If the Excel export works perfectly without the AppDynamics agent, doesn't that mean you don't need the agent in the first place? Or do you need the agent for something else?    In fact, ColdFusion 2023 is itself capable of exporting an Excel file. So I wonder why you need an external agent. In any case, could you share the code you want to use for exporting Excel? ... View more

What software is this about: CF Builder on Visual Studio Code? Or Adobe ColdFusion Builder 2018? ... View more

Do you use query-of-query in connection with the result from stored procedure? Please share the full stacktrace of the error and the code where the error occurs. ... View more

I have switcxhed over to using application.cfc, to see if that made a difference.  By @matthewl20646694   To be clear, switching  from Application.cfm to Application.cfc improves the design of your code. However, the switch does not influence the behaviour we have been discussing. ... View more

 I  am surprised you start by saying, "I do not think that is true. "  After that, you actually proceed to reproduce the exact situation I had described.   In short, the root-cause is: In the ColdFusion build where you encounter the issue, the line  <!--- Remotely requested CFC method which has at least one "required" argument ---> <cfset url.method="testFunc"> automatically triggers ColdFusion to validate the method for required arguments.   Your conclusion is: ... it gives the same error about " The PARAM1 parameter to the TestFunc function is required but was not passed in.".  So it gets the METHOD name from where I set it in the application.cfc, but it does not get/read the parameters set there.  By @matthewl20646694   That is the same as my conclusion about the root-cause: "The root cause is that, rightly or wrongly, ColdFusion is preprogrammed to validate the remote CFC method the moment url.method is defined. That is, the moment it encounters: <cfset url.method = "testFunc">   That is what happens in your case. Apparently, that line of code confuses ColdFusion into thinking that method=testFunc is part of the query-string coming from the browser. But then it misses the required parameter. Hence the error."   As I said, it might help to share my latest explanation with your contact at Adobe. They should be aware that, in the latest ColdFusion 2023 build, the assignment url.method = "myMethod" automatically triggers validation of the method. They could then tell you whether that is an intentional change, or an unintentional side-effect or bug that needs to be fixed.. ... View more

@matthewl20646694 , it might help to share my latest explanation with your contact at Adobe. They should be aware that <cfset url.method="testFunc"> automatically triggers validation of the remotely called CFC mehod.  ... View more

