ColdFusion 2025 Breaking Changes Explained

In case you missed it, Adobe released ColdFusion 2025 last week. The ColdFusion 2025 release has removed several deprecated or unsupported features, so it is important to test your code, and scan your code for these issues before updating. You can find Adobe’s list of deprecated and removed features here.

On a related note, I’m also pleased to announce that Fixinator version 6 has been released. One of the major enhancements in Fixinator 6 is a ColdFusion 2025 code compatibility scanner.

You can run a ColdFusion 2025 compatibility scan on your code with fixinator like this:

fixinator path=c:\code goals=compatibility engines=adobe@2025

I've shared more about Fixinator 6 in another post. This post is all about digging into the possible breaking changes that you need to know about when upgrading to ColdFusion 2025.

Removal of the parameterExists Function

The parameterExists function has been deprecated since ColdFusion 6, but it still worked all the way up to ColdFusion 2023. Now in ColdFusion 2025, you’ll get this error if you try to use it:

coldfusion.runtime.UndefinedVariableException: Variable PARAMETEREXISTS is undefined

Here’s an example of some code using parameterExists:

<cfif parameterExists(url.id)>
  The id variable exists in the url scope.
</cfif>

And here’s how you can replace it:

<cfif url.keyExists("id")>
  The id variable exists in the url scope.
</cfif>

Above, I'm using the keyExists member function of the url struct. You could also use structKeyExists.

You can also replace parameterExists with the isDefined function. Note how parameterExists does not use quotes around the variable name, but the isDefined function does:

<cfif isDefined("url.id")>
  The id variable exists in the url scope.
</cfif>

The fact that parameterExists doesn't use quotes on the variable name is kind of strange, because it implies that you are using the value of the variable, not the variable reference itself. I assume that is why it was deprecated to begin with.

Removal of the htmlEditFormat Function

The htmlEditFormat function has been deprecated since ColdFusion version 11. There is probably a good chance that you have a bunch of calls to this function in your code if it was written over 10 years ago. The htmlEditFormat function was most commonly used as a way to avoid XSS by encoding the < and > characters as HTML entities < and >. That is really all this function does. In most cases you can replace these function calls with an encodeForHTML function call. The correct encoder function to use depends on the context of where the variable is output. There are different encoder functions that specialize in different contexts. For example if we are outputting the variable inside a HTML attribute value (such as a hidden input value), then we should use encodeForHTMLAttribute instead.

Similar to parameterExists you’ll see an error message like this when you try to use htmlEditFormat on ColdFusion 2025:

coldfusion.runtime.UndefinedVariableException: Variable HTMLEDITFORMAT is undefined

Fixinator 6 will now recommend the various encoder methods when it detects the htmlEditFormat function in your ColdFusion source code.

Removal of the tag as script components

Back in the days of (I think) ColdFusion version 8 Adobe started bundling several CFCs with ColdFusion that were meant to help you use certain tags in script based components or within a cfscript tag. These components were deprecated in ColdFusion 2018, and are now removed in ColdFusion 2025. If your ColdFusion app makes use these components, they will probably be the most time consuming thing to take care of in order to upgrade.

The query() component

Here’s an example of how you might have been using the query() script component:

q = new query();
q.addParam(name="id",value=url.id,cfsqltype="integer");
result = q.execute("SELECT * FROM tbl WHERE id = