| Adobe ColdFusion | |
|---|---|
 | |
| Original author | J. J. Allaire |
| Developer | Adobe Systems Incorporated |
| Initial release | 1995; 31 years ago (1995) |
| Stable release(s) | |
| Written in | Java |
| Operating system | Cross-platform |
| Available in | English |
| Type | Application server |
| License | Proprietary |
| Website | adobe |
Adobe ColdFusion is a commercialrapid web-application development computing platform created byJ. J. Allaire in 1995.[3] (Theprogramming language used with that platform is also commonly called ColdFusion, though is more accurately known asCFML.) ColdFusion was originally designed to make it easier to connect simpleHTML pages to adatabase. By version 2 (1996) it had become a full platform that included anIDE in addition to a fullscripting language.
One of the distinguishing features of ColdFusion is its associated scripting language,ColdFusion Markup Language (CFML). CFML compares to the scripting components ofASP,JSP, andPHP in purpose and features, but its tag syntax more closely resemblesHTML, while its script syntax resemblesJavaScript.ColdFusion is often used synonymously withCFML, but there areadditional CFML application servers besides ColdFusion, and ColdFusion supports programming languages other than CFML, such as server-sideActionscript and embedded scripts that can be written in aJavaScript-like language known asCFScript.
Originally a product ofAllaire and released on July 2, 1995, ColdFusion was developed by brothersJoseph J. Allaire andJeremy Allaire. In 2001Allaire was acquired byMacromedia, which in turn was acquired byAdobe Systems Inc in 2005.
ColdFusion is most often used for data-drivenwebsites orintranets, but can also be used to generate remote services such asREST services,WebSockets,SOAPweb services orFlash remoting. It is especially well-suited as the server-side technology to the client-sideajax.
ColdFusion can also handle asynchronous events such asSMS andinstant messaging via its gateway interface, available in ColdFusion MX 7 Enterprise Edition.
ColdFusion provides a number of additional features out of the box. Main features include:
<CFINVOKEWEBSERVICE="http://host/tempconf.cfc?wsdl"METHOD="Celsius2Fahrenheit"TEMP="#tempc#"RETURNVARIABLE="tempf">[5])Other implementations of CFML offer similar or enhanced functionality, such as running in a.NET environment or image manipulation.
The engine was written in C and featured, among other things, a built-in scripting language (CFScript), plugin modules written in Java, and a syntax very similar to HTML. The equivalent to an HTML element, a ColdFusion tag begins with the letters "CF" followed by a name that is indicative of what the tag is interpreted to, in HTML. E.g. <cfoutput> to begin the output of variables or other content.
In addition to CFScript and plugins (as described), CFStudio provided a design platform with aWYSIWYG display. In addition to ColdFusion, CFStudio also supports syntax in other languages popular for backend programming, such as Perl. In addition to making backend functionality easily available to the non-programmer, (version 4.0 and forward in particular) integrated easily with theApache Web Server and withInternet Information Services.
All versions of ColdFusion prior to 6.0 were written using MicrosoftVisual C++. This meant that ColdFusion was largely limited to running onMicrosoft Windows, although Allaire did successfully port ColdFusion toSunSolaris starting with version 3.1.
TheAllaire company was sold toMacromedia, then Macromedia was sold toAdobe. Earlier versions were not as robust as the versions available from version 4.0 forward.[fact or opinion?]
With the release of ColdFusion MX 6.0, the engine had been re-written inJava and supported its own runtime environment, which was easily replaced through its configuration options with the runtime environment from Sun. Version 6.1 included the ability to code and debugMacromedia Flash.
Version 3, released in June 1997, brought custom tags, cfsearch/cfindex/cfcollection based on the Verity search engine, the server scope, and template encoding (called then "encryption"). Version 3.1, released in Jan 1998, added RDS support as well as a port to theSun Solaris operating system, while ColdFusion studio gained a live page preview and HTML syntax checker.
Released in Nov 1998, version 4 is when the name was changed from "Cold Fusion" to "ColdFusion" - possibly to distinguish it fromCold fusion theory. The release also added the initial implementation of cfscript, support for locking (cflock), transactions (cftransaction), hierarchical exception handling (cftry/cfcatch), sandbox security, as well as many new tags and functions, including cfstoredproc, cfcache, cfswitch, and more.
Version 4.5, released in Nov 1999, expanded the ability to access external system resources, including COM and CORBA, and added initial support for Java integration (including EJB's, Pojo's, servlets, and Java CFX's). IT also added the getmetricdata function (to access performance information), additional performance information in page debugging output, enhanced string conversion functions, and optional whitespace removal.
Version 5 was released in June 2001, adding enhanced query support, new reporting and charting features, user-defined functions, and improved admin tools. It was the last to be legacy coded for a specific platform, and the first release fromMacromedia after their acquisition ofAllaire Corporation, which had been announced January 16, 2001.
Prior to 2000, Edwin Smith, an Allaire architect on JRun and later theFlash Player, Tom Harwood and Clement Wong initiated a project codenamed "Neo".[6] This project was later revealed as a ColdFusion Server re-written completely usingJava. This made portability easier and provided a layer of security on the server, because it ran inside a Java Runtime Environment.
In June 2002 Macromedia released the version 6.0 product under a slightly different name, ColdFusion MX, allowing the product to be associated with both the Macromedia brand and its original branding. ColdFusion MX was completely rebuilt from the ground up and was based on theJava EE platform. ColdFusion MX was also designed to integrate well with Macromedia Flash using Flash Remoting.
With the release of ColdFusion MX, the CFML language API was released with anOOP interface.
With the release of ColdFusion 7.0 on February 7, 2005, the naming convention was amended, rendering the product name "Macromedia ColdFusion MX 7" (the codename for CFMX7 was "Blackstone"). CFMX 7 added Flash-based andXForms-based web forms, and a report builder that output inAdobe PDF as well asFlashPaper,RTF andExcel. The Adobe PDF output is also available as a wrapper to any HTML page, converting that page to a quality printable document. The enterprise edition also addedGateways. These provide interaction with non-HTTP request services such as IM Services, SMS, Directory Watchers, and an asynchronous execution. XML support was boosted in this version to include native schema checking.
ColdFusion MX 7.0.1 (codename "Merrimack") added support forMac OS X, improvements to Flash forms, RTF support for CFReport, the new CFCPRoxy feature for Java/CFC integration, and more. ColdFusion MX 7.0.2 (codenamed "Mystic") included advanced features for working with Adobe Flex 2 as well as more improvements for the CF Report Builder.
On July 30, 2007,Adobe Systems releasedColdFusion 8, dropping "MX" from its name.[7] During beta testing the codename used was "Scorpio" (the eighth sign of the zodiac and the eighth iteration of ColdFusion as a commercial product). More than 14,000 developers worldwide were active in the beta process - many more testers than the 5,000Adobe Systems originally expected. The ColdFusion development team consisted of developers based in Newton/Boston, Massachusetts and offshore in Bangalore, India.
Some of the new features are the CFPDFFORM tag, which enables integration withAdobe Acrobat forms, some image manipulation functions,Microsoft .NET integration, and the CFPRESENTATION tag, which allows the creation of dynamic presentations usingAdobe Acrobat Connect, the Web-based collaboration solution formerly known asMacromedia Breeze. In addition, the ColdFusion Administrator for the Enterprise version ships with built-in server monitoring. ColdFusion 8 is available on severaloperating systems includingLinux, Mac OS X andWindows Server 2003.
Other additions to ColdFusion 8 are built-inAjax widgets, file archive manipulation (CFZIP),Microsoft Exchange server integration (CFEXCHANGE), image manipulation including automaticCAPTCHA generation (CFIMAGE), multi-threading, per-application settings,Atom andRSS feeds, reporting enhancements, stronger encryption libraries, array and structure improvements, improved database interaction, extensive performance improvements, PDF manipulation and merging capabilities (CFPDF), interactive debugging, embedded database support withApache Derby, and a moreECMAScript compliant CFSCRIPT.
For development of ColdFusion applications, several tools are available: primarilyAdobe Dreamweaver CS4,Macromedia HomeSite 5.x, CFEclipse,Eclipse and others. "Tag updaters" are available for these applications to update their support for the new ColdFusion 8 features.
ColdFusion 9 (Codenamed:Centaur) was released on October 5, 2009. New features for CF9 include:
ColdFusion 10 (Codenamed: Zeus) was released on May 15, 2012. New or improved features available in all editions (Standard, Enterprise, and Developer) include (but are not limited to):
Additional new or improved features in ColdFusion Enterprise or Developer editions include (but are not limited to):
The lists above were obtained from the Adobe web site pages describing "new features", as listed first in the links in the following list.
CF10 was originally referred to by the codename Zeus, after first being confirmed as coming by Adobe atAdobe MAX 2010, and during much of its prerelease period. It was also commonly referred to as "ColdFusion next" and "ColdFusion X" in blogs, on Twitter, etc., before Adobe finally confirmed it would be "ColdFusion 10". For much of 2010, ColdFusion Product Manager Adam Lehman toured the US setting up countless meetings with customers, developers, and user groups to formulate a master blueprint for the next feature set. In September 2010, he presented the plans to Adobe where they were given full support and approval by upper management.[8]
The first public beta of ColdFusion 10 was released via Adobe Labs on 17 February 2012.