Hi @matthewl20646694 , thanks for the clarification. It confirms that my understanding of the intention of the code has been correct right from the start. However, I think I haven't yet convinced you that there are possible loopholes in the reasoning and in the design of your code. There actually are. They could do with some improvement.    Before we get to the root-cause of the issue, let me show you that I understand what is going on. What I understand is essentially as follows. The code that is causing the issue involves a CFC, a test CFM and Application.cfm. The test CFM contains a link to a remote call to the CFC:   test.cfm <!--- The query-string consists of the requested CFC method and 4 URL variables and their respective values. The entire query-string is url-encoded, then encrypted. The link represents a remote call to the CFC. In the call, the query-string has been replaced by just one variable, EUData=#UrlEncodedEncryptedQueryString#, ---> <CFSet queryString = "Method=TestFunc&Param1=Param1Value&Param2=Param2Value&Param3=Param3Value&Param4=Param4Value"> <CFSet encryptedQueryString = encrypt(queryString,"PjzF/tm6q3FB+jtYUsLXqzJMYsdCSBwd3cvtYfyTeuo=",'AES', 'Base64')> <cfset UrlEncodedEncryptedQueryString = encodeForURL(encryptedQueryString)> <CFOutput> The encrypted link: <a href="./TestCFC.cfc?EUData=#UrlEncodedEncryptedQueryString#">Test Link</a><br> </CFOutput>   TestCFC.cfc <cfcomponent> <cffunction name="testfunc" access="remote" returntype="void"> <cfargument name="param1" required="yes"> </cffunction> </cfcomponent>   Application.cfm <!--- The remote URL request is intercepted here. The main (single) URL variable, EUData, is decrypted and its constituent parts extracted. (Note: Though the constituent parts consist of the 5 name-value pairs from the original query-string in the test CFM, they are themselves NOT URL variables. The only URL variable ColdFusion knows at this point is URL.EUData.) The decrypted string is parsed, from which URL variables are set, among which, <cfset url.method = "testFunc"> <cfset url.param1= "Param1Value"> <cfset url.param2= "Param2Value"> <cfset url.param3= "Param3Value"> <cfset url.param4= "Param4Value"> --->   The issue:  When you run test.cfm and click on the link, you get the error "The PARAM1 parameter to the testFunc function is required but was not passed in.". You're getting the error after Update 14 of ColdFusion 2023. The code worked without any issues on previous updates. I hope that shows you I understand what the issue is. Then I will say that the cause of the issue is clear. Following Update 14 of ColdFusion 2023, remote CFC calls have become stricter. If the remotely invoked CFC method contains a required argument, then that argument must be present as one of the parameters in the query-string. Otherwise you will get an error.   Now comes what I consider to be the root cause of the error you're getting. In using Application.cfm to intercept the URL request, you're effectively doing a URL-rewrite. As far as ColdFusion is concerned, the only URL variable it knows is EUData. The variable URL.method does NOT yet exist.   The root cause is that, rightly or wrongly, ColdFusion is preprogrammed to validate the remote CFC method the moment url.method is defined. That is, the moment it encounters: <cfset url.method = "testFunc">   That is what happens in your case. Apparently, that line of code confuses ColdFusion into thinking that method=testFunc is part of the query-string coming from the browser. But then it misses the required parameter. Hence the error.   Here's much simpler code to reproduce the behaviour:   test.cfm <CFSet queryString = "Method=TestFunc&ParamX=ParamXValue"> <CFSet encryptedQueryString = encrypt(queryString,"PjzF/tm6q3FB+jtYUsLXqzJMYsdCSBwd3cvtYfyTeuo=",'AES', 'Base64')> <cfset UrlEncodedEncryoptedQueryString = encodeForURL(encryptedQueryString)> <CFOutput> The encrypted link: <a href="./TestCFC.cfc?EUData=#UrlEncodedEncryoptedQueryString#">Test Link</a><br> </CFOutput>   TestCFC.cfc <cfcomponent> <cffunction name="testfunc" access="remote" returntype="void"> <cfargument name="paramX" required="yes"> </cffunction> </cfcomponent>   Application.cfc <cfcomponent> <cfset this.name = "RemoteCFCTestApp"> <cffunction name="onApplicationStart" returntype="boolean"> <cfreturn true> </cffunction> <cffunction name="onRequestStart" returntype="boolean"> <cfargument name = "targetPage" type="String" required="true"> <!--- The next line automatically triggers validation of the remote call testFunc(). If the function happens to have a required argument, you will get an error. ---> <cfset url.method="testFunc"> <!---<cfset url.paramX="ParamXValue">---> <cfreturn true> </cffunction> </cfcomponent> That such things happened "auto-magically" is a clear sign that you were taking risks. One little change or bug-fix in ColdFusion, and the whole pack of cards may come crashing down.    As a workaround, here's one of my suggestions once again: include method=testFunc transparently in the link from the browser..That is, In test.cfm Here is Encrypted link: <a href="./TestCFC.cfc?method=testFunc&EUData=#encryptedURLData#">Test Link</a>  In TestCFC.cfc <CFArgument name="EUData" required="yes">     ... View more

Hi @danielmroberts , sorry to hear about the lockdown installation issues. Glad to hear that you finally resolved it.  Thanks for sharing your solution. ... View more

