Misplaced Pages

#705294

47-494: On Friday March 8, 2013, the database was taken offline after it was discovered that the system used to run multiple government sites had been compromised by a software vulnerability of Adobe ColdFusion . In June 2017, threat intel firm Recorded Future revealed that the median lag between a CVE being revealed to ultimately being published to the NVD is 7 days and that 75% of vulnerabilities are published unofficially before making it to

94-512: A .NET environment or image manipulation. The engine was written in C and featured, among other things, a built-in scripting language (CFScript), plugin modules written in Java, and a syntax very similar to HTML. The equivalent to an HTML element, a ColdFusion tag begins with the letters "CF" followed by a name that is indicative of what the tag is interpreted to, in HTML. E.g. <cfoutput> to begin

141-510: A JavaScript -like language known as CFScript . Originally a product of Allaire and released on July 2, 1995, ColdFusion was developed by brothers Joseph J. Allaire and Jeremy Allaire . In 2001 Allaire was acquired by Macromedia , which in turn was acquired by Adobe Systems Inc in 2005. ColdFusion is most often used for data-driven websites or intranets , but can also be used to generate remote services such as REST services, WebSockets , SOAP web services or Flash remoting. It

188-407: A server asynchronously (in the background) without interfering with the display and behaviour of the existing page. By decoupling the data interchange layer from the presentation layer, Ajax allows web pages and, by extension, web applications, to change content dynamically without the need to reload the entire page. In practice, modern implementations commonly utilize JSON instead of XML. Ajax

235-480: A 9.8 out of 10 critical vulnerability. cURL lead developer Daniel Stenberg responded by saying this was not a security problem, the bug had been patched nearly 4 years prior, requested the CVE be rejected, and accused NVD of "scaremongering" and "grossly inflating the severity level of issues". MITRE disagreed with Stenberg and denied his request to reject the CVE, noting that "there is a valid weakness ... which can lead to

282-412: A Web application that communicates with a server in the background, without interfering with the current state of the page. In the article that coined the term Ajax, Jesse James Garrett explained that the following technologies are incorporated: Since then, however, there have been a number of developments in the technologies used in an Ajax application, and in the definition of the term Ajax itself. XML

329-408: A combination of the commercial JPedal Java PDF library and the free and open source Java library iText , and cfhtmltopdf uses an embedded WebKit implementation. ColdFusion was originally not an object-oriented programming language like PHP versions 3 and below. ColdFusion falls into the category of OO languages that do not support multiple inheritance (along with Java, Smalltalk, etc.). With

376-642: A commercial product). More than 14,000 developers worldwide were active in the beta process - many more testers than the 5,000 Adobe Systems originally expected. The ColdFusion development team consisted of developers based in Newton/Boston, Massachusetts and offshore in Bangalore, India. Some of the new features are the CFPDFFORM tag, which enables integration with Adobe Acrobat forms, some image manipulation functions, Microsoft .NET integration, and

423-518: A crucial role in modern web development. One key advantage of Ajax is its capacity to render web applications without requiring data retrieval, resulting in reduced server traffic. This optimization minimizes response times on both the server and client sides, eliminating the need for users to endure loading screens. Furthermore, Ajax facilitates asynchronous processing by simplifying the utilization of XmlHttpRequest, which enables efficient handling of requests for asynchronous data retrieval. Additionally,

470-615: A full scripting language . One of the distinguishing features of ColdFusion is its associated scripting language, ColdFusion Markup Language (CFML). CFML compares to the scripting components of ASP , JSP , and PHP in purpose and features, but its tag syntax more closely resembles HTML , while its script syntax resembles JavaScript . ColdFusion is often used synonymously with CFML , but there are additional CFML application servers besides ColdFusion, and ColdFusion supports programming languages other than CFML, such as server-side Actionscript and embedded scripts that can be written in

517-598: A layer of security on the server, because it ran inside a Java Runtime Environment. In June 2002 Macromedia released the version 6.0 product under a slightly different name, ColdFusion MX, allowing the product to be associated with both the Macromedia brand and its original branding. ColdFusion MX was completely rebuilt from the ground up and was based on the Java EE platform. ColdFusion MX was also designed to integrate well with Macromedia Flash using Flash Remoting. With

SECTION 10

#1732782313706

564-570: A master blueprint for the next feature set. In September 2010, he presented the plans to Adobe where they were given full support and approval by upper management. The first public beta of ColdFusion 10 was released via Adobe Labs on 17 February 2012. ColdFusion 11 (Codenamed: Splendor) was released on April 29, 2014. New or improved features available in all editions (Standard, Enterprise, and Developer) include: ColdFusion 11 also removed many features previously identified simply as "deprecated" or no longer supported in earlier releases. For example,

611-455: A more ECMAScript compliant CFSCRIPT. For development of ColdFusion applications, several tools are available: primarily Adobe Dreamweaver CS4, Macromedia HomeSite 5.x, CFEclipse, Eclipse and others. "Tag updaters" are available for these applications to update their support for the new ColdFusion 8 features. ColdFusion 9 (Codenamed: Centaur ) was released on October 5, 2009. New features for CF9 include: ColdFusion 10 (Codenamed: Zeus)

658-703: A simple Ajax request using the GET method, written in JavaScript . get-ajax-data.js: send-ajax-data.php: Fetch is a native JavaScript API. According to Google Developers Documentation , "Fetch makes it easier to make web requests and handle responses than with the older XMLHttpRequest." Fetch relies on JavaScript promises . The fetch specification differs from Ajax in the following significant ways: Ajax offers several benefits that can significantly enhance web application performance and user experience. By reducing server traffic and improving speed, Ajax plays

705-405: A valid security impact." In September 2023, the issue was rescored by the NVD as a 3.3 "low" vulnerability, stating that "it may (in theory) cause a denial of service" for attacked systems, but that this attack vector "is not especially plausible". This United States government–related article is a stub . You can help Misplaced Pages by expanding it . Adobe ColdFusion Adobe ColdFusion

752-596: A wide deployment of standards-compliant, cross browser Ajax with Gmail (2004) and Google Maps (2005). In October 2004 Kayak.com 's public beta release was among the first large-scale e-commerce uses of what their developers at that time called "the xml http thing". This increased interest in Ajax among web program developers. The term AJAX was publicly used on 18 February 2005 by Jesse James Garrett in an article titled Ajax: A New Approach to Web Applications , based on techniques used on Google pages. On 5 April 2006,

799-428: Is a commercial rapid web-application development computing platform created by J. J. Allaire in 1995. (The programming language used with that platform is also commonly called ColdFusion, though is more accurately known as CFML .) ColdFusion was originally designed to make it easier to connect simple HTML pages to a database . By version 2 (1996) it had become a full platform that included an IDE in addition to

846-487: Is also available as a wrapper to any HTML page, converting that page to a quality printable document. The enterprise edition also added Gateways . These provide interaction with non-HTTP request services such as IM Services, SMS, Directory Watchers, and an asynchronous execution. XML support was boosted in this version to include native schema checking. ColdFusion MX 7.0.1 (codename "Merrimack") added support for Mac OS X , improvements to Flash forms, RTF support for CFReport,

893-493: Is especially well-suited as the server-side technology to the client-side ajax . ColdFusion can also handle asynchronous events such as SMS and instant messaging via its gateway interface, available in ColdFusion MX 7 Enterprise Edition. ColdFusion provides a number of additional features out of the box. Main features include: Other implementations of CFML offer similar or enhanced functionality, such as running in

940-433: Is no longer required for data interchange and, therefore, XSLT is no longer required for the manipulation of data. JavaScript Object Notation (JSON) is often used as an alternative format for data interchange, although other formats such as preformatted HTML or plain text can also be used. A variety of popular JavaScript libraries, including JQuery , include abstractions to assist in executing Ajax requests. An example of

987-462: Is not a technology, but rather a programming concept. HTML and CSS can be used in combination to mark up and style information. The webpage can be modified by JavaScript to dynamically display (and allow the user to interact with) the new information. The built-in XMLHttpRequest object is used to execute Ajax on webpages, allowing websites to load content onto the screen without refreshing

SECTION 20

#1732782313706

1034-500: Is well-suited for Ajax -enabled applications. ColdFusion 8 introduced the ability to serialize ColdFusion data structures to JSON for consumption on the client. Ajax (programming) Ajax (also AJAX / ˈ eɪ dʒ æ k s / ; short for " asynchronous JavaScript and XML " ) is a set of web development techniques that uses various web technologies on the client-side to create asynchronous web applications . With Ajax, web applications can send and retrieve data from

1081-521: The Apache Web Server and with Internet Information Services . All versions of ColdFusion prior to 6.0 were written using Microsoft Visual C++ . This meant that ColdFusion was largely limited to running on Microsoft Windows , although Allaire did successfully port ColdFusion to Sun Solaris starting with version 3.1. The Allaire company was sold to Macromedia , then Macromedia was sold to Adobe . Earlier versions were not as robust as

1128-551: The World Wide Web Consortium (W3C) released the first draft specification for the XMLHttpRequest object in an attempt to create an official Web standard . The latest draft of the XMLHttpRequest object was published on 6 October 2016, and the XMLHttpRequest specification is now a living standard . The term Ajax has come to represent a broad group of Web technologies that can be used to implement

1175-661: The API Manager. ColdFusion can generate PDF documents using standard HTML (i.e. no additional coding is needed to generate documents for print). CFML authors place HTML and CSS within a pair of cfdocument tags (or new in ColdFusion 11, cfhtmltopdf tags). The generated document can then either be saved to disk or sent to the client's browser. ColdFusion 8 introduced also the cfpdf tag to allow for control over PDF documents including PDF forms, and merging of PDFs. These tags however do not use Adobe's PDF engine but cfdocument uses

1222-551: The CFLOG tag long offered date and time attributes which were deprecated (and redundant, as the date and time is always logged). As of CF11, their use would not cause the CFLOG tag to fail. Adobe ColdFusion (2016 release), Codenamed: Raijin (and also known generically as ColdFusion 2016) was released on February 16, 2016. New or improved features available in all editions (Standard, Enterprise, and Developer) include: Adobe ColdFusion (2018 release), known generically as ColdFusion 2018,

1269-1279: The CFPRESENTATION tag, which allows the creation of dynamic presentations using Adobe Acrobat Connect , the Web-based collaboration solution formerly known as Macromedia Breeze . In addition, the ColdFusion Administrator for the Enterprise version ships with built-in server monitoring. ColdFusion 8 is available on several operating systems including Linux , Mac OS X and Windows Server 2003 . Other additions to ColdFusion 8 are built-in Ajax widgets, file archive manipulation (CFZIP), Microsoft Exchange server integration (CFEXCHANGE), image manipulation including automatic CAPTCHA generation (CFIMAGE), multi-threading, per-application settings, Atom and RSS feeds, reporting enhancements, stronger encryption libraries, array and structure improvements, improved database interaction, extensive performance improvements, PDF manipulation and merging capabilities (CFPDF), interactive debugging, embedded database support with Apache Derby , and

1316-506: The MX release (6+), ColdFusion introduced basic OO functionality with the component language construct which resembles classes in OO languages. Each component may contain any number of properties and methods. One component may also extend another ( Inheritance ). Components only support single inheritance. Object handling feature set and performance enhancing has occurred with subsequent releases. With

1363-719: The Microsoft Outlook Web Access team developed the concept behind the XMLHttpRequest scripting object. It appeared as XMLHTTP in the second version of the MSXML library, which shipped with Internet Explorer 5.0 in March 1999. The functionality of the Windows XMLHTTP ActiveX control in IE 5 was later implemented by Mozilla Firefox , Safari , Opera , Google Chrome , and other browsers as

1410-524: The NVD, giving attackers time to exploit the vulnerability. In addition to providing a list of Common Vulnerabilities and Exposures (CVEs), the NVD scores vulnerabilities using the Common Vulnerability Scoring System (CVSS) which is based on a set of equations using metrics such as access complexity and availability of a remedy. In August 2023, the NVD initially marked an integer overflow bug in old versions of cURL as

1457-666: The Verity search engine, the server scope, and template encoding (called then "encryption"). Version 3.1, released in Jan 1998, added RDS support as well as a port to the Sun Solaris operating system, while ColdFusion studio gained a live page preview and HTML syntax checker. Released in Nov 1998, version 4 is when the name was changed from "Cold Fusion" to "ColdFusion" - possibly to distinguish it from Cold fusion theory. The release also added

National Vulnerability Database - Misplaced Pages Continue

1504-659: The XMLHttpRequest JavaScript object. Microsoft adopted the native XMLHttpRequest model as of Internet Explorer 7 . The ActiveX version is still supported in Internet Explorer, but not in Microsoft Edge . The utility of these background HTTP requests and asynchronous Web technologies remained fairly obscure until it started appearing in large scale online applications such as Outlook Web Access (2000) and Oddpost (2002). Google made

1551-399: The browser reloaded a page because of a partial change, all the content had to be re-sent, even though only some of the information had changed. This placed additional load on the server and made bandwidth a limiting factor in performance. In 1996, the iframe tag was introduced by Internet Explorer ; like the object element, it can load a part of the web page asynchronously. In 1998,

1598-515: The component in this manner: http://path/to/components/Component.cfc?wsdl. Aside from SOAP, the services are offered in Flash Remoting binary format. Methods which are declared remote may also be invoked via an HTTP GET or POST request. Consider the GET request as shown. This will invoke the component's search function, passing "your query" and "strict" as arguments. This type of invocation

1645-529: The first release from Macromedia after their acquisition of Allaire Corporation , which had been announced January 16, 2001. Prior to 2000, Edwin Smith, an Allaire architect on JRun and later the Flash Player , Tom Harwood and Clement Wong initiated a project codenamed "Neo". This project was later revealed as a ColdFusion Server re-written completely using Java . This made portability easier and provided

1692-467: The getmetricdata function (to access performance information), additional performance information in page debugging output, enhanced string conversion functions, and optional whitespace removal. Version 5 was released in June 2001, adding enhanced query support, new reporting and charting features, user-defined functions, and improved admin tools. It was the last to be legacy coded for a specific platform, and

1739-493: The initial implementation of cfscript, support for locking (cflock), transactions (cftransaction), hierarchical exception handling (cftry/cfcatch), sandbox security, as well as many new tags and functions, including cfstoredproc, cfcache, cfswitch, and more. Version 4.5, released in Nov 1999, expanded the ability to access external system resources, including COM and CORBA, and added initial support for Java integration (including EJB's, Pojo's, servlets, and Java CFX's). IT also added

1786-498: The new CFCPRoxy feature for Java/CFC integration, and more. ColdFusion MX 7.0.2 (codenamed "Mystic") included advanced features for working with Adobe Flex 2 as well as more improvements for the CF Report Builder. On July 30, 2007, Adobe Systems released ColdFusion 8 , dropping "MX" from its name. During beta testing the codename used was "Scorpio" (the eighth sign of the zodiac and the eighth iteration of ColdFusion as

1833-427: The output of variables or other content. In addition to CFScript and plugins (as described), CFStudio provided a design platform with a WYSIWYG display. In addition to ColdFusion, CFStudio also supports syntax in other languages popular for backend programming, such as Perl. In addition to making backend functionality easily available to the non-programmer, (version 4.0 and forward in particular) integrated easily with

1880-410: The page. Ajax is not a new technology, nor is it a new language. Instead, it is existing technologies used in a new way. In the early-to-mid 1990s, most Websites were based on complete HTML pages. Each user action required a complete new page to be loaded from the server. This process was inefficient, as reflected by the user experience: all page content disappeared, then the new page appeared. Each time

1927-456: The release of ColdFusion 8, Java-style interfaces are supported. ColdFusion components use the file extension cfc to differentiate them from ColdFusion templates (.cfm). Component methods may be made available as web services with no additional coding and configuration. All that is required is for a method's access to be declared 'remote'. ColdFusion automatically generates a WSDL at the URL for

National Vulnerability Database - Misplaced Pages Continue

1974-556: The release of ColdFusion MX, the CFML language API was released with an OOP interface. With the release of ColdFusion 7.0 on February 7, 2005, the naming convention was amended, rendering the product name "Macromedia ColdFusion MX 7" (the codename for CFMX7 was "Blackstone"). CFMX 7 added Flash-based and XForms -based web forms, and a report builder that output in Adobe PDF as well as FlashPaper , RTF and Excel . The Adobe PDF output

2021-504: The roadmap anticipating releases in 2018 and 2020. Among the key features anticipated for the 2016 release were a new performance monitor, enhancements to asynchronous programming, revamped REST support, and enhancements to the API Manager, as well as support for CF2016 projected into 2024. As for the 2020 release, the features anticipated at that time (in 2017) were configurability (modularity) of CF application services, revamped scripting and object-oriented support, and further enhancements to

2068-490: The versions available from version 4.0 forward. With the release of ColdFusion MX 6.0, the engine had been re-written in Java and supported its own runtime environment, which was easily replaced through its configuration options with the runtime environment from Sun. Version 6.1 included the ability to code and debug Macromedia Flash . Version 3, released in June 1997, brought custom tags, cfsearch/cfindex/cfcollection based on

2115-525: Was originally referred to by the codename Zeus, after first being confirmed as coming by Adobe at Adobe MAX 2010, and during much of its prerelease period. It was also commonly referred to as "ColdFusion next" and "ColdFusion X" in blogs, on Twitter, etc., before Adobe finally confirmed it would be "ColdFusion 10". For much of 2010, ColdFusion Product Manager Adam Lehman toured the US setting up countless meetings with customers, developers, and user groups to formulate

2162-618: Was released on July 12, 2018. ColdFusion 2018 was codenamed Aether during prerelease. As of March 2023, Adobe had released 16 updates for ColdFusion 2018. New or improved features available in all editions (Standard, Enterprise, and Developer) include: Adobe ColdFusion (2021 Release) was released on Nov 11th, 2020. ColdFusion 2021 was code named Project Stratus during pre-release. New or improved features available in all editions (Standard, Enterprise, and Developer) include: Adobe released ColdFusion 2023 on May 17, 2023. New features available are as follows: In Sep 2017, Adobe announced

2209-544: Was released on May 15, 2012. New or improved features available in all editions (Standard, Enterprise, and Developer) include (but are not limited to): Additional new or improved features in ColdFusion Enterprise or Developer editions include (but are not limited to): The lists above were obtained from the Adobe web site pages describing "new features", as listed first in the links in the following list. CF10

#705294