CF Camp Notes: Hidden Gems in ColdFusion 11, Charlie Arehart
October 22, 2014
Hidden Gems in ColdFusion 11, Charlie Arehart
Not discussing everything in CF11, just things that don't get much PR
There's no single document that lists all the new features, that makes it hard to find them.
Don't miss the docs:
wikidocs.adobe/com/wiki/display/coldfusionen/
Adobe ColdFusion CFML Reference (>3000 pages!)
Developing Adobe ColdFUsion Applications (>2000 pages!)
Installing Adobe ColdFusion (~100 pages)
Configuring and Adminstering ColdFusion (215 pages)
(New) Mobile Application Development (72 pages)
docs are updated with every release of CF.
More resources on what's new --
first chapter of the first 2 books have a "what's new" section
There's a "release notes" guide generally too. Not as substantial as they used to be tho.
new "secure profile" added in CF10
in 11, you can enable/disable it via the Admin (in 10 you could only do this via Installation)
if you turn "secure profile" on, it modifies how CFlocation works
new page in Admin shows you the ~20 settings that are affected by this profile
3 cols - what is, would be and was this setting.
New option to expose pdfg/solr as a service.
There's a new "expression" edition too.
intended to make it easier to get CF without having to run a full installer
offered as an EAR or ZIP file.
don't have to run the installer
Install instructions are in the CF manual
NOT INTENDED FOR PRODUCTION
-all debugging settings are enabled by default
-you can't add a license key to this, it's been disabled.
doesn't include Solr, .net integration, remote integration, pdf generation (each of those is a separate "service") but they can be downloaded separately.
the point of Express is there are no "extra" things.
Can now have more than 1 Admin logged in at the same time. Used to be only 1 person.
-Configurable in admin Security page
-Allow Admin API setAllowConcurrentAdminLogin, isAllowConcurrentAdminLogin
Can how specify EITHER sticky sessions, OR replication, OR both
Server updates feature --
in 10, when you ran an update, last step was restarting CF so it could apply the update. then it'd automatically refresh itself after about 30 seconds. if it was back up, you'd see the login screen. if it DIDN'T come up then the refresh would cause an error saying "CF isn't running". Used to have to hit the refresh button (it was a fake "error" if CF took LONGER than 30 seconds to run).
NOW they have a thing that checks in a loop to see if/when CF is back up and running. So the server update is a bit cleaner now.
Security enhancements --
if you enable this CFLocation does NOT automatically include AddToken="yes" as the default.
new admin api methods: enableSEcurePriflie, disableSecureprofile, getAllSecureProfileSettingsInArray
Antisamy
new isSafeHTML, getSafeHTML, etc
there's a policy file you can edit to tweak this to your liking too.
new generatepbkd2key function
"derive a crypto strong random key of any desired size from the hum any manageable password or passphrase"
CFmail supports encrypted email
JVM included w/ cf11 IS 1.7.0_55 (you can update to a more recent one).
the 1.7.0_56 is an important update, so it's recommended that you update to that one.
cfhttp
can now call Window Auth / NTLM pages
couldn't do this before cf11
new authtype="ntlm" attribute
new XML / XPath encoding functions
CFLogin changed w/ respect to CF Admin
under the covers, CF Admin uses CF Login
CF Login is what used to have the "single login" issue that affected CF Admin
new allowConcurrent on cflogin; session attr on CFLogout
CFInclude change
can now limit what file extensions can be CFlincluded
can set in CF admin or in application cfc/cfm
Language enhancements -- new tags
cfhtmltopdf
no longer Windows-only (different from the Beta version)
this is the "pixel perfect" tag for making PDFs
new IMAP filter (cfimapfilter)
cfoauth
cf_socialplugin
custom tag
creates "like" buttons, etc.
new functions
ArrayMap, Reduce
Can DeSerialize
CanSerialize
StructMap
STructReduce
etc
Member functions --
[1,2,3].foo()
Full cfscript parity with tags -- should be 100% of what you can do in CFML
new Elvis operator ?:
built-in functions as first-class objects
new settings in application.cfc
app specific datasources
was in CF5, then gone in 6, now it's back in 11
datasources[]array
structNumberValidation - to change new default of stricter validation
complexexforinclude - to control that cfinclude allowed list
customSErialize - to support new rest CUSTOM SERIALIZATION
ETC
some old features are not just deprecated but are "obsolete", they've been dropped and are no longer usable
mostly old attributes but some tags too -- cfgraph, cfservlet
page called "deprecated features"
things now supported in CF Standard that used to be only in CF Enterprise --
CF archive (car) mechanism (to move CF admin settings from server to server)
- datasources, all the admin settings, SOME admin settings, etc.
secure sandbox (to lockdown what code in different directories can do).
Limits on Web Sockets are gone now too
CF 10 limited # of web sockets yo could have
HTML5 Charts
Some features ARE Enterprise-only
PDF signatures
Full DDX Support
Websocket cluster support
CFHTMLtoPDF Cluster Support
There's a guide on "edition differences" available at the Adobe website.
Gotchas --
have to switch from CFDocument to CFHTMLtoPDF to get the new pixel perfect output.
-- note that cfhtmltopdf stops page processing (Charlie found this).
CF10 had intro'd new access log, tracking every request
-- Provided via Tomcat AccessValue
(not enabled by default in cf11)
Charlie's talk "what's new and different about CF10 on Tomcat" for more info on this stuff.
Minor change in cfhttp
it appends the port to the URL even if it's port 80.
Google don'ts like this, some other sites maybe too
can override it with a cfhttpparam setting to get around it
Bugs -- yes there are some bugs
has been a CF11 update, addressed some very important bugs, especially if you're on IIS and REBUILD YOUR CONNECTOR
if you changed ANY setting in IIS THE application pool locked up.
there's an article on carehart.org with more info on this.
Update 2 came out this week -- mostly a security update.
Another update planned soon
update 14 for cf10, those fixes haven't been added to cf11 yet
To get unreleased patches listed there, email cfinstal@adobe.com (yes it's one L, that's not a typo)
bugbase.adobe.com/index.cfm
Other things --
CF9 support ends at the end of 2014
CF10 installers were gone but that's because of a legal issue with something in the installer. 10 is still supported, it's just that the installer isn't available.
Can still find them in other places
gpickin.com/cfrepo/
or tinyurl.com/cfdownloads2
Amazon AMI's have been updated
CF Builder 3 --
vastly different
ripped out Aptana, made it faster
automatic update/notification so you can stay up to date (already been 3 updates to Builder 3)
new templateing feature
and it runs on linux now too
CFBuilder LIcenses are included with ColdFusion server licenses.
Other resources --
blogs.coldfusion.com
Akbar Sait's site has a ton of CF links and resources
akbarsait.com
Charlie's slides are available at PDF of my slides at carehart.org/presentations
Not discussing everything in CF11, just things that don't get much PR
There's no single document that lists all the new features, that makes it hard to find them.
Don't miss the docs:
wikidocs.adobe/com/wiki/display/coldfusionen/
Adobe ColdFusion CFML Reference (>3000 pages!)
Developing Adobe ColdFUsion Applications (>2000 pages!)
Installing Adobe ColdFusion (~100 pages)
Configuring and Adminstering ColdFusion (215 pages)
(New) Mobile Application Development (72 pages)
docs are updated with every release of CF.
More resources on what's new --
first chapter of the first 2 books have a "what's new" section
There's a "release notes" guide generally too. Not as substantial as they used to be tho.
new "secure profile" added in CF10
in 11, you can enable/disable it via the Admin (in 10 you could only do this via Installation)
if you turn "secure profile" on, it modifies how CFlocation works
new page in Admin shows you the ~20 settings that are affected by this profile
3 cols - what is, would be and was this setting.
New option to expose pdfg/solr as a service.
There's a new "expression" edition too.
intended to make it easier to get CF without having to run a full installer
offered as an EAR or ZIP file.
don't have to run the installer
Install instructions are in the CF manual
NOT INTENDED FOR PRODUCTION
-all debugging settings are enabled by default
-you can't add a license key to this, it's been disabled.
doesn't include Solr, .net integration, remote integration, pdf generation (each of those is a separate "service") but they can be downloaded separately.
the point of Express is there are no "extra" things.
Can now have more than 1 Admin logged in at the same time. Used to be only 1 person.
-Configurable in admin Security page
-Allow Admin API setAllowConcurrentAdminLogin, isAllowConcurrentAdminLogin
Can how specify EITHER sticky sessions, OR replication, OR both
Server updates feature --
in 10, when you ran an update, last step was restarting CF so it could apply the update. then it'd automatically refresh itself after about 30 seconds. if it was back up, you'd see the login screen. if it DIDN'T come up then the refresh would cause an error saying "CF isn't running". Used to have to hit the refresh button (it was a fake "error" if CF took LONGER than 30 seconds to run).
NOW they have a thing that checks in a loop to see if/when CF is back up and running. So the server update is a bit cleaner now.
