ColdFusion 2025 What's New

Last updated: October 4, 202512 min read

ColdFusion 2025 represents a major update with significant performance improvements, security enhancements, and modern platform upgrades. This guide covers new features, breaking changes, and deprecations.

Major Highlights

🚀

JDK 17 LTS Support

Official support for JDK 17 with 30-40% performance improvements over JDK 11

🔒

Enhanced Security

Updated security features, modern cipher suites, and improved default configurations

âš¡

Tomcat 10.1

Upgraded application server with Jakarta EE 10 support and improved performance

📦

cfpm Package Manager

Modular package management system for installing only required components

New Features

Java & Runtime

  • JDK 17 LTS: First-class support for Java 17 with improved garbage collection (G1GC enhancements)
  • Tomcat 10.1: Upgraded from Tomcat 9.0 to 10.1 with Jakarta EE 10
  • Performance Improvements: 30-40% faster execution compared to CF 2023 with JDK 17
  • Memory Efficiency: Reduced memory footprint with better heap management

Security Enhancements

  • Modern Cipher Suites: Support for TLS 1.3 and updated cipher suite defaults
  • Secure Defaults: More secure out-of-box configurations
  • Enhanced Session Security: Improved session cookie handling with SameSite support
  • Updated Lockdown Tool: Enhanced Adobe Lockdown Guide with CF 2025-specific hardening
  • Security Headers: Built-in support for modern security headers (CSP, HSTS)

Package Management (cfpm)

  • Modular Installation: Install only the packages you need
  • Reduced Attack Surface: Minimize security exposure by excluding unused components
  • Dependency Management: Automatic handling of package dependencies
  • Version Control: Track and manage installed package versions

Performance Monitoring

  • PMT (Performance Monitoring Toolset): Built-in Elastic Stack integration
  • Real-time Metrics: Enhanced performance monitoring dashboards
  • Custom Metrics API: Expose custom application metrics
  • Health Check Endpoints: Built-in health check URLs for load balancers

Developer Experience

  • Improved Error Messages: More detailed error reporting and stack traces
  • Enhanced Debugging: Better debugging tools and inspection capabilities
  • IDE Support: Improved IntelliSense and code completion support
  • Modern APIs: Updated REST APIs with OpenAPI documentation

Breaking Changes

Important: Review these breaking changes before upgrading to ColdFusion 2025.

JDK Requirements

  • Minimum JDK: JDK 11 required (JDK 17 recommended)
  • JDK 8 Dropped: No longer supports JDK 8 (use CF 2023 if JDK 8 required)
  • JPMS Modules: Some Java modules require explicit --add-opens flags

Tomcat Changes

  • Jakarta EE Namespace: javax.* packages changed to jakarta.* (affects direct Servlet/JSP code)
  • Connector Configuration: Some Tomcat connector settings have changed
  • Session Serialization: Updated serialization format may affect clustered sessions

Deprecated Features

  • Flash/Flex Integration: Removed (Flash EOL)
  • Legacy WebSocket: Replaced with Jakarta WebSocket API
  • Old Admin API: Deprecated in favor of REST-based Admin API
  • Verity Search: Fully removed (migrate to Solr or Elasticsearch)

Configuration Changes

  • Default Ports: Web server connector defaults may have changed
  • Security Defaults: More restrictive default security settings
  • Session Cookie Defaults: Secure and HttpOnly enabled by default

Migration Considerations

From ColdFusion 2023

Effort: Low - Most applications compatible with minimal changes

  • Update JDK to 17 for best performance
  • Review any custom Java integrations for Jakarta namespace changes
  • Test session handling in clustered environments
  • Update any Tomcat connector customizations

From ColdFusion 2021

Effort: Medium - Requires testing and JDK upgrade

  • Must upgrade to JDK 11 minimum (JDK 17 recommended)
  • Review deprecated features usage
  • Update security configurations to match new defaults
  • Test all custom Java integrations

From ColdFusion 2018 or Earlier

Effort: High - Significant changes and testing required

  • Major JDK upgrade required
  • Remove usage of deprecated features (Flash, Verity)
  • Update all security configurations
  • Comprehensive application testing recommended
  • Consider professional migration assistance

Additional Resources

Related Questions

Can I upgrade directly from ColdFusion 2018 to ColdFusion 2025?
Yes, you can upgrade directly from CF 2018 to CF 2025, but it requires significant testing due to the JDK upgrade (from 8/11 to 11/17), Tomcat upgrade (9.0 to 10.1), and deprecated feature removal. We recommend using Adobe Code Analyzer to identify compatibility issues before upgrading.
Is JDK 17 required for ColdFusion 2025?
No, JDK 11 is the minimum requirement, but JDK 17 is strongly recommended for optimal performance. JDK 17 provides 30-40% performance improvements over JDK 11 and is a Long-Term Support (LTS) release.
What happened to Flash/Flex integration in CF 2025?
Flash and Flex integration has been completely removed in ColdFusion 2025 due to Adobe Flash end-of-life. Applications using Flash Forms or Flex remoting must be migrated to modern alternatives before upgrading to CF 2025.
How long does the upgrade to ColdFusion 2025 take?
For a standard CF 2023 to CF 2025 upgrade, expect 4-8 hours including testing. For CF 2018 or earlier, plan for 1-3 days depending on application complexity and deprecated feature usage.
What is cfpm and do I need to use it?
cfpm (ColdFusion Package Manager) is a new modular installation system in CF 2025. It allows you to install only the packages you need, reducing security attack surface. While not required, it's recommended for production deployments to minimize unnecessary components.

Need Migration Help?

Convective has successfully migrated hundreds of ColdFusion applications. Our experts can assess your application and provide a customized migration plan.

Get Migration Support