What's New in ColdFusion 2025

The features worth knowing about and the changes that might catch you off guard

Last updated: November 28, 202512 min read

ColdFusion 2025 is a substantial release. JDK 17 brings real performance gains, Tomcat 10.1 modernizes the runtime, and cfpm changes how you think about installation. But with those improvements come breaking changes you need to plan for. Here's what matters.

The Headlines

🚀

JDK 17 LTS Support

This is the big one. Expect 30-40% performance improvements over JDK 11—and it's a long-term support release.

🔒

Enhanced Security

Tighter defaults out of the box. TLS 1.3 support, modern cipher suites, and an updated Lockdown Guide.

âš¡

Tomcat 10.1

The servlet container gets a major upgrade. Jakarta EE 10 support means javax.* is now jakarta.*—which can break things.

📦

cfpm Package Manager

Install only what you need. Smaller footprint, smaller attack surface, faster deployments.

New Features

Java & Runtime

  • JDK 17 LTS: First-class support for Java 17 with improved garbage collection (G1GC enhancements)
  • Tomcat 10.1: Upgraded from Tomcat 9.0 to 10.1 with Jakarta EE 10
  • Performance Improvements: 30-40% faster execution compared to CF 2023 with JDK 17
  • Memory Efficiency: Reduced memory footprint with better heap management

Security Enhancements

  • Modern Cipher Suites: Support for TLS 1.3 and updated cipher suite defaults
  • Secure Defaults: More secure out-of-box configurations
  • Enhanced Session Security: Improved session cookie handling with SameSite support
  • Updated Lockdown Tool: Enhanced Adobe Lockdown Guide with CF 2025-specific hardening
  • Security Headers: Built-in support for modern security headers (CSP, HSTS)

Package Management (cfpm)

  • Modular Installation: Install only the packages you need
  • Reduced Attack Surface: Minimize security exposure by excluding unused components
  • Dependency Management: Automatic handling of package dependencies
  • Version Control: Track and manage installed package versions

Performance Monitoring

  • PMT (Performance Monitoring Toolset): Built-in Elastic Stack integration
  • Real-time Metrics: Enhanced performance monitoring dashboards
  • Custom Metrics API: Expose custom application metrics
  • Health Check Endpoints: Built-in health check URLs for load balancers

Developer Experience

  • Improved Error Messages: More detailed error reporting and stack traces
  • Enhanced Debugging: Better debugging tools and inspection capabilities
  • IDE Support: Improved IntelliSense and code completion support
  • Modern APIs: Updated REST APIs with OpenAPI documentation

Breaking Changes

Read this section carefully. These changes can break existing applications. Know what you're getting into before you upgrade.

JDK Requirements

  • Minimum JDK: JDK 11 required (JDK 17 recommended)
  • JDK 8 Dropped: No longer supports JDK 8 (use CF 2023 if JDK 8 required)
  • JPMS Modules: Some Java modules require explicit --add-opens flags

Tomcat Changes

  • Jakarta EE Namespace: javax.* packages changed to jakarta.* (affects direct Servlet/JSP code)
  • Connector Configuration: Some Tomcat connector settings have changed
  • Session Serialization: Updated serialization format may affect clustered sessions

Deprecated Features

  • Flash/Flex Integration: Removed (Flash EOL)
  • Legacy WebSocket: Replaced with Jakarta WebSocket API
  • Old Admin API: Deprecated in favor of REST-based Admin API
  • Verity Search: Fully removed (migrate to Solr or Elasticsearch)

Configuration Changes

  • Default Ports: Web server connector defaults may have changed
  • Security Defaults: More restrictive default security settings
  • Session Cookie Defaults: Secure and HttpOnly enabled by default

Migration Considerations

How hard is the upgrade? That depends on where you're coming from.

From ColdFusion 2023

Effort: Low — Most applications work with minimal changes

  • Update JDK to 17 for best performance
  • Review any custom Java integrations for Jakarta namespace changes
  • Test session handling in clustered environments
  • Update any Tomcat connector customizations

From ColdFusion 2021

Effort: Medium — Plan for a proper testing cycle

  • Must upgrade to JDK 11 minimum (JDK 17 recommended)
  • Review deprecated features usage
  • Update security configurations to match new defaults
  • Test all custom Java integrations

From ColdFusion 2018 or Earlier

Effort: High — This is a significant project. Budget accordingly.

  • Major JDK upgrade required
  • Remove usage of deprecated features (Flash, Verity)
  • Update all security configurations
  • Comprehensive application testing recommended
  • Consider professional migration assistance

Additional Resources

Related Questions

Can I upgrade directly from ColdFusion 2018 to ColdFusion 2025?
Yes, you can upgrade directly from CF 2018 to CF 2025, but it requires significant testing due to the JDK upgrade (from 8/11 to 11/17), Tomcat upgrade (9.0 to 10.1), and deprecated feature removal. We recommend using Adobe Code Analyzer to identify compatibility issues before upgrading.
Is JDK 17 required for ColdFusion 2025?
No, JDK 11 is the minimum requirement, but JDK 17 is strongly recommended for optimal performance. JDK 17 provides 30-40% performance improvements over JDK 11 and is a Long-Term Support (LTS) release.
What happened to Flash/Flex integration in CF 2025?
Flash and Flex integration has been completely removed in ColdFusion 2025 due to Adobe Flash end-of-life. Applications using Flash Forms or Flex remoting must be migrated to modern alternatives before upgrading to CF 2025.
How long does the upgrade to ColdFusion 2025 take?
For a standard CF 2023 to CF 2025 upgrade, expect 4-8 hours including testing. For CF 2018 or earlier, plan for 1-3 days depending on application complexity and deprecated feature usage.
What is cfpm and do I need to use it?
cfpm (ColdFusion Package Manager) is a new modular installation system in CF 2025. It allows you to install only the packages you need, reducing security attack surface. While not required, it's recommended for production deployments to minimize unnecessary components.

Migration looking complicated?

Upgrades are easier when you've done them before. Convective has migrated hundreds of ColdFusion applications—we can assess your situation, identify the risks, and help you plan a path forward.

Get Migration Support
ColdFusion 2025 What's New - Features, Changes & Breaking Changes | CFGuide | CFGuide