On 15 February, Adobe announced the newest release of their rapid web application development platform, ColdFusion. ColdFusion has been a powerful platform for many years, so we were immediately curious to see what new features Adobe was delivering with ColdFusion 2016.
Security Code Analyser
With the newest iteration of ColdFusion, clients who use the Enterprise version of the software will now have access to the security code analyzer. This tool gives developers the ability to examine both programs that are currently in development, as well as those previously created with ColdFusion, for potential security vulnerabilities. If vulnerabilities are detected, ColdFusion will also suggest options for correcting the vulnerabilities, or minimizing risk from them.
Raymond Camden, a developer advocate for IBM, wrote about this tool that:
To be clear, this does not replace a real, very deep, security analysis of your code. However, I think it could be really useful for getting some of the simpler stuff out of the way before the real/deeper scan is done later.
A Faster ColdFusion
Out of the box, this newest edition of ColdFusion is said to help programs run up to 30% faster, with additional options in the settings that can tweak even a little bit more speed out of applications.
ColdFusion includes the ability to save HTML files as PDFs using its CSS engine to ensure that the content appears and functions in the PDF just like it does in the HTML. ColdFusion also supports electronic signatures and validation, helping users establish document integrity and authenticity. ColdFusion 2016 takes functionality to the next level by supporting the redacting or sanitization of PDFs before they are distributed. Redacted PDFs show a grayed out or blank area where the chosen information was. PDFs can contain items like actions, flat form fields, metadata, document tags, and alternate images, which can be sensitive if released. By sanitizing your PDFs, you remove the possibility of this information being released.
Based on the team's blog, the new API Manager seems to be their big excitement with the newest release of ColdFusion. They say: "the all new API manager component that has everything to quickly move your APIs from concept to production." Like the Security Code Analyzer, the API Manager is only part of the Enterprise version of ColdFusion.
Product manager for ColdFusion, Rakshith Naresh, wrote about the API Manager:
API Manager is a new component introduced for the first time in Adobe ColdFusion (2016 release). It is a standalone server component that can run on its own, providing you all the capabilities of monitoring, measuring, securing, and monetizing APIs.
The ColdFusion (2016 release) also included several other changes that were only covered in the release notes, rather than the larger articles that Adobe released, such as:
* Security enhancements to support several new Microsoft security releases.
* PDF archival support so that archived documents can be opened in any future release of Adobe Acrobat.
* External storage for session scope, which dramatically improves the software's ability to scale with larger businesses.
* Connector enhancements, reducing your need to manage connectors manually; ColdFusion will now take care of this for you.
* Command line interface, giving developers greater access to the scripting capabilities of ColdFusion.
There have been a few blog posts within the developer community over the last few days since ColdFusion 2016 was announced. While opinions varied, some experts, such as Camden, expressed frustration that the Security Code Analyzer in particular was only available with the Enterprise edition of the software:
It just seems insane to me to make a security feature, one that can help ColdFusion as a product in general, as Enterprise only.
Camden also expressed frustration that the documentation for the newest release did not update at the same time as the product itself. Later, Charlie Arehart blogged that the help documents had been updated to include ColdFusion 2016, but noted that some of the documents still referred to CF11 as "the new release", which he called "unfortunate".
All in all, ColdFusion is considered by developers a great programming language for people who need to hit the ground running. Unfortunately, ColdFusion 2016 has not been met with a welcome reception. Many bloggers have expressed frustration that options like the API Manager and the Security Code Analyzer are only included in the Enterprise version of the software. They consider pricing to be a large barrier to entry for smaller businesses who still need these tools. Bloggers have also expressed frustration about the test phase of the release, where they struggled to get answers and communication from the Adobe community. They have shared concerns that bugs weren't addressed during the testing process, and that the security analyzer may give inexperienced developers a false sense of security about their product.
Will ColdFusion 2016 be the product that developers have been hoping for, or are they more likely to continue to be disappointed? Tell us what you think! - firstname.lastname@example.org