EUData is designed to be an encrypted string that has regular key/value URL pairs of data encrypted with in.  So the link would look like: TestCFC.cfc?EUData=ui9eTHvdhYo6opbyLfU2rGKmBsa1%2FbYY7diE3BJ607HdztvuoEW6UcHTmH5ehV%2FFEKlO0eisUGYKXHeBfxyx5GXd0vqgq%2BmvICY%2BT3E%2FXdU%3D By @matthewl20646694 I did understand that. I hope you can see it implies the following: calling a CFC remotely without passing the method. That might be a problem. I suggested the following correction, which contains the essence of your code: In test.cfm Here is Encrypted link: <a href="./TestCFC.cfc?method=TestFunc&EUDATA=#encryptedURLData#">Test Link</a>  In TestCFC.cfc <CFArgument name="EUData" required="yes">   ... View more

Thanks for the update, @matthewl20646694 .   Let me start by clearing up a misunderstanding. I did not suggest that you replace your request parameter of Key with "#generateSecretKey('AES')#​".  Your code generates the key in Application.cfm. The key is used in test.cfm. However, the suggestions I was going to give would be on test.cfm and TestCFC.cfc. As I said, I would ignore the Application.cfm. But the key it generates is needed to test the suggestions. Hence the use of the value "#generateSecretKey('AES')#​"., simply as a placeholder.   Nowhere in the suggestions did I think about "avoiding/working around the actual issue". The aim of the suggestions is to improve the code, irrespective of any underlying ColdFusion issues.      ... View more

We are not allowed to install and setup the CF environment so Infra team has setup the installation and code deployment, As per my obeservation, they replace the neo_datasource.xml and few other files copied from cf10 to cf24, this might cause the issue By @ponnada40 No problem, @ponnada40 . You can always pass our suggestions to your Infra team. ... View more

Thanks for clarifying, @matthewl20646694 . I now understand better what the issue is, and that it has been confirmed to be a bug..    That said, I still have some suggestions.  Use Application.cfc in place of Application.cfm. I don't fully understand what is going on in Application.cfm, but I can see that its contents are better suited to Application.cfc, as the CFC is event-driven. The code shows clearly that you want a function to run when a request to a predefined target page starts. With Application.cfc you can precisely time the occurrence of such an event.  I shall put the Application.cfm to one side. To enable me to proceed with the testing of test.cfm I shall replace #request.ParameterEncryptionKey#​ with #generateSecretKey('AES')#​  I think your test.cfm code example could benefit from some simplication. At the moment, too many different variables are bundled together in a single line. For example, the variable tmpURLData is compounded so often that, in the end, it's unclear what it stands for.  Therefore, it would help to separate the various variables involved. I shall do so in a moment.  Even though the data in tmpURLData is initially url-encoded, it is subsequently url-encoded, and again, unnecessarily. The purpose of the variable EUData is unclear. A remote CFC call should usually include, as a standard, the variable method=methodName . Whereas your first link does not. There the EUData value is something like EUData=#encrypted_string_that_has_been_encoded_for_URL#​ There is no method=TestFunc, which can be a problem. We therefore need to add it.  Apparently, EUData is central to what you want to do in the Application file. As you are already aware, ColdFusion has become stricter with regard to the remote calling of CFC methods.  If EUData must be in the remote call, then the function must explicitly have <CFArgument name="EUData" required="yes">​ And vice versa. The above suggestions result in the following test code: <--- TestCFC.cfc ---> <cfcomponent> <cffunction name="TestFunc" access="remote" output="yes" returntype="void"> <CFArgument name="EUData" required="yes"> <CFArgument name="Param1" required="no"> <CFArgument name="Param2" required="no"> <CFArgument name="DataExpiration" required="no"> <cfdump var="#arguments#" > </cffunction> </cfcomponent>​   <!--- test.cfm ---> <CFTry> <CFSet tmpURLData="Method=TestFunc&Param1=Test&DataExpiration=#encodeForURL(DateFormat(dateAdd('h', 1, NOW()), 'mm/dd/yyyy') & ' ' & timeFormat(dateAdd('h', 1, NOW()), 'HH:mm'))#"> <CFSet randomizedURLData="R=#randrange(100,999)#&#tmpURLData#"> <CFSet encryptedURLData = encrypt(randomizedURLData,"#generateSecretKey('AES')#",'AES', 'Base64')> <CFOutput> Here is Encrypted link: <a href="./TestCFC.cfc?method=TestFunc&EUDATA=#encryptedURLData#">Test Link</a><br> Here is Encrypted link with Extra Parameter: <a href="./TestCFC.cfc?#tmpURLData#&Param2=something&EUDATA=#encryptedURLData#">Test Link</a><br> Non Encrypted link: <a href="./TestCFC.cfc?Method=TestFunc&Param1=Test&EUDATA=#encryptedURLData#">Test Link</a><br> Non Encrypted link with Extra: <a href="./TestCFC.cfc?Method=TestFunc&Param1=Test&Param2=something&EUDATA=#encryptedURLData#">Test Link</a><br> </CFOutput> <br><br> <cfloop collection="#StructToSorted(server.system.properties,"text","asc")#" item="key"> <cfif key.startswith("coldfusion.") and not key is "coldfusion.classpath"> <cfif listfind("coldfusion.home,coldfusion.jsafe.defaultalgo,coldfusion.libPath,coldfusion.rootDir",key)>*</cfif> <cfoutput>#key# = #server.system.properties[key]#</cfoutput><br> </cfif> </cfloop> <CFCAtch type="any"> <CFdump var="#CFCatch#"> </CFCAtch> </CFTry>    ... View more

Result (in my test) of running test.cfm: Result of clicking on the link:         ... View more

The problem I see in your code example is that there is a base64-encoded string in the URL, instead of just  ?method=methodName&param1=param1Value&param2=param2Value The following version of your code works without any problem: test.cfm <cfset tmpURLData="Method=TestFunc&Param1=Test&DataExpiration=#encodeForURL(DateFormat(dateAdd("h", 1, NOW()), "mm/dd/yyyy") & " " & timeFormat(dateAdd("h", 1, NOW()), "HH:mm"))#"> <cfoutput> Here is a testing link: <a href="./TestCFC.cfc?#tmpURLData#">Test Link</a> </cfoutput>   TestCFC.cfc <cfcomponent> <cffunction name="TestFunc" access="remote" output="yes"> <CFArgument name="Param1" required="yes"> <CFArgument name="DataExpiration" required="yes"> <CFOutput>Found: #Arguments.Param1#</CFOutput> </cffunction> </cfcomponent> ... View more

The value of qry.end_date is "[empty string]".  Now, this I can see would not work well in a DateDiff() function.  But why did it work for so long, then suddenly start pushing [empty string] for a blank date? By @WolfShade Two words: ColdFusion updates. ColdFusion's updates strive to remove ambiguous or incorrect functionality from the language. Especially in recent years. So, what was ignored or allowed in a previous update might result in an error in the current update. ... View more

UPDATE:  The issue with the EPID hTHE as cleared itself up.  I changed no code regarding it.  No one has informed me that there was any config or settings change.  It just started working.  Focusing on the DateDiff issue. By @WolfShade I can guess why. It is in the nature of CGI variables that, if CGI.SOME_NONEXISTENT_VARIABLE_ABRACADABRA doesn't exist, then <cfoutput>#CGI.SOME_NONEXISTENT_VARIABLE_ABRACADABRA#</cfoutput> won't result in an error. That is because the value of the non-existent CGI variable is stored as "". So my guess is, sometimes cgi.SSL_CLIENT_S_DN_CN may not exist.  A suggestion follows immediately from there: before using the variable, validate with something like <cfif trim(cgi.SSL_CLIENT_S_DN_CN) is not ""> </cfif> ... View more

@ponnada40 , Thanks for the updates. I agree with you that this is a rare error. Your investigation shows that there is a fundamental mistake somewhere. By fundamental I mean a small mistake that has easily been overlooked.   For example,  What is the relation between the pages D:/web/live/mercury/view/facilities.cfm and D:\ABC\xyz.cfm? Do they both have the same cachedWithin-query? Do they run simultaneously or one after the other?  Open the Administrator of the particular ColdFusion instance. Go to the page Server Settings > Caching. Select EhCache as the caching engine. Press the button "Submit Changes", and restart the instance.    Run the code: <cfdump var="#CacheGetEngineProperties()#" > The result should be something like  4. Now, run the cachedWithin query once again. Does it now run without errors? ... View more

"Position 1 of the array doesn't exist" My guess is that sometimes cgi.SSL_CLIENT_S_DN_CN does not contain a ten-digit substring. You can verify this by using try/catch. In the following example, when the error occurs, the CGI scope is dumped - out of the user's sight - as an HTML file which you can examine later. <cftry> <cfset session.userepid = REMATCH("\d{10}",CGI.SSL_CLIENT_S_DN_CN)[1] /> <cfcatch type="any"> <cfdump var="#CGI#" label="CGI dump: implies CGI.SSL_CLIENT_S_DN_CN does not contain ten-digit substring" format="html" output="#server.coldfusion.rootDir#\logs\CGI.SSL_CLIENT_S_DN_CN.dump.html"> </cfcatch> </cftry> ​ Is cgi.SSL_CLIENT_S_DN_CN then what you expected Invalid date and datetime values The database may format dates and datetimes differently from your application. Even ColdFusion code based on different locales do represent dates differently.  So, I'd say the moral is: validate date values and datetime values before using them, especially if they're coming from another party Some relevant validation functions: IsDate IsValid LSIsDate   ... View more

Post-posting remark: I saw Charlie's post only after submitting mine. So there might inevitably be some duplication here and there. ... View more

We manually cleared the cache and uncheck all the cache options ... By @ponnada40 When you say that, I assume you have used cacheClear() to clear the cache and you have unchecked cache settings in the ColdFusion Administrator. I don't think these actions are necessary. That is because they are not related to the cache URL. The developer is not meant to access the cache URL. ColdFusion is itself responsible for instantiating the cache URL object internally. So, what could be the reason why the URL is null?   I suspect two possible causes:  The ColdFusion instance either misses the configuration file \{INSTANCE_NAME}\lib\ehcache.xml or the file is corrupted. I have provided a sample of the default file. You may use it to test (after restarting ColdFusion, of course).  Let's assume 1. is not the cause. Then there is a probably a bug in your ColdFusion 2023 build. Not likely, but not impossible either. If your build is not up to date, then consider installing the latest ColdFusion 2023 update (Update 16).  ... View more

@shann93d , your link has # at the end. What if you go to a link without the #?  This one: https://www.adobe.com/products/coldfusion/download-trial/try.html    Using it, I have just filled the form and have succeeded in downloading ColdFusion 2025 for Windows. ... View more

Hi dchan@gfc.state.ga.us , has the issue been resolved? If so, could you please provide a summary of the solution.  ... View more

Thanks for the update, dchan@gfc.state.ga.us . Comparing the screenshots, I wonder: could it be that the CC address is invalid? Something to test:  add -Dmail.smtp.sendpartial=true to java.args in ColdFusion’s jvm.config file. Then restart ColdFusion. [mail.smtp.sendpartial=true is a JavaMail system property that tells the SMTP transport: “If a message has multiple recipients and some are rejected by the SMTP server, still send the message to the valid ones instead of failing entirely.” By default, the property is false. Note that the setting will apply globally to all JavaMail operations (and therefore to all <cfmail> tags) in the ColdFusion instance.] ... View more

