Whatever message this page gives is out now! Go check it out!
Adobe ColdFusion 2025.0.08 release notes
Last update:
May 18, 2026
Bug fixes and known issues in ColdFusion 2025.0.08
ColdFusion 2025.0.08 delivers native AI and LLM integration with a unified multi-provider framework, Model Context Protocol support for building and consuming AI tool interfaces, vector stores, and RAG for grounding AI in your own content, passwordless passkey authentication, a rebuilt VS Code extension with Linux and Docker support, AI services monitoring in PMT, and significant language improvements, including native Sets, async enhancements, and Java interoperability.
See What's new in ColdFusion 2025.0.08 for more information.
Bug fixes in the release
| Bug ID | Description | Component |
|---|---|---|
| CF-4230826 | ColdFusion 2025 could fail to start when a Java agent was attached and the JRE bin directory was not available in the system PATH. | Installation/Config |
| CF-4229926 | Query of Queries handled null values inconsistently for varchar columns. Conditions such as IS NULL and IS NOT NULL did not correctly match null string values, creating different behavior from integer columns and from prior ColdFusion versions. | Database : Query-of-Query (IMQ) |
| CF-4227568 | Per-application MySQL datasource setup incorrectly depended on the GraphQL Client package. A datasource configuration flow that should have worked independently failed unless an unrelated package was installed. | Core Runtime : Application |
| CF-4227376 | Remote function calls broke when applications decrypted or rewrote query-string parameters during request processing. This caused required arguments to appear missing even though applications were populating them before the remote method was expected to run. | Core Runtime |
| CF-4227359 | Administrator users authenticated through AD/LDAP groups could log in but still lose access to parts of the Administrator. Some menus triggered errors or unexpected logouts, making group-based admin access unreliable after the update. | Administrator : UserManager - LDAP |
| CF-4227121 | Files stored in ram:/// could not be uploaded directly to Amazon S3. Uploads failed when the source file came from ColdFusion's in-memory file system, forcing users to move files to disk as a workaround. | Cloud Service : Amazon S3 Storage |
| CF-4226969 | querySlice() dropped the original column type metadata from sliced query results. This caused problems in downstream use cases that depended on datatype preservation, including serialization and metadata-aware processing. | Language : Query Functions |
| CF-4226965 | Static variables did not work correctly in tag-based cfcomponent definitions. Code that should have allowed static member access in tag-based components either failed outright or behaved inconsistently compared with script-based components. | Language : CF Component |
| CF-4226870 | ColdFusion treated valid SendGrid API keys as invalid encoded input, preventing successful mail configuration and delivery. | ColdFusion Package : Mail |
| CF-4226604 | ActiveMQ Event Gateway instances failed to start with missing JMS-related class errors. | Event Gateway |
| CF-4226391 | Changing the default scripts directory could break AJAX package handling. This caused startup-time errors and package installation issues in hardened or lockdown-style deployments that used a custom scripts path. | AJAX |
| CF-4225888 | MongoDB autogenerated _id ObjectIds were not handled correctly across key operations. | Database : NoSQL (MongoDB) |
| CF-4225873 | Settings Summary in the ColdFusion Administrator could error out on J2EE deployments after recent updates. This affected JBoss EAP deployments and disrupted expected Administrator reporting behavior. | Administrator : Administrator Console |
| CF-4225872 | NoSQL datasource validation in the ColdFusion Administrator could report success even when MongoDB credentials or authentication settings were wrong. | Database : NoSQL |
| CF-4225567 | Solr basic authentication could break collection access in the ColdFusion Administrator and cause cfsearch and cfindex operations to fail. After enabling Solr Basic Auth, collections could disappear, collection detail pages could throw errors such as Element LANGUAGE is undefined in GETCOLLECTIONINFO, and search/index operations could incorrectly report that existing collections did not exist. | Text Search : Solr |
| CF-4225356 | Online activation could fail on HTTPS-only JEE deployments such as WebLogic, causing valid serial numbers to be rejected as invalid. | Installation/Config : Licensing and Activation |
| CF-4225202 | The Maintain connection to mail server option in ColdFusion Administrator could appear to save successfully even though the setting did not persist. | Administrator |
| CF-4225089 | SFTP connections could fail during cipher negotiation when connecting to servers that only supported older cipher suites. | Net Protocols : FTP |
| CF-4225082 | SFTP connections could stop working after ColdFusion updates when target servers depended on older host key, key exchange, or SHA-1 based algorithms. | Net Protocols : FTP |
| CF-4224932 | The ColdFusion Administrator log viewer could truncate multiline log messages and hide the most important part of an error. | Administrator |
| CF-4224862 | Query of Queries could mis-handle datatypes after sorting, causing newly added varchar columns to be treated as integers. When a query had been sorted with fully qualified column names, later calls such as QueryAddColumn or querySetCell could fail with DataTypeMismatchException instead of accepting string values. | Database : CFQuery |
| CF-4224144 | Updating ColdFusion 2021 could break PDFgServlet by removing a required Bouncy Castle library from the PDFg service. After the update, PDF service verification could fail, the Administrator could report that no service manager was available, and PDFgServlet requests could return 500 errors until the missing JAR was restored. | Document Management : PDFg Service |
| CF-4223960 | cfpdfform could stop populating XFA-based PDF forms when XML data was used as the input source. | Document Management : PDF Form |
| CF-4223789 | Scheduler task errors could be swallowed when an application defined Application.cfc onError(). In that scenario, task-level onError handlers were not invoked correctly, application-level error handling became inconsistent, and failures could disappear without reaching expected logs. | Scheduler |
