Skip to main content
M
matthewl20646694
Inspiring
November 5, 2025
Question

Issue with remove function parameters on CF 2023 Update 15

  • November 5, 2025
  • 3 replies
  • 564 views

Let me start, I do know about the changes in Update 14 related to "extra" arguments, and this is not the same issue, but I think it might be related.  The error is that a paramerter can not be found when making a call to a remote function in a CFC.  

 

Here is the top of the function definition:

    <CFFunction name="getTable" access="remote">
      <CFArgument name="Datasource" required="yes">
      <CFArgument name="Username" required="yes">
      <CFArgument name="Password" required="yes">
 
I am getting an error about " The DATASOURCE parameter to the getTable function is required but was not passed in.".  
 
Where this gets more complicated is that we encrypt all the data in our URL's.  So the call to the CFC looks like:
https://server/AgentListPolicies.cfc?EUDATA=... encrypted string ....
 
Then during the processing of application.cfm, we take the encrypted string, decrypt it and put all the variables from the string in the URL scope.  Doing a <CFDump var="#url#"> after the decryption, I can see all the variables
struct
DatasourceMYdataSource
PasswordXXXXXX
UsernameXXXXXX
methodgetTable

 

This code has worked up until Update 15 on CF 2023.  I did uninstall back to Update 12 and installed each update one by one and it worked fine on Update 14, but as soon as I install Update 15 it fails.  So this is something that specifically changed in Update 15 of ColdFusion 2023.  I did also try update 16, with the same issue as 15.  We started at 16 and after the issue we went back starting at 12 and doing each update one at a time with full WSConfig and clearing of all cached files.  

 

I am guessing that it is something about what/when the code is looking at the arguments in determining if they are passed.  Up to this point, it has seemed to be after the processing of application.cfm.  

 

I can do:

https://server/AgentListPolicies.cfc?EUDATA=... encrypted string ....&DataSource=&Username=&Password=

Where I pass in blank in the URL and my decription code overrites the blank with the needed value.  It is using the values from my decryption code puts into the URL scope without issue.  What is weird is that the Method name is in the encrypted data and the EUDATA is in the URL scope until my decrpytion code runs, and I remove it from the URL scope at the same time that I add in the other variables.  I have tried with and without the Dcoldfusion.runtime.remotemethod.matchArguments=false flag with no difference.  

 

We use the URL encryption in a lot of places of the code, so we can not add in blank values for all URL calls.  I can change the code on this function to make those arguments optional and then check in the code that they are set.  I can come up with several ways around this, but I am hoping there is some new setting/configuration argument that I am missing that might resolve this issue.  

 

 

Is there anything I am missing before I post this to Adobe support?  

 

Thank you.  

 

 

    3 replies

    BKBK
    Community Expert
    BKBKCommunity Expert
    Community Expert
    November 21, 2025

    @matthewl20646694 , is it possible for you to update your original post? If so, then could you please change the word "remove" in the title to "remote"? That will help future developers searching for the subject on the web.

    Charlie Arehart
    Community Expert
    Charlie ArehartCommunity Expert
    Community Expert
    November 5, 2025

    Matthew, that's certainly some interesting gymnastics you've had to go through.

     

    I'd like to focus on your last point. You say you added Dcoldfusion.runtime.remotemethod.matchArguments=false but it didn't help. First, let's confirm that is indeed set as you think it is. If you just dump the server.systemproperties, it will show you a few dozen things--among which will be any such JVM args, whether set by you in the CF admin or jvm.config. But there are also others that CF sets, and ones that the OS and Java and Tomcat set that are shown. So look for the ones starting with "coldfusion."

     

    And I've created a github jist of some code to do just that for you. See it here.

     

    BTW, I was writing that and this up while I see you offered your next reply with examples. I may not have time soon to try that, but perhaps others will. In the meantime, please do run that code I offer and see if you DO see that env var set. If not, you'll want to pursue why it's not set when you thought it was.

     

    Granted, fixing your code would be better, but I suspect you'd like to do the update if not for this problem, so if the JVM arg DOES work for you then it DOES allow you to proceed. Then maybe your example will help Adobe or us here to see what it is about your code that doesn't work without it.