Suggestions:  Upgrade ColdFusion 2021 to the latest update level (Update 22). What you're facing just might be caused by a bug that has since been resolved. If that still doesn't help or if you are unable to update, then proceed to the next steps. Leave each undelivered e-mail unaltered or return any altered e-mail to its original state.  Change the username and password in the Administrator Mail Settings to match those in the undelivered mail.  Then try spooling.  ... View more

The cause of the issue is obviously the Java Java 17.0.16 that ColdFusion is using.*** So, the most likely solution is: Stop ColdFusion 2023. Uninstall the Java SE 17.0.16 that ColdFusion is currently using. Download Java SE 17.0.17 (LTS). Adobe has just added the download link to their site. Install it on your Windows 2022 server. Check the /{INSTANCE_NAME}/bin/jvm.config file in your ColdFusion installation. Make sure that the value of the java.home property is defined as java.home=C:\\Program Files\\Java\\jdk-21. ( I have assumed you used the default installation path, C:\Program Files\Java\jdk-21.) Restart Adobe ColdFusion 2023. *** The likely causes: 1.  Bitness: Double-check for 32/64-bit mismatches. Are Java, Wndows and ColdFusion all 64-bit? 2.  Native networking and socket shutdown issue: The error message tells us the original problem was in net.dll (the native networking library). This tells me that the crash is very likely triggered during cleanup of network resources (sockets, threads) when a ColdFusion instance stops or restarts. On restart, ColdFusion may not gracefully shut down threads and connectors. So if a socket is still in a weird state, the native layer will complain. 3.  Mismatch between Windows Server 2022 and JDK 17.0.16 or a bug in that specific native “net.dll” version: The native library version (on Windows Server 2022) plus how ColdFusion uses it might have hit a bug. 4.  Race conditions on restart: Does your application have persistent network jobs ("blocking" HTTP requests)? On restart there might be network resources (threads, sockets, timers) that are still active when the Java Virtual Machine or ColdFusion attempts to tear them down. The fact it always happens on restart is a strong clue that such a race condition may be involved. 5. External native interference: Antivirus, firewall, Windows network filter drivers, VPN/network adapter drivers and custom network libraries imported into ColdFusion may interfere with net.dll. So look into them.   ... View more

Hi @Mark Takata , Weezerboy meant "wait till the year 2026" rather than "wait till CF26". But your advice, that he already envisage a move to ColdFusion 2025 and ColdFusion 2026, remains good. ... View more

Here are some thoughts in addtion to those of @Brian__ and @Dave Watts . What are the security risks of running CF21 after November 10, 2025 with no more updates available? The risk is between High and Very High (on a risk-scale: Very Low - Low - Medium - High - Very High). Why? Because ColdFusion 2021 uses older JVM, Tomcat and libraries that themselves are end-of-life and carry vulnerabilities. Should I at least update to CF21 Update 22 before the EOL date? Yes. In fact, you should have a policy of implementing ColdFusion updates shortly after they appear. Is it feasible/safe to wait until 2026 for the CF23 migration, or should I accelerate this timeline? No, it is not safe to wait till 2026. Reason: Malicious ColdFusion hackers all around the world have marked the date November 10, 2025 on their calendar. They won't wait for you before going to work. So, accelerate the timeline. Upgrade as soon as is feasible to an up-to-date version of ColdFusion 2023.   Are there any compliance issues (PCI, HIPAA, etc.) with running an unsupported CF version? Yes. From November 11, 2025 onwards, your ColdFusion 2021 application will no longer be compliant with the requirements of PCI DSS (Payment Card Industry Data Security Standard) and HIPAA (Health Insurance Portability and Accountability Act). HIPAA requires that you apply regular security patches. PCI DSS Requirement 6,2 says: "Ensure that all system components and software are protected from known vulnerabilities by installing the applicable security patches provided by the manufacturer. Install critical security patches within a month."​ Hence, given the circumstances, my advice on the best path forward is to prioritize fast-tracking the migration to the latest update of ColdFusion 2023. ... View more