Security enhancements --
if you enable this CFLocation does NOT automatically include AddToken="yes" as the default.
new admin api methods: enableSEcurePriflie, disableSecureprofile, getAllSecureProfileSettingsInArray
Antisamy
new isSafeHTML, getSafeHTML, etc
there's a policy file you can edit to tweak this to your liking too.
new generatepbkd2key function
"derive a crypto strong random key of any desired size from the hum any manageable password or passphrase"
CFmail supports encrypted email
JVM included w/ cf11 IS 1.7.0_55 (you can update to a more recent one).
the 1.7.0_56 is an important update, so it's recommended that you update to that one.
cfhttp
can now call Window Auth / NTLM pages
couldn't do this before cf11
new authtype="ntlm" attribute
new XML / XPath encoding functions
CFLogin changed w/ respect to CF Admin
under the covers, CF Admin uses CF Login
CF Login is what used to have the "single login" issue that affected CF Admin
new allowConcurrent on cflogin; session attr on CFLogout
CFInclude change
can now limit what file extensions can be CFlincluded
can set in CF admin or in application cfc/cfm
Language enhancements -- new tags
cfhtmltopdf
no longer Windows-only (different from the Beta version)
this is the "pixel perfect" tag for making PDFs
new IMAP filter (cfimapfilter)
cfoauth
cf_socialplugin
custom tag
creates "like" buttons, etc.
new functions
ArrayMap, Reduce
Can DeSerialize
CanSerialize
StructMap
STructReduce
etc
Member functions --
[1,2,3].foo()
Full cfscript parity with tags -- should be 100% of what you can do in CFML
new Elvis operator ?:
built-in functions as first-class objects
new settings in application.cfc
app specific datasources
was in CF5, then gone in 6, now it's back in 11
datasources[]array
structNumberValidation - to change new default of stricter validation
complexexforinclude - to control that cfinclude allowed list
customSErialize - to support new rest CUSTOM SERIALIZATION
ETC
some old features are not just deprecated but are "obsolete", they've been dropped and are no longer usable
mostly old attributes but some tags too -- cfgraph, cfservlet
page called "deprecated features"
things now supported in CF Standard that used to be only in CF Enterprise --
CF archive (car) mechanism (to move CF admin settings from server to server)
- datasources, all the admin settings, SOME admin settings, etc.
secure sandbox (to lockdown what code in different directories can do).
Limits on Web Sockets are gone now too
CF 10 limited # of web sockets yo could have
HTML5 Charts
Some features ARE Enterprise-only
PDF signatures
Full DDX Support
Websocket cluster support
CFHTMLtoPDF Cluster Support
There's a guide on "edition differences" available at the Adobe website.
Gotchas --
have to switch from CFDocument to CFHTMLtoPDF to get the new pixel perfect output.
-- note that cfhtmltopdf stops page processing (Charlie found this).
CF10 had intro'd new access log, tracking every request
-- Provided via Tomcat AccessValue
(not enabled by default in cf11)
Charlie's talk "what's new and different about CF10 on Tomcat" for more info on this stuff.
Minor change in cfhttp
it appends the port to the URL even if it's port 80.
Google don'ts like this, some other sites maybe too
can override it with a cfhttpparam setting to get around it
Bugs -- yes there are some bugs
has been a CF11 update, addressed some very important bugs, especially if you're on IIS and REBUILD YOUR CONNECTOR
if you changed ANY setting in IIS THE application pool locked up.
there's an article on carehart.org with more info on this.
Update 2 came out this week -- mostly a security update.
Another update planned soon
update 14 for cf10, those fixes haven't been added to cf11 yet
To get unreleased patches listed there, email cfinstal@adobe.com (yes it's one L, that's not a typo)
bugbase.adobe.com/index.cfm
Other things --
CF9 support ends at the end of 2014
CF10 installers were gone but that's because of a legal issue with something in the installer. 10 is still supported, it's just that the installer isn't available.
Can still find them in other places
gpickin.com/cfrepo/
or tinyurl.com/cfdownloads2
Amazon AMI's have been updated
CF Builder 3 --
vastly different
ripped out Aptana, made it faster
automatic update/notification so you can stay up to date (already been 3 updates to Builder 3)
new templateing feature
and it runs on linux now too
CFBuilder LIcenses are included with ColdFusion server licenses.
Other resources --
blogs.coldfusion.com
Akbar Sait's site has a ton of CF links and resources
akbarsait.com
Charlie's slides are available at PDF of my slides at carehart.org/presentations