the CF server. Adding a second # tricks CF Builder into thinking that the # has been escaped: But this is wrong and will cause problems because the final html code that is sent to the end user's browser will contain two #s. The only way to fix the problem is additional CF code:But this is an inefficient way of handling things. We shouldn't need to nest html tags within <cfout
coldfusion report Calculated Field SumForwardSumForward(Sum:iif((query.SumOfTrainingHours + calc.SumForward GTE 40),iif(calc.SumForward + query.Carryover LTE 40,query.Carryover,40-calc.SumForward), query.SumOfTrainingHours))I’m not familiar with report query syntax say querySumOfTraining hours = 20 and query.Carryover = -20 what is the order of processing within the query and what value does calc.Sumforward get as the query proceeds. And what is the final value for SumForward. ThanksJimBerkes
I’m to this system but have been asked to update it.
I recently installed ColdFusion 2023 Update 18 and though the installation log says there was only 1 non-fatal error, I am seeing some weird behavior in my web app. The login to my web application validates the user credentials and then redirects to the login page (302 found).However, I want to rule out any procedural errors in the update process first.As per the “Install the Update in Offline Mode Manually” from https://helpx.adobe.com/coldfusion/kb/coldfusion-2023-update-18.htmlDownload the hotfix installer from the link. - No issues. Download the packages zip file from this link and extract its contents to a location accessible to all ColdFusion server instances.I have only one instance, cfusion. I downloaded the packages.zip folder to a directory called U18 in /opt/cf2023cloud/ Update "packagesurl" in cfusion/lib/neo_updates.xml of cfusion and all its child instances to point to <InstallerRepositoryUnzippedPath>/bundles/bundlesdependency.json present inside the downloaded fo
Environment:- ColdFusion 2023 Enterprise- Development Environment- No HBSS- No Internet AccessIssue Description:We recently attempted to install Update 18 on our development environment. Unlike previous patch installations, the usual steps of stopping the ColdFusion service, clearing the Felix-cache, and restarting did not resolve the issue. Additionally, we downloaded the bundle repo from Adobe, cleared the bundles directory, and reinstalled all components from the `cpfm`, but the problem persisted.Given that this is a virtual machine, we reverted to a snapshot running Update 17, which resolved the issue temporarily. However, we are concerned about the root cause and would like to address it to avoid future complications.Error Details:Here is a sampling of the errors found in the `exception.log`:```"Error","pool-56-thread-1","01/30/26","12:33:51","","URI does not specify a valid host name: E:/path/to/bundles/repo/ib6coreutil-1.3.jar"org.apache.http.client.ClientProtocolException: URI
We’re updating an app from CF2021 to CF2025 but are running into issues with Query of Queries behavior changes and I haven’t seen them mentioned in any of the release documentation.Aggregate functions now return a row if there is no group by clause and the where condition fails.<cfset foo = queryNew( "id,total", "integer,integer", [ { id = 1, total = 25 }, { id = 2, total = 50 }, { id = 3, total = 100 } ])><cfquery name="bar" dbtype="query"> select sum(total) total from foo where id = 20</cfquery><cfdump var=#foo# /><cfdump var=#bar# />The above is an example where the dump of #bar# will have 0 rows in CF2023 and below and will have 1 row in CF2025 with the value being an empty string. If `group by id` is added, all versions return 0 rows.Values that are NULL the database are no longer treated as NULLs and are treated as empty strings instead.<cfset foo = queryNew( "id,total", "integer,varchar", [ { id = 1 }, { id = 2, total = 50 }, { id = 3, tot
I tried to submit a trouble-ticket on the tracker.adobe.com, but I’m getting a 500 error. Yay.Does anyone have any information on ColdFusion 2023 Enterprise and the Microsoft Visual C++ 2012 Redistributable? This specific redistributable has reached End of Life (EOL) and is no longer supported or patched by Microsoft. Utilizing EOL software directly violates Risk Management Framework (RMF) and Department of Navy cybersecurity requirements. This outdated dependency unnecessarily increases the system’s attack surface area.
