Adobe recently released ColdFusion 2025, which includes the most significant wave of feature deprecations and removals in recent ColdFusion history. This release signals Adobe’s efforts to modernize the platform and address security concerns. Developers and organizations relying on this platform must be aware of significant changes in the product.
What’s Been Removed in ColdFusion 2025
The 2025 release has permanently removed numerous features that have reached the end of their lifecycle, including:
Mobile Development Features
All mobile-related features will be removed, reflecting the shift toward more specialized mobile development platforms and frameworks.
Legacy Tools and Utilities
- License Scanner: This subnet-searching tool for finding other ColdFusion instances is being eliminated. Adobe notes that the Activation page in CF Admin already effectively tracks license usage.
- cfencode.exe/cfencode.sh: This utility, located in confusion/bin, is being removed due to security vulnerabilities and a lack of recent updates.
Flash and Flex Components
Following Adobe’s broader strategy of moving away from Flash technology:
- All remaining Flash and Flex jars will be removed
- Event gateway features, including DataManagement, DataServicesMessaging, and FMS will no longer be available
Security and Encryption Changes
- CFMX_Compat encryption algorithm: Being removed from multiple functions, including Rand, Randomize, RandRange, Hash, Encrypt, EncryptBinary, Decrypt, DecryptBinary, and GeneratePBKDFKey.
- Thread support: Changes due to JDK21 upgrade, which has removed the Thread.stop() method.
Database and Integration Features
- COM/DCOM support: Eliminated due to lack of active development
- Sybase database support
- Jadozoom database driver
- AWS S3 Legacy-ACL: Removal of StoreAddACL and StoreSetACL functions, following Amazon’s April 2023 decision to disable access control lists for new buckets
Web Development Components
- HTTP reason phrases: No longer available since Tomcat 8.5
- cfheader StatusText attribute: Removed following Tomcat’s earlier elimination
- Axis1: Removed due to security issues
- XML Forms: Discontinued due to lack of active development
- UI Tags based on YUI toolkit: cftree, cfcalendar, cfmenu, cfsprydataset
- Various Form Tags: cfmenuitem, cfformitem, cfformgroup, cftreeitem
- cfcol and cftable: Legacy table generation tags
Newly Deprecated Features
The 2025 release also introduces deprecation notices for several features that will likely be removed in future versions:
- CAR (ColdFusion Archive) migration: Adobe recommends using cfsetup as an alternative
- Java SecurityManager: Following JDK 17’s deprecation through JEP 411
- Legacy Cookie Processor support: Though Tomcat 10.1 removed support, ColdFusion will maintain backward compatibility temporarily
- ssh-rsa algorithm in the fingerprint attribute in cfftp: Deprecated due to security concerns
- MS Access, ODBC, and DB2 database support: All facing deprecation due to lack of active development
- Additional Event gateway features: SMS and SAMETIME
Adobe’s Rationale
The deprecations and removals appear driven by three main factors:
- Security improvements: Many removals specifically cite security vulnerabilities
- Technology evolution: Particularly evident in the removal of Flash/Flex components and mobile features
- Maintenance efficiency: Discontinuing features with “no active development” to focus resources on current technologies
