Adobe ColdFusion is a commercial rapid web-application development computing platform created by J. J. Allaire in 1995.
ColdFusion was originally designed to make it easier to connect simple HTML pages to a database.
Main features include: Other implementations of CFML offer similar or enhanced functionality, such as running in a .NET environment or image manipulation.
In addition to CFScript and plugins (as described), CFStudio provided a design platform with a WYSIWYG display.
In addition to ColdFusion, CFStudio also supports syntax in other languages popular for backend programming, such as Perl.
Version 3, released in June 1997, brought custom tags, cfsearch/cfindex/cfcollection based on the Verity search engine, the server scope, and template encoding (called then "encryption").
Version 3.1, released in Jan 1998, added RDS support as well as a port to the Sun Solaris operating system, while ColdFusion studio gained a live page preview and HTML syntax checker.
The release also added the initial implementation of cfscript, support for locking (cflock), transactions (cftransaction), hierarchical exception handling (cftry/cfcatch), sandbox security, as well as many new tags and functions, including cfstoredproc, cfcache, cfswitch, and more.
Version 4.5, released in Nov 1999, expanded the ability to access external system resources, including COM and CORBA, and added initial support for Java integration (including EJB's, Pojo's, servlets, and Java CFX's).
Version 5 was released in June 2001, adding enhanced query support, new reporting and charting features, user-defined functions, and improved admin tools.
It was the last to be legacy coded for a specific platform, and the first release from Macromedia after their acquisition of Allaire Corporation, which had been announced January 16, 2001.
Prior to 2000, Edwin Smith, an Allaire architect on JRun and later the Flash Player, Tom Harwood and Clement Wong initiated a project codenamed "Neo".
This made portability easier and provided a layer of security on the server, because it ran inside a Java Runtime Environment.
ColdFusion MX was completely rebuilt from the ground up and was based on the Java EE platform.
CFMX 7 added Flash-based and XForms-based web forms, and a report builder that output in Adobe PDF as well as FlashPaper, RTF and Excel.
ColdFusion MX 7.0.2 (codenamed "Mystic") included advanced features for working with Adobe Flex 2 as well as more improvements for the CF Report Builder.
More than 14,000 developers worldwide were active in the beta process - many more testers than the 5,000 Adobe Systems originally expected.
Some of the new features are the CFPDFFORM tag, which enables integration with Adobe Acrobat forms, some image manipulation functions, Microsoft .NET integration, and the CFPRESENTATION tag, which allows the creation of dynamic presentations using Adobe Acrobat Connect, the Web-based collaboration solution formerly known as Macromedia Breeze.
In addition, the ColdFusion Administrator for the Enterprise version ships with built-in server monitoring.
ColdFusion 8 is available on several operating systems including Linux, Mac OS X and Windows Server 2003.
Other additions to ColdFusion 8 are built-in Ajax widgets, file archive manipulation (CFZIP), Microsoft Exchange server integration (CFEXCHANGE), image manipulation including automatic CAPTCHA generation (CFIMAGE), multi-threading, per-application settings, Atom and RSS feeds, reporting enhancements, stronger encryption libraries, array and structure improvements, improved database interaction, extensive performance improvements, PDF manipulation and merging capabilities (CFPDF), interactive debugging, embedded database support with Apache Derby, and a more ECMAScript compliant CFSCRIPT.
For development of ColdFusion applications, several tools are available: primarily Adobe Dreamweaver CS4, Macromedia HomeSite 5.x, CFEclipse, Eclipse and others.
New or improved features available in all editions (Standard, Enterprise, and Developer) include: Adobe released ColdFusion 2023 on May 17, 2023.
As for the 2020 release, the features anticipated at that time (in 2017) were configurability (modularity) of CF application services, revamped scripting and object-oriented support, and further enhancements to the API Manager.
ColdFusion falls into the category of OO languages that do not support multiple inheritance (along with Java, Smalltalk, etc.).
In March 2013, a known issue affecting ColdFusion 8, 9 and 10 left the National Vulnerability Database open to attack.
[21] In May 2013, Adobe identified another critical vulnerability, reportedly already being exploited in the wild, which targets all recent versions of ColdFusion on any servers where the web-based administrator and API have not been locked down.
The vulnerability allows unauthorized users to upload malicious scripts and potentially gain full control over the server.
[23] In April 2015, Adobe fixed a cross-site scripting (XSS) vulnerability[24] in Adobe ColdFusion 10 before Update 16, and in ColdFusion 11 before Update 5, that allowed remote attackers to inject arbitrary web script or HTML;[25] however, it's exploitable only by users who have authenticated through the administration panel.
[26] In September 2019, Adobe fixed two command injection vulnerabilities (CVE-2019-8073) that enabled arbitrary code and an alleyway traversal (CVE-2019-8074).