ColdFusion

I installed the PMT for Coldfusion 2018 on my Windows notebook. Everything seemd fine, but each time I want to login, I get the message: "Invalid Username / Password".I am sure that username / password are the correct values configured during installation.Nevertheless I uninstalled the tool and installed it again, using other values for username / password. This did not help.Can anybody help? I did not find any information on this in the internet! 

Hello, We are currently trying to upgrade fuseguard from 2.4 to 3.6.  However , we wanted to see if we can still keep the old one intact and the new one in audit mode or something ,so we just see the logs but nothing gets blocked using the new version. In other words, is it possible to have two fuseguard versions being used or integrated with one single instance of coldfusion 2023. Appreciate if anyone could provide with any inputs based on your experience.Thanks,Manoj.

I just noticed that the Adobe ColdFusion Builder extension for Visual Studio code is no longer avaiilable. Is Adobe moving on to something else?   

Hello everyone, I have an error or detail when reloading with reload. I previously added the mapping in REST, but when I run it, it only shows me {} but it doesn't show me if I reload it or any status. I'm using the developer version CF25. Do you know if this is normal or if I need some other add-on?Regards

Each  time we restart the instance, even without any user traffic at all, cpu will eventually jump to 24-25% and stay there.In some cases this will double, which then makes the site using the instance slow and unresponsiveProblem StatementColdFusion 2023 consuming 20-24% CPU constantly with zero user activityIssue started late September 2025, no configuration changesRestart temporarily fixes it, CPU climbs back within hoursServer: Windows Server, CF 2023, Java 17.0.6, 4 cores, 6GB heapThread Dump Evidence (CRITICAL)"Thread-27" #95 daemon prio=5 os_prio=0 cpu=2798078.13msState: RUNNABLEat sun.nio.ch.Iocp.getQueuedCompletionStatus(Native Method)at sun.nio.ch.Iocp$EventHandlerTask.run(Iocp.java:323)This thread has consumed 2.7 million milliseconds (46 minutes) of CPU time in IOCP polling.Network Evidence The netstat output shows CLOSE_WAIT connections to Akamai CDN that never close, accumulating over time?What I've Ruled OutGC is healthy (gc.log shows normal behavior, 5-15ms pauses)N

Hi All, I updated Coldfusion 2021 to release 21 which is supposed to have Apache POI 5.41, after a Tenable scan I get a Folder that is named WEB-INF-BUE-bk coldfusion2021/cfusion/wwwroot/WEB-INF-BUE-bk/lib that still has the 3.9 libraries, so I'd like to know if I can safely zip the contents and delete the folder without messing the server up or the folder is required by coldfusion?

Hi all. I have a very pressing iseue I was hoping you could help with, as we have an important UAT server down. I installed the CF 2023 license today. I got a message after license entry that said CF server needed to have access to the Internet to work for certain license types. I wasn't asure if my license type was the one listed, so I thought I'd test. I removed my proxy and proxy port settings from the package manager settings, and turned off the proxy on my Windows machine. Then I removed the -Dhttp.proxyHost and -Dhttp.proxyPort settings from the JVM, which required me to restart. Nowe, CF2023 Application Server service will not start back up again. I turned the windows proxy back on, and since I couldn't get to the JVM with the Admin not able to load, I added the proxy settings to the jvm.config file. CF server would still not start up. There arew errors in the exception log saying "Failed to contact the Adobe Licensing server". Can anyone tell me how to resol

We need to encrypt data using AES/CBC/PKCS7. However the CF encrypt method only accepts AES/CBC/PKCS5Padding. Any idea how to achieve this? We are using CF 2016.

I need to limited access to the SOLR web application to localost. The server it is running on has both IPv4 and IPv6 and in the jerrty/etc/jetty-ipaccess.xml in this section:<Set name="white">  <Array type="String">  <Item>127.0.0.1</Item>   <Item>::1</Item>  </Array></Set>When I add IPV6 I get a error when I try to restart jetty. So I cannot lock it down.Any ideas?

I keep getting this error: ERROR: transport error 202: bind failed: Address already in use ERROR: JDWP Transport dt_socket failed to initialize, TRANSPORT_INIT(510) JDWP exit error AGENT_ERROR_TRANSPORT_INIT(197): No transports initialized [:732] However, nothing is running on that port except CF!  So what is it complaining about?  Do I have something misconfigured?   I have CF 2021 running on my localhost w/ default settings (so it's running on localhost:8500).  In VSCode, I have the server set as localhost:8500.   Thanks!  