| CF-4222566 | Changing, re-enabling, or reconnecting a PDF service in ColdFusion Administrator could leave cfhtmltopdf unable to generate PDFs until the service manager was manually reset. | Document Management : PDF Generation (CFHTML2PDF) |
| CF-4221899 | cfoauth did not return the full token payload after exchanging an authorization code for an access token. | Social : OAuth Login |
| CF-4221716 | The Administrator update page could misleadingly show the currently installed core update inside the Available Versions dropdown. | Administrator |
| CF-4221426 | Applying updates from ColdFusion Administrator could stall when Preserve case of structure keys for serialization was enabled. The UI could remain stuck at Starting Download... or fail to progress correctly. | ColdFusion Packages : Update Workflow |
| CF-4221319 | ColdFusion could display a persistent StAX dialect warning at startup even though the underlying Axis/StAX components were present. | ColdFusion Package : Axis |
| CF-4212507 | CFGrid could fail when the bind attribute contained a mix of bound and unbound parameters in ColdFusion 2018 and 2021. | AJAX : UI Components |
| CF-4210061 | SerializeJSON could return incorrect data types in ColdFusion 2016 and 2018 across all updates. When serializing component data, values such as booleans and numerics could be converted into strings instead of preserving their original types. This caused serialized output to misrepresent values like true, false, and 1 as "true", "false", and "1", creating inconsistent behavior between CFML and CFSCRIPT components and breaking consumers that expected correct JSON datatypes. | Language : Serialization |
| CF-4206491 | Scheduled tasks using Daily, Weekly, or cron intervals could run successfully without updating the Last Run value in ColdFusion Administrator. This made task execution history appear incorrect in the Administrator UI. | Scheduler |
| CF-4205342 | cfindex action="status" could fail to populate the status variable for Solr collections. This caused the requested status output to remain undefined instead of returning collection information. | Text Search : Solr Integration |
| CF-3806744 | Query of Queries could change nvarchar columns to varchar in the returned recordset. This caused later cfqueryparam comparisons using cf_sql_datatype="nvarchar" to fail instead of working with the original datatype. | Database |
| CF-4224692 | Numeric input fields in the ColdFusion Administrator could be too narrow to display their full values clearly. On several Admin pages, fields intended to hold numeric settings could visually truncate entered values even when the configured size and maxlength should have allowed them to fit, making it harder to review or confirm large numeric settings accurately. | Administrator |
| CF-4221885 | ColdFusion lacked native support for consuming streaming HTTP API responses. Applications using cfhttp could call standard APIs, but had no practical built-in way to process streamed responses incrementally, which made it difficult to work with APIs that return data as a live stream instead of a complete response payload. | HTTP |
| CF-4211622 | Session storage in ColdFusion did not support clustered Redis configurations. Although clustered Redis could be used for caching, the same deployment model was not supported for Redis-backed session storage in the Administrator. | Runtime |
| CF-4205096 | Query of Queries could miscalculate subtraction expressions with three operands. Expressions like qtyOnHand - qty1 - qty2 could return incorrect results unless parentheses were added. | Database |
Known issues in the release
- Creating an MCP client with STDIO transport may fail with a security-validation error. This occurs when the STDIO
argsarray includes a Windows file path, such as a JAR path passed tojava -jar, for exampleC:\path\to\file.jar. Using a backslash in the "args" configuration when using the STDIO transportConfig in MCPClient results in a "Detected shell metacharacter" error. As a workaround, use a forward slash in the path. - The in-memory built-in embedding model used by
vectorStore()does not work as expected on macOS, particularly on macOS ARM64. This impacts the default in-memory embedding flow when vectorStore() is used without an explicit embedding-model configuration on macOS. - When ColdFusion sandbox security is enabled, AI feature requests that rely on outbound HTTP callsm such as MCP client tool calls to CF-based MCP server, can behave unexpectedly with sandbox-related URLPermission access-denied errors.
- In WAR deployments, CreateObject("component","cfide.adminapi.security") can fail after applying an update because the lowercase cfide path is not resolved as expected. Requests that instantiate the Admin API security component may fail with an error similar to:
Could not find the ColdFusion component or interface ... /cfide/adminapi/security.cfc - The Config Alias field under AI Services configurations does not currently accept Japanese or other multibyte characters. When entering Japanese characters in the Config Alias field, validation fails with an error like:
Config alias must contain only alphanumeric characters, underscores, and hyphens. - The ColdFusion Administrator homepage search does not currently return results for “Settings” under the Security tile. Searching from the ColdFusion Administrator homepage for Settings does not return the expected Security-related result.
- The ColdFusion Administrator homepage search does not currently return results for the AI Services tile or its related tabs/pages.
- In the ColdFusion Administrator, the AI Services module is not fully localized for the Japanese locale. The module’s tabs and associated UI content can remain in English.
- In the ColdFusion Administrator RAG UI, ingestion activity is currently shared across multiple open Administrator windows, which can cause inconsistent progress behavior and prevent users from starting an independent ingestion from a second window.
- The cfzip tag may introduce an internal file value into the variables scope, so functions that use an argument named file should reference it with explicit scoping such as arguments.file to ensure consistent behavior.
- In ColdFusion 2025, REST requests can interact differently with Application.cfc event handlers than in ColdFusion 2021 and 2023. onRequestStart() may run, followed by onRequestEnd(), and only then the REST CFC method is invoked. Exceptions raised inside the REST CFC method may not be handled by Application.cfc.onError().
We're glad. Tell us how this page helped.
We're sorry. Can you tell us what didn't work for you?
Share additional feedback to help us improve.
0/255
|
