Skip to main content
R
Roberto A.
Inspiring
October 20, 2025
Answered

ColdFusion 2025 Auto-Lockdown

  • October 20, 2025
  • 2 replies
  • 309 views

I am trying to run the ColdFusion 2025 Auto-Lockdown on ColdFusion Update 4.

 

At first it was failing with the following error in the application log: Function getAdminSettings does not support adminpassword as an argument in ...CFIDE\lockdown\lockdown.cfc.

 

I read on the Update 2 page (https://helpx.adobe.com/coldfusion/kb/coldfusion-2025-update-2.html), If you want to apply lockdown on this update, add the -Dcoldfusion.runtime.remotemethod.matchArguments flag. So I did that.

 

Now I am getting a new error: The USERNAME parameter to the getAdminSettings function is required but was not passed in.

 

Are there any other modification or jvm flags I need to add to run the auto-lockdown? Thank you.

    Correct answer Roberto A.

    I reached out to Adobe yesterday. Will follow up when I have more info. I checked the the CF logs and lockdown logs and prerequisites. I am thinking the same as you, that maybe once it is run on a given update it cannot be run again. That would imply that there is a flag somewhere that is preventing it. Will keep you posted. Thanks!


    After speaking with CF support, it turns out that the Lockdown tool cannot be executed again once it has already been applied, until you uninstall the previously applied Lockdown.

     

    You can uninstall the Lockdown tool by running the uninstall.exe file located at the path below:

    <ColdFusion202X>\lockdown\cfusion\uninstall

     

    After doing this, the instance was found the next time I ran the Lockdown tool.

    2 replies

    Charlie Arehart
    Community Expert
    Charlie ArehartCommunity Expert
    Community Expert
    October 21, 2025

    Roberto, while you later clarify that Adobe gave you an updated cfc, can you confirm something for future readers here? You say you "did that", regarding the technote directive to "add the -Dcoldfusion.runtime.remotemethod.matchArguments flag", but it didn't help.

     

    Did you see that to true or false? Or did you perhaps assign no value? It should have been set to false, though that technote does not clarify it. 

    /Charlie (troubleshooter, carehart. org)
    R
    Roberto A.Author
    Inspiring
    October 21, 2025

    Charlie, good catch. I literally copied -Dcoldfusion.runtime.remotemethod.matchArguments and didn't even notice it was set to no value. My mistake. That being said, after contacting CF support, I was given a new lockdown.cfc file that just worked.

    Charlie Arehart
    Community Expert
    Charlie ArehartCommunity Expert
    Community Expert
    October 21, 2025

    Thanks, and yep, the new cfc would have been modified to define all incoming args for any remote methods--which broke once the update came out that required that. They just hadn't thought to tweak that code before releasing the update.

     

    Again, that update technote needs to be made more clear. It would be nice if someone from Adobe might see this and agree (given Roberto's acknowledgment of what I've feared.)

     

    Anyway, thanks for confirming. Hope it may help others. 

    /Charlie (troubleshooter, carehart. org)
    R
    Roberto A.Author
    Inspiring
    October 20, 2025

    This is resolved. Received a new lockdown.cfc directly from Adobe and it works now.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices