ColdFusion upgrade considerations for CF2023
Guidance on what to consider when trying to upgrade to CF2023.
Adobe ColdFusion 2021 is reaching its EOL(End of Life) support on November 10th, 2025. With ColdFusion 2021 reaching its EOL, it is a good time to consider upgrading to ColdFusion 2023. In this article, we will be listing items that you should consider when upgrading to ColdFusion 2023.
NOTE: If you are up to date on your ColdFusion hotfixes on ColdFusion2021
Then the only items that you will need to review are the deprecated features.
Unscoped Variable
On March 12th, 2024, Adobe released a Hotfix(ColdFusion2023 Update 7 and ColdFusion 2021 Update 13) to address a vulnerability that affected Unscoped variables. To combat this vulnerability, the update made it so that the use of unscoped variables is disabled by default. There is a workaround that can be put in place, but it does leave you vulnerable. You can read more about this in the links below:
ColdFusion (2021 release) Update 13
ColdFusion (2023 release) Update 7
NOTE: Adobe has since released a patch(hf202100-8888888) that can help you
Identify where you have unscoped variables in your application.
Default Algorithm
On June 11, 2024, Adobe released a Hotfix(ColdFusion2023 Update 8 and ColdFusion 2021 Update 14) to address a vulnerability that affected the default encryption algorithm CFMX_COMPAT. To enhance security, Adobe changed the default encryption algorithm to AES/CBC/PKCS5Padding for the following functions:
You can read more about this in the links below:
ColdFusion (2021 release) Update 14
ColdFusion (2023 release) Update 8
Deprecated Feature
Anytime you plan to upgrade to a new major version of ColdFusion, it is highly recommended to review Adobe’s deprecated features list for ColdFusion. This allows you to see what features are either removed or deprecated from the newer version you are upgrading to so you can make sure that your code is updated ahead of time to be compatible with the latest major version.
You can find the deprecated features list below:
Please don’t hesitate to reach out to our team of engineers if you encounter issues or have any questions.