I am running a CycloneDX security scan on the latest ColdFusion 2021 Enterprise WAR file for my application (HF22). I am getting 160+ vulnerabilities reported, most of them either Critical or High. I have some questions about these: 1. Most of these seem to be related not to the actual libraries in /cfusion/lib, but to the JAR files in /bundles/repo, e.g. ehcache-2.10.3.jar, jackson-databind-2.9.8.jar. I don't know what (if anything) I can do to fix these. Can I delete the most vulnerable files without killing the application server? Does anyone have any advice? 2. A number of the other vulnerabilities are being reported in libraries that aren't necessarily in use in my deployment: they're part of the hotfix installer JARs in /cfusion/hf-updates or /bundles/updateinstallers. Can I safely remove the most recent hotfix installers from these directories, once the hotfix has been installed and tested? (I have no intention of uninstalling a hotfix from Production: if necessary, I

Hi,We use docker locally and have an issue now with latest 2023 version. We are getting the following error wherever a component is called on a page which has a type on cfargument. Removing the type allows the page to load without error. The error we see is as follows'coldfusion.runtime.Variable coldfusion.runtime.UDFMethod._validateArgWithValidator(java.lang.String, java.lang.String, coldfusion.runtime.Variable, coldfusion.tagext.validation.CFTypeValidator)' java.lang.NoSuchMethodError: 'coldfusion.runtime.Variable coldfusion.runtime.UDFMethod._validateArgWithValidator(java.lang.String, java.lang.String, coldfusion.runtime.Variable, coldfusion.tagext.validation.CFTypeValidator)' atWe also see errors related to the image package where it says we need to install the image package but it's already installed. We've pulled most recent image, started stopped the container etc. but still seeing those issues. Nothing obvious showing in the logs. Anyone any ideas? There was a version of

Hello, We have been using SonarQube for code quality testing of our applications. However, I was wondering what would be the recommended one for ColdFusion files. I know that SonarQube officially doesn't support .cfm or .cfc files(although there is some third party plugin). So, wondering what  industry standard tools are being used to scan our custom ColdFusion files. Thanks,Manoj.

We recently received a vulnerability report on Apache Tomcat 9.0.106 from our security team and have been instructed to upgrade to 9.0.108. Are there steps to manual upgrade Tomcat within ColdFusion? If so, can you kindly provide guidance?

CFMail will throw error after update 15 applied. Java version: 17.0.15+9-LTS-24 "Error","ajp-nio-127.0.0.1-8022-exec-3","07/11/25","13:24:45","","Bad type on operand stackException Details:Location:coldfusion/mail/mod/MailImpl.signMail(Ljavax/mail/internet/MimeMessage;Ljavax/mail/Session;)Ljavax/mail/internet/MimeMessage; @238: invokevirtualReason:Type 'org/bouncycastle/asn1/smime/SMIMEEncryptionKeyPreferenceAttribute' (current frame, stack[1]) is not assignable to 'org/bouncycastle/asn1/ASN1Encodable'Current Frame:bci: @238flags: { }locals: { 'coldfusion/mail/mod/MailImpl', 'javax/mail/internet/MimeMessage', 'javax/mail/Session', 'java/security/KeyStore', '[Ljava/security/cert/Certificate;', 'java/security/PrivateKey', 'org/bouncycastle/asn1/ASN1EncodableVector', 'java/security/cert/X509Certificate', 'java/lang/String', 'org/bouncycastle/asn1/cms/IssuerAndSerialNumber' }stack: { 'org/bouncycastle/asn1/ASN1EncodableVector', 'org/bouncycastle/asn1/smime/SMIMEEncryptionKeyPrefe

I installed 2021 and I am trying to bring up the website and I get this error:  "The feed package is not installed".  Ok, so I think I can just install it.  But none of our servers have internet access.  So I see that a local repository is possible.  I can't use the "cfpm downloadrepo" because there is no internet access to download all the packages.  When I try downloadrepo I get these error message for the download for each package: "Illegal character in opaque part at index 2".  There does not seem to be a website to download the repo.  So what do I do?  Any help appreciated. 

All, I have an app that's been working _mostly_ flawlessly for over five years.  It's a rates lookup table that uses Excel sheets as a read-only database.  There are two years of rates per line of business (ie, Air Passenger rates for FY2025 and FY2026). A user selects a fiscal year from a dropdown, and five buttons appear for the user to select from.  A selection is made and a custom form for that FY and line of business appears.  Selections are made, and when all selections are set, AJaX sends a special code to a cffunction that consumes the related Excel file, then does a QoQ of that query to find a specific rate, based upon the code submitted, and returns the rate which is then displayed on the page for the user to see. FY2026 rates need to be in place no later than 30 SEP.  But I have an issue that I can't explain. There is one (so far, could be more) billing rate that exists in the related Excel file that the QoQ in the cffunction cann

I will be upgrading an Azure machine from ColdFusion 2021 to ColdFusion 2025. As Windows Server 2025 has been out for almost a year now, I would like to configure the new server with the latest version of ColdFusion and Windows Server. The latest ColdFusion 2025 support matrix (https://helpx.adobe.com/pdf/coldfusion2025-support-matrix.pdf) was last updated February 27, 2025. Has anyone had the opportunity to test ColdFusion 2025 on Windows Server 2025? I reached out to Adobe and was told to submit a bug request. Figured I would ask the group here if they had any success or experiences to share. Thanks in advance!

We're running ColdFusion2021 Enterprise and attempting to use the SAML feature where our application is the SP and a customer is the IDP using Azure AD. When we first called ProcessSAMLResponse() it authenticated. Subiquestial calls to ProcessSAMLResponse() are now getting this error: "Possible replay attack occurred as there is no login/logout information associated with this request.". We suspect this is related to the SAMLcache and we feel it's not clearing when it should. In the SP Configuration - the Request Store setting we've tried both the "Default" and "Cache" settings. After it started failing with the "Default" we edited ".../lib/auth-ehcache.xml" and changed the setting: "timeToLiveSeconds" from 600 to 60. Here's the xml:<cache clearOnFlush="true" memoryStoreEvictionPolicy="LRU" diskExpiryThreadIntervalSeconds="3600" diskPersistent="false" maxElementsOnDisk="10000000" diskSpoolBufferSizeMB="30" overflowToDisk="false" timeToLiveSeconds="60" eternal="fa

I know there have been questions posted about ColdFusion's Report Builder and talk of "maybe" something coming back in CF 2023 or CF 2025. So far, I have been unable to find anything other than dated questions and comments. I was able to find a copy of - ColdFusion_ReportBuilder_WWEJ.exe, which I believe is the last known version of Report Builder.  My question - aside from using the old Report Builder, does anyone know if there is ANYTHING new coming? We have old .cfr files that need to be updated and/or converted for current use.

Anyone else have an issue with 2021 and long running scheduled task running multiple times?I've narrowed it down to only occurring using a JDK higher than 11.0.12.  I've been replicating this by scheduling a task to a page with the following content: <cfset sleep(360000)> <cfmail to="youremail@email.edu" from="testtask@email.edu" subject="test task" type="html"> <cfdump var='#timeFormat(now(), "HH:mm:ss")#'/> </cfmail> 

This is strange. We had a problem a few days ago that got solved here, related to updating the certs on a Windows server, IIS 10, running ColdFusion 2023 update 5. So now I have a cfhttp call, using https and a get call, which usually works, but sometimes gets a 500 error. What happens is that Stamps supplies us a url, from an earlier cfhttp call (using post with a bunch of SOAP XML), and their docs say you can just fetch that url with a browser, and it gives you the print file for the shipping label. It nearly always works if I fetch that url with a browser, but we have lots of misses when trying to fetch the same supplied url via cfhttp from our server. So I made a little test page, and here is the code that shows the problem: <cfhttp method="get" url="#qLabelUrl.stampsLabelUrl#" path="#expandPath("\Docs\")#" file="shippingLabel#iShip#.zpl" result="result" /><cfdump var="#result#"/><cfdump var="#qLabelUrl.stampsLabelUrl#"/> Also I include the dump of the r

cf version: CF2023u15, OS: WindowsI have a component "excel.cfc". The component has functions that creates objects of Apache POI classes and use various methods of those POI classes to perform excel manipulation.ColdFusion's latest POI jar (v5.4.1) isn't compatible with our application. So, I am using an older version (v3.17) of it by placing it in a folder and requesting ColdFusion to load my chosen jar using application.cfc's  this.javaSettings.loadPaths().When I try to create an object of excel.cfc using createObject(), I see that the poi version that gets loaded is v3.17. This means the setting has worked as it has successfully instructed ColdFusion to make use of the older jars. This is all good. However, if I try to call it using jQuery.post(), like $.post("/shared/cf/excel.cfc?method=func()"), it still ends up loading ColdFusion's v5.4.1 which isn't helpful.Is there a way I can still instruct ColdFusion to work in this second approach? Maybe, through a setting in

Hi all,   This morning I noticed that I cannot see any of my submitted or voted-on support tickets in the Bug Tracker:        Issues Created: 0      You haven't created any issues      Issues Voted: 0      You haven't voted for any issues   Looking in the browser console, it looks like a 500 error is getting returned for both the created and voted API calls:   HTTP Status 500 - Request processing failed; nested exception is org.springframework.web.client.RestClientException: Could not extract response: no suitable HttpMessageConverter found for response type [class com.adobe.jira.model.v2.SearchResult] and content type [text/plain]   Additionally, the following 500 response is returned from the search API call:   HTTP Status 500 - Request processing failed; nested exception is org.springframework.web.client.HttpServerErrorException: 503 Service Unavailable   I've tried on

These tasks have been running nightly without trouble. Then we installed a new SSL cert on IIS 10, and now they all fail. I can run each task from my browser, but if I try to run one from the task scheduler, now it fails. Restarting CF after the new cert does not fix it. ColdFusion serves the many pages on our site just fine (SSL is required), it just won't run any scheduled task now.