Hi All,We are migrating from Cf2021 to CF2025.One issue is that QoQ resuts shows empty string when is not data.<cfscript> tempQuery = queryNew("id,name,amt", "integer,varchar,double"); QueryAddRow(tempQuery); QuerySetCell(tempQuery, "id", 1); QuerySetCell(tempQuery, "name", "Marco"); QuerySetCell(tempQuery, "amt", 16); QueryAddRow(tempQuery); QuerySetCell(tempQuery, "id", 2); QuerySetCell(tempQuery, "name", "Troy"); QuerySetCell(tempQuery, "amt", 7); result = queryExecute( "SELECT SUM(amt) AS cnt FROM tempQuery", {}, {dbtype="query"} ); writeDump(result); writeDump(result.recordcount()); result = queryExecute( "SELECT SUM(amt) AS cnt FROM tempQuery where id = 3", {}, {dbtype="query"} ); writeDump(result); writeDump(result.recordcount());</cfscript>ResultThe record count now is 1 for empty QoQ. It shoud be zero.Any solution on this issue?Thanks,JFB
my linter thinks there is an invalid token here, but there isn’tTL;DR: The red squiggle underline is caused, in some way, by the CF Builder extension. It’s wrong, the code and the file are fine, and I want it to go away. Anyone know how to make it go away?Details:I installed this extension a few weeks ago, and I didn’t notice (or I ignored) it at the time, but I started getting these red-squiggle notifications on *some* javascript / JSON files. I finally tried narrowing down the problem today, and after blaming it on eslint for a little while, and/or various rules in my project’s `eslintrc.json` file, I disabled all extensions and the error went away.So I used vsCode’s “Extension Bisector” to find the culprit. I didn’t know this existed till today. Basically it starts by disabling all extensions and reloading your window, and asks you if you can reproduce the problem. You say yes/no, and then it reloads again with some extensions enabled. You repeat the process several times until fina
Is there a way to adjust the formatting settings used by the vsCode ColdFusion Builder extension? I installed the extension mainly to try to take advantage of its code formatting options. Unfortunately the formatting does not seem to obey my vsCode preferences (tab indentation, equal to 2 spaces). It also does almost no formatting of html inside a cfoutput block (all html tags are stacked evenly). Does anyone know if there’s a way to adjust the formatting settings? I would like to recommend this to our team of several developers, as a standard tool for formatting our files.
Hi CF Experts,Recently I have changed my laptop and installed ColdFusion 2023 and installing updated from Update 6. But I am unable to download and Install it from CF Admin. Below is screen and getting an error Uncaught TypeError: Cannot read properties of undefined (reading 'cfhf_buildnumber') Can you please help on this.
I've gone through multiple rounds of installing Windows Server 2022 and following the Lockdown guide to install ColdFusion 2025 and AutoLockdown. Just can't get it to work, have lost a lot of time, and losing hope. Initially I couldn't get it to create the service user for me. May have been the complex password. Whatever. It seems to do that correctly now. After seeing a bug reported elsewhere I have added -Dcoldfusion.runtime.remotemethod.matchArguments=false to the JVM flags and restarted CF before running the AutoLockdown tool. I have checkpoints/snapshots in Hyper-V so that I can start the tool from scratch on each attempt. Attached is the lockdown log if anyone can help me out.
Where the heck do you report a bug? Now I know why the Adobe developers say they don't have any bugs in their queue. No one can figure how to report one.I was also told they offer free installation support. Where and how do you reach them? I've scoured the website and can't find it.
When I go to a server instance in CFAdmin > Deploy Existing Archive I get the following error:The path xxx.car is not whitelisted in pathfilter in CF2021 update 23.Is there a particular directory I should put the .car file in? Where can I whitelist the file. I don’t see anything under Security to whitelist a file.
When I try to set the FIPS Mode in Configuration as below:<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" FIPSMode="on"/> I’m getting error in the coldfusion-error.log: “Failed to enter FIPS mode” and unable to login to CF Admin page. How can I fix this error with enabling the FIPS mode?Thanks!
I’m converting a database from MS‑SQL to PostgreSQL and I need to change the calls to the Stored Procedures.I rewrote them in PostgreSQL, and when I try to execute them, it returns an error saying that the procedure’s cursor does not exist.For example, a call that used to be:<cfquery name="getApp_Version"> EXEC sp_app_version;</cfquery>Was changed to:<cfquery name="getApp_Version"> BEGIN; CALL "public"."sp_app_version"('c1'); FETCH NEXT FROM c1; COMMIT;</cfquery>And the following message appes:ERROR: cursor "c1" does not existI was advised to convert the procedures into functions to solve the problem, but there are too many procedures to rewrite.Is there a way to call Stored Procedures in PostgreSQL without getting this error?
I am trying to use org.jaudiotagger.audio.AudioFileIO to read some tags in mp3 files. The following lines work correctly: fileObj = createObject("java", "java.io.File").init(lsFileNameWithPath);audioFileIO = createObject("java", "org.jaudiotagger.audio.AudioFileIO");audioFile = audioFileIO.read(fileObj);audioHeader = audioFile.getAudioHeader();bitrate = audioHeader.getBitRate();writeOutput("The audio file bitrate is: " & bitrate);writeOutput(AudioHeader);but If I try anything with tags such as:Tag tag = audioFile.getTag(); orlsArtist = audioFile.getTag().getFirst(FieldKey.ARTIST);I get error messages. In the first case the error message is “ Variable TAG is undefined.“ and in the second case the error message is “ Variable FIELDKEY is undefined”Any suggestions as to what I am doing wrong?