    /Charlie (troubleshooter, carehart. org)
    M
    matthewl20646694Author
    Inspiring
    November 5, 2025

    I did get Docker running on my local machine, so I was able to test my sample against both CF2023 and CF2025 current version (most recent patch).  

     

    I did do as you suggested for outputting the flags.  
    coldfusion.datasource.blocked.properties = allowLoadLocalInfile,allowUrlInLocalInfile,autoDeserialize
    *coldfusion.home = /opt/coldfusion/cfusion/bin/..
    *coldfusion.jsafe.defaultalgo = FIPS186Random
    *coldfusion.libPath = /opt/coldfusion/cfusion/bin/../lib
    *coldfusion.rootDir = /opt/coldfusion/cfusion/bin/..
    coldfusion.runtime.remotemethod.matchArguments = false

     

    Tried with it set and not set (with CF restarts of CF within the docker after changing the setting).  I still got the same error message:

    The PARAM1 parameter to the TestFunc function is required but was not passed in.
    The error occurred on line -1.


    I tweaked the code to add in an error handler and a link on the test page that is not encrypted.  So I added a total of four links:
    * Encrypted Link

    * Encrypted Link with Extra Parameter

    * Regular Link

    * Regular Link with extra Parameter 

     

    What was interesting is that when I did not have the JVM argument in place (related to extra parameter) on the Encrypted link with the extra parameter, it errored about the extra parameter before checking for the required parameter.  (Function TestFunc does not support param2 as an argument in /app/TestCFC.cfc - The error occurred on line -1.)  Obviously this is know because of all the details about Cf 2023 Update 14 and this specific argument.  

     

    Changing the code is not ideal, because I am giving a simple example here, but we do this throughout our entire application, and any remote CFC call that we make would have this same issue.  This is just the fisrt place we ran into it and worked through debugging it.  

     

    Thanks.  

     

     

    Charlie Arehart
    Community Expert
    Charlie ArehartCommunity Expert
    Community Expert
    November 5, 2025

    Now that you've concluded for sure that the jvm arg IS there but is NOT helping, it sounds like you're hitting the same problem someone reported about 2 months ago at https://tracker.adobe.com/#/view/CF-4227376. They, too, are using encrypted querystrings--and it may be that this (or the post-processing you guys want to do) is where the problem is happening.

    Anyway, add a vote there, at a minimum. And while you can add a "vote comment", that box is tiny. Add a regular comment instead, which is a larger box (easier to read, as well).

     

    And in the meantime perhaps someone else (Adobe or otherwise) may chime in here or there with other thoughts for you.

    /Charlie (troubleshooter, carehart. org)
    M
    matthewl20646694Author
    Inspiring
    November 5, 2025

    I did submit this to CF Support, but maybe someone knows something I am missing or maybe someone else is having issues similar.  

     

    I have tried to distill all the code into a sample test file that people can try locally.  Since I am not allowed to attach CFM file, they are just named to .txt file, but remove that from each of the files and put in a single directory.  Please do not criticize the code, I was trying to extract out the relevant parts from a lot more complicated code to demonstrate the issue.  

    The application.cfm file just has a decrpyiton function that is called and then thge URL scope is dumped.  The CFC just dumps the value of the argument passed in.  When you open test.cfm, you will get a link, that is something like:
    http://localhost/testenc/TestCFC.cfc?EUData=6eFox1UuBTPKiJyP0tznAWKmBsa1%2FbYY7diE3BJ607HdztvuoEW6UcHTmH5ehV%2FFhKRR8EfqqCkAfn4TmEuPoxgEpudIIyGMetZsW67v3Mg%3D

    Where all the parameters of the URL are in an encrypted string.  

    Unfortunately, I was only able to test this on a CF 2023 Update 14 server since they will not reinstall Update 15 or 16 right now, so I can only verify that it works correctly on a CF 2023 Update 14 machine, but not that it fails on an Update 15/16 server.  I am trying to get one setup that I can verify on, and also use later to test if people have suggestions or support has any suggestions.  

     

    Any thoughts are appreciated.  

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices