/t5/coldfusion-discussions/jvm-flag-dcoldfusion-searchimplicitscopes/td-p/14523359Mar 29, 2024
Mar 29, 2024
Copy link to clipboard
Copied
Hi,
Adobe writes:
The JVM flag-Dcoldfusion.searchimplicitscopes will be removed in the next major release of ColdFusion, hence disallowing searching of an unscoped variable in the implicit scopes.This may require application code changes.
We are currently on Coldfusion2021. Does "next major release of ColdFusion" mean something like Coldfusion2025 or some other version than Coldfusion2021 and until we upgrade to that version we can continue to use the flag?
/t5/coldfusion-discussions/jvm-flag-dcoldfusion-searchimplicitscopes/m-p/14523614#M197500Mar 29, 2024
Mar 29, 2024
Copy link to clipboard
Copied
Well, this is kind of a major change that will almost certainly break all of your applications. So I wouldn't wait to find out whether they remove that flag in an update to CF 2023, or whether they wait for CF 2025 or whatever. Use the time you have now to fix your applications and remove the underlying security vulnerability of unscoped variables. It sounds like a pain, but better now than later.
/t5/coldfusion-discussions/jvm-flag-dcoldfusion-searchimplicitscopes/m-p/14523877#M197501Mar 29, 2024
Mar 29, 2024
Copy link to clipboard
Copied
LATEST
Adding to Dave's always helpful answers: yes, the verbiage is confusing, and yes the jvm arg will work in cf2023 (and does now, along with cf2021, after this month's update). But no, or will not work in the next release they come out with.
That could be cf2025...but they have said in various places publicly that they're moving to ANNUAL releases, so it should be Cf2024.
2
Replies
AdChoices