Weak Session Token Randomness vulnerability found during pentesting in ColdFusion 2023 Administrator During a recent penetration test, we identified a vulnerability related to weak session token randomness in ColdFusion 2023, specifically impacting the Administrator interface. Our analysis indicates that only about 6 out of 80 characters in the session cookie exhibit sufficient randomness, which poses a risk to session security.Could you please advise if ColdFusion 2023 offers any configuration options or best practices to enhance the randomness and security of session tokens for the Administrator? Is it possible to customize the session ID generator or enable a stronger session management mechanism?Any guidance or recommendations to mitigate this vulnerability would be greatly appreciated.Thank you in advance for your support!
I’m setting up a SAML integration in ColdFusion 2021. It works fine, but when I’m in the Administrator if I check the “Want Assertions Signed” checkbox but don’t fill out Signing Keystore information and save it, whenever I try to edit the SP it always fails saying the keystore…. is undefined. My understanding is that “Want Assertions Signed” means the IDP signs the request it sends. Inside of the IDP I set up the Signing Certificate so it decrypts the response successfully. This all works fine, it’s just I can’t get in to edit the SP after setting it up. Entra provides the certificate and has options to sign the request and assertion, so I assume I don’t have to set up that certificate in my SP, but I do have to add it to the IDP so it knows how to verify the SAML response. Is this wrong? If I leave “Want Assertions Unchecked” what does that do for my process? Thank you.
Hello CF Community, We have a bit of an unusual situation, On one of the servers we have the log4j files which i do not see on the other servers. We have a security issue and the core-2.13.3 needs to be removed. We are running the CF2021 Updated to update 18 on all nodes. Only one of the nodes is showing the extra files in the CF/jre/lib folder. How can i go about safely removing the core2.13.3 file for log4j. Can i simply remove and if so what should i be on the look out for in terms of failures?
Hello, everyone. Still have not had a chance to do anything with my last issue (still ongoing), and now we have more issues. They just keep cropping up. The most critical, however, is that our SA is getting 400 errors trying to access CF Admin. I’m trying to get as much information from our SA as possible. He’s checking logs, as I type this. I’m hoping he can get me some details for me to post. Right now, all I have is what appears in the browser when he tries to access CF Admin. BAD REQUESTYour browser set a request that this server could not understand.Additionally, a 400 Bad Request error was encountered while trying to use an ErrorDocument to handle the request. As soon as our SA passes to me what he finds in the logs, I’ll post them here. V/r,WolfShade
Hello!This is a continuation of a question I posed days prior to the upgrade of the Adobe forums. The post never reappeared on the new forums, and so I’m reposting this update afresh.My original question centered on how to configure IIS websites such that all users would be required to go through the API Manager to access the API. BKBK responded with details on how to set up a reverse proxy. Mission accomplished. I now have two IIS sites:APIMGR.mysite.com is the gateway (reroutes traffic to API.mysite.com) API.mysite.com is the backend (rejects direct traffic; permits incoming traffice only from APIMGR.mysite.com)My question now is, what settiings, if any, in the API Manager Administrator (or in the Portal) need to change, to accommodate this reverse proxy setup? Specifically, do these default settings for the Host or the Domain URL need to change, or does the API administrator still serve up requests via the default localhost / localhost:port configuration? Thanks in advance for the a
Can anyone tell me what happens when a ColdFusion 2023 Enterprise license is used on more servers (or CPUs or whatever) than Adobe thinks are covered by the license? I would not deliberately overuse a license, but because previous communication with Adobe about licensing has been far from clear, and the fact that I am not in our company’s licensing department, as well as the fact that Adobe’s stance on allowing (or not) a license to be used on a dev servers if licensing has been purchased for a prod server, it’s hard to be 100% sure that issues won’t arise.We have a UAT server and I’m almost sure our existing licensing will accommodate it, but if I apply the serial number and it isn’t covered, what will happen - Something as clear as a notification on attempt, or something much worse, like our PROD server being silently downgraded to developer mode?Thanks!
I have a simple loop that is used to clean up old files within a directory:<cfdirectory action="list" name="qDir" directory="#variables.path#"><cfloop query="qDir"> <cfif qDir.Type eq "File"> <cfif DateDiff("h", qDir.DateLastModified, Now()) gt attributes.keep_for_hours> <cfset variables.full_file_path = variables.path & qDir.Name> <cfif FileExists(variables.full_file_path)> <cffile action="delete" file="#variables.full_file_path#"> </cfif> </cfif> </cfif></cfloop>This is on Linux where ColdFusion is running as apache.Recently a system scan process has been leaving behind files owned by root within the directory resulting in an error stating:“The file or directory <filename> provided as the Source is read-only. - The Delete cannot be performed.”While it’s true that the file is read-only, apache owns the directory the file is in and should still be able to delete the file.How do I go about encouragin
Remix with Firefly Community Gallery
Thousands of free creations to fall in love with and remix in Firefly.
Already have an account? Login
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.