ColdFusion 11 (Codenamed: Splendor) was released on April 29, 2014.
New or improved features available in all editions (Standard, Enterprise, and Developer) include:
ColdFusion 11 also removed many features previously identified simply as "deprecated" or no longer supported in earlier releases. For example, the CFLOG tag long offered date and time attributes which were deprecated (and redundant, as the date and time is always logged). As of CF11, their use would not cause the CFLOG tag to fail.
Adobe ColdFusion (2016 release), Codenamed: Raijin (and also known generically as ColdFusion 2016) was released on February 16, 2016.
New or improved features available in all editions (Standard, Enterprise, and Developer) include:
Adobe ColdFusion (2018 release), known generically as ColdFusion 2018, was released on July 12, 2018.[9] ColdFusion 2018 was codenamed Aether during prerelease.[10]
As of March 2023, Adobe had released 16 updates[11] for ColdFusion 2018.
New or improved features available in all editions (Standard, Enterprise, and Developer) include:[12]
Adobe ColdFusion (2021 Release) was released on Nov 11th, 2020. ColdFusion 2021 was code named Project Stratus during pre-release.
New or improved features available in all editions (Standard, Enterprise, and Developer) include:
Adobe released ColdFusion 2023 on May 17, 2023. ColdFusion 2023 was code named Project Fortuna during pre-release.
New features available are as follows:[13]
Adobe released ColdFusion 2025 on February 25, 2025. ColdFusion 2025 was referred to simply as "cfnext" during pre-release.
In Sep 2017, Adobe announced the roadmap anticipating releases in 2018 and 2020.[14] Among the key features anticipated for the 2016 release were a new performance monitor, enhancements to asynchronous programming, revamped REST support, and enhancements to the API Manager, as well as support for CF2016 projected into 2024. As for the 2020 release, the features anticipated at that time (in 2017) were configurability (modularity) of CF application services, revamped scripting and object-oriented support, and further enhancements to the API Manager.
ColdFusion can generatePDF documents using standard HTML (i.e. no additional coding is needed to generate documents for print). CFML authors place HTML and CSS within a pair of cfdocument tags (or new in ColdFusion 11, cfhtmltopdf tags). The generated document can then either be saved to disk or sent to the client's browser. ColdFusion 8 introduced also the cfpdf tag to allow for control over PDF documents including PDF forms, and merging of PDFs. These tags however do not use Adobe's PDF engine but cfdocument uses a combination of the commercial JPedal Java PDF library and the free and open source Java libraryiText. The library used by cfhtmltopdf since cf11 has been an embeddedWebKit IMPLEMENTATION.[15] Since cf2023, Adobe has licensed PDFReactor to be the default engine underlying cfhtmltopdf.
ColdFusion was originally not anobject-oriented programming language likePHP versions 3 and below. ColdFusion falls into the category of OO languages that do not supportmultiple inheritance (along with Java, Smalltalk, etc.).[16] With the MX release (6+), ColdFusion introduced basic OO functionality with thecomponent language construct which resembles classes in OO languages. Eachcomponent may contain any number of properties and methods. One component may also extend another (Inheritance). Components only support single inheritance. Object handling feature set and performance enhancing has occurred with subsequent releases. With the release of ColdFusion 8, Java-styleinterfaces are supported. ColdFusion components use the file extensioncfc to differentiate them from ColdFusion templates (.cfm).
Component methods may be made available as web services with no additional coding and configuration. All that is required is for a method's access to be declared 'remote'. ColdFusion automatically generates aWSDL at the URL for the component in this manner: http://path/to/components/Component.cfc?wsdl. Aside from SOAP, the services are offered in Flash Remoting binary format.
Methods which are declared remote may also be invoked via an HTTP GET or POST request. Consider the GET request as shown.
http://path/to/components/Component.cfc?method=search&query=your+query&mode=strict
This will invoke the component's search function, passing "your query" and "strict" as arguments.
This type of invocation is well-suited forAjax-enabled applications. ColdFusion 8 introduced the ability to serialize ColdFusion data structures toJSON for consumption on the client.
The ColdFusion server will automatically generate documentation for a component if you navigate to its URL and insert the appropriate code within the component's declarations. This is an application of component introspection, available to developers of ColdFusion components. Access to a component's documentation requires a password. A developer can view the documentation for all components known to the ColdFusion server by navigating to the ColdFusion URL. This interface resembles theJavadoc HTML documentation for Java classes.
ColdFusion provides several ways to implement custommarkup language tags, i.e. those not included in the core ColdFusion language. These are especially useful for providing a familiar interface for web designers and content authors familiar with HTML but notimperative programming.
