ColdFusion 9 Released

ColdFusion 9 was released today. Go and get it!

hf801-71643 Breaks Application Specific Custom Tag Paths

About a month ago Adobe released CHF 3 for ColdFusion 8. I was excited about this release because it fixed a bug that has caused quite a few headaches I'm sure, that being application specific custom tags not working under load. At work we recently deployed the cumulative hot fix to one of our production clusters only to find we were still seeing the "Cannot find CFML template for custom tag" error on a pretty consistent basis. Determined to get the bottom of the issue, today I installed CF 8 locally (another post on this later) and put together a quick test app that I could run JMeter against. Our production servers run a few other hot fixes in addition to the CHF so I had a feeling that one of the other hot fixes may be causing the issue. Sure enough, as I tested each hot fix in combination with CHF 3 I found that application specific custom tag paths started failing under load with hf801-71643 applied. That particular hot fix attempts to address some of the issues with CFC serialization to AMF (Flash Remoting) in CF 8. There are numerous issues with CFC serialization to AMF in ColdFuison 8 and hf801-71643 does not fix all of them, so we opted to remove it in favor of working custom tag paths. Anyway, I just thought I'd share this in case others have installed CHF 3 only to find they are still getting "Cannot find CFML template for custom tag" errors with application specific custom tag paths. If your still seeing this error be sure be sure to check the other hot fixes you have installed as they may be the culprit.

ColdFire Security Consideration

Given all the security issues around ColdFusion in the past few months I thought it would be good idea to remind ColdFire users about a potential security issue. One of the enhanced features of ColdFire is the ability to dump variables without changing your code. For example, to see the application scope you can just type "application" in the variables tab, reload the page, and there you have your application scope dumped to the ColdFusion Firebug tab. This is a great feature during development but could also be an attack vector if used on a public server. Imagine you were running ColdFire on a public server and storing something like database credentials in the application scope. Depending on the debugging IP addresses configured in the ColdFusion administrator, someone running the ColdFire Firebug extension could come along and dump the application scope and see those credentials. Anyway, this isn't really an issue with ColdFire, it works as intended, just something to be aware of if you use the tool.

Application Specific Custom Tag Paths Fixed in CHF3

As others have posted, ColdFusion 8.0.1 Cumulative Hot Fix 3 (CHF3) was released today. This hot fix contains a lot of new fixes, but I've been waiting for is this one:

Fix for the error "Cannot find CFML template for custom tag" thrown under load when using THIS.customtagpath in Application.cfc and "enable per app settings" is enabled.

In my testing before this hot fix I would see this error in about 8-10% of requests, even under what I would consider light load. After applying the hot fix and running the same JMeter tests I wasn't able to reproduce the issue.

Be sure to check the TechNote for a complete list of what's fixed in this release.

ColdFusion 9: onCFCRequest and Flash Remoting

ColdFusion 9 introduced the new onCFCRequest method. Unfortunately, this new method breaks Flash Remoting requests. To get around this issue you can resort to a modified version of the old onRequest hack. If you have an Application.cfc that covers remote components that will be used for Flash Remoting, you can add the following to your onRequestStart method:

<cffunction name="onRequestStart">
<cfargument name="targetPage" />

<cfif findNoCase("/flex2gateway",arguments.targetPage) gt 0>
<cfset structDelete(variables,"onCFCRequest") />
<cfset structDelete(this,"onCFCRequest") />

This will remove the onCFCRequest method for the current request and allow your Flash Remoting call to work. (Note: you may need to search for different paths depending on your BlazeDS endpoint configurations. If you don't know what I'm talking about here you will most likely be fine with the default "/flex2gateway".)

IP Ranger

Today I released a new ColdFusion administrator extension, IP Ranger, which allows IP ranges to be added to the debugging IP address list. IPv4 IP address ranges may be added using wildcards (192.*.*.*), octect ranges (192.168.1-10.1-120), or a combination of both (192.168.*.1-120). IP Ranger also allows you to verify, delete, and refresh IP address ranges.


ColdFusion 9: Flex Improvements

With the release of the ColdFusion 9 beta I thought I'd share a few of the Flex integration improvements I've been checking out this week. First, ColdFusion 9 now uses Blaze DS to power Flex remoting and messaging. ColdFusion has had remoting support for several versions, but before CF 9 you had to install LCDS or BlazeDS to get Flex messaging. With the move to Blaze DS there is no longer an integrated LCDS Express installation option, so if you want RTMP or data services you will have to buy a separate LCDS license or install the free LiveCycle Data Services ES Single-CPU License version yourself. I know some people feel this is a loss but I'm pretty happy having messaging available out of the box, without the single CPU limitation.


ColdFire Nominated for Community Achievement Award

Today I was pretty stoked to find out that ColdFire was nominated for a Community Achievement Award in the Best Open Source Project category. I'm not sure who nominated ColdFire, but thank you. It is a honor just to be mentioned with other projects such as ColdBox, BlogCFC, Mango Blog, Mura CMS, ColdSpring, Transer and Model Glue. Of course ColdFire wouldn't even exist were it not for the vision and work of Ray Camden and Adam Podolnick. Thanks guys for letting me work on your project!

Be sure to vote for your favorite Open Source Project, and lot of other topics here.

Working With Each Key In A Struct

Earlier today I saw a tweet from Marc Esher where he was looking to do something like: mystruct.each( myFunctionThatDoesStuffWithEachKeyItVisits). While you can't get that exact syntax, you can run a function on each key pretty easily. Below is an example:

<cffunction name="StructEach" returntype="Array">
   <cfargument name="struct" type="struct" required="true">
   <cfargument name="func" type="any" requried="true">   
   <cfset var results = [] />   
   <cfloop collection="#arguments.struct#" item="key">   
      <cfset ArrayAppend(results,arguments.func(arguments.struct[key])) />
   <cfreturn results />   

<cffunction name="FindIt" returntype="boolean">
   <cfargument name="item" type="string" required="true">   
   <cfreturn REFindNoCase('not a test$',arguments.item) />

myStruct = {};
myStruct.key1 = "This is a test.";
myStruct.key2 = "This is a test";
myStruct.key3 = "This is not a test.";
myStruct.key4 = "This is not a test";
myStruct.key5 = "Not a test, this is.";
results = StructEach(myStruct,FindIt);

<cfdump var="#results#" />

Not sure if it is exactly what Marc was looking for, but cool none the less.

RIAForge Now Protected by Akismet

A few months ago I got so fed up with dealing with spam on the ColdFire RIAForge site that I disabled comments for all blog entries and completely disabled the forums. However, rather than admit defeat, I talked with Ray Camden to see if I could help get Akismet support in RIAForge. Ray took me up on my offer and today he released a couple of updates that I think project authors will really appreciate.

The biggest update is that under the hood RIAForge is now using Brandon Harper's cfAkismet library to validate blog comments and forum posts. Blog comments flagged as spam by Akismet are moderated so that blog authors can choose to delete them or approve them as "ham." Due to some limitations with the way Galleon Forums are integrated into the RIAForge site, forum posts are just blocked outright if flagged as spam.

Anyway, I hope this will help other RIAForge authors as much as it will help me, and please let Ray or me know if you have any questions about the Akismet integration.

More Entries

BlogCFC was created by Raymond Camden. This blog is running version 5.8.001.