The traditional and most common way is using CFML. A standard CFML page can be interpreted as a tag, with the tag name corresponding to the file name prefixed with "cf_". For example, the file IMAP.cfm can be used as the tag "cf_imap". Attributes used within the tag are available in the ATTRIBUTES scope of the tag implementation page. CFML pages are accessible in the same directory as the calling page, via a special directory in the ColdFusion web application, or via a CFIMPORT tag in the calling page. The latter method does not necessarily require the "cf_" prefix for the tag name.
A second way is the developments of CFX tags using Java or C++. CFX tags are prefixed with "cfx_", for example "cfx_imap". Tags are added to the ColdFusion runtime environment using the ColdFusion administrator, where JAR or DLL files are registered as custom tags.
Finally, ColdFusion supports JSP tag libraries from the JSP 2.0 language specification. JSP tags are included in CFML pages using the CFIMPORT tag.
The standard ColdFusion installation allows the deployment of ColdFusion as aWAR file orEAR file for deployment to standalone application servers, such asMacromedia JRun, and IBMWebSphere. ColdFusion can also be deployed to servlet containers such asApache Tomcat andMortbay Jetty, but because these platforms do not officially support ColdFusion, they leave many of its features inaccessible. As of ColdFusion 10Macromedia JRun was replaced byApache Tomcat.
Because ColdFusion is a Java EE application, ColdFusion code can be mixed with Java classes to create a variety of applications and use existing Java libraries. ColdFusion has access to all underlying Java classes, supports JSP custom tag libraries, and can access JSP functions after retrieving the JSP page context (GetPageContext()).
Prior to ColdFusion 7.0.1, ColdFusion components could only be used by Java or .NET by declaring them as web services. However, beginning in ColdFusion MX 7.0.1, ColdFusion components can now be used directly within Java classes using the CFCProxy class.[17]
Recently, there has been much interest in Java development using alternate languages such asJython,Groovy andJRuby. ColdFusion was one of the first scripting platforms to allow this style of Java development.
ColdFusion 8 natively supports.NET within the CFML syntax. ColdFusion developers can simply call any .NET assembly without needing to recompile or alter the assemblies in any way. Data types are automatically translated between ColdFusion and .NET (example: .NET DataTable → ColdFusion Query).
A unique feature for a Java EE vendor, ColdFusion 8 offers the ability to access .NET Assemblies remotely through proxy (without the use of.NET Remoting). This allows ColdFusion users to leverage .NET without having to be installed on a Windows operating system.
Theinitialism for the ColdFusion Markup Language isCFML. When ColdFusion templates are saved to disk, they are traditionally given the extension .cfm or .cfml. The .cfc extension is used for ColdFusion Components. The original extension was DBM or DBML, which stood for Database Markup Language. When talking about ColdFusion, most users use the acronym CF and this is used for numerous ColdFusion resources such as user groups (CFUGs) and sites.
CFMX is the common abbreviation for ColdFusion versions 6 and 7 (a.k.a. ColdFusion MX).
ColdFusion originated as proprietary technology based on Web technology industry standards. However, it is becoming a less closed technology through the availability of competing products. Such alternative products include :
These are discontinued or down :
The argument can be made that ColdFusion is even less platform-bound than raw Java EE or .NET, simply because ColdFusion will run on top of a .NET app server (New Atlanta), or on top of any servlet container or Java EE application server (JRun,WebSphere,JBoss,Geronimo,Tomcat,Resin Server,Jetty (web server), etc.). In theory, a ColdFusion application could be moved unchanged from a Java EE application server to a .NET application server.
In March 2013, a known issue affecting ColdFusion 8, 9 and 10 left theNational Vulnerability Database open to attack.[18] The vulnerability had been identified and a patch released by Adobe for CF9 and CF10 in January.[19]
In April 2013, a ColdFusion vulnerability was blamed byLinode for an intrusion into the Linode Manager control panel website.[20] A security bulletin andhotfix for this had been issued by Adobe a week earlier.[21]
In May 2013, Adobe identified another critical vulnerability, reportedly already being exploited in the wild, which targets all recent versions of ColdFusion on any servers where the web-based administrator and API have not been locked down. The vulnerability allows unauthorized users to upload malicious scripts and potentially gain full control over the server.[22] A security bulletin andhotfix for this was issued by Adobe 6 days later.[23]
In April 2015, Adobe fixed across-site scripting (XSS) vulnerability[24]in Adobe ColdFusion 10 before Update 16, and in ColdFusion 11 before Update 5,that allowed remote attackers to inject arbitrary web script or HTML;[25] however, it's exploitable only by users who have authenticated through the administration panel.[26]
In September 2019, Adobe fixed two command injection vulnerabilities (CVE-2019-8073[27]) that enabled arbitrary code and an alleyway traversal (CVE-2019-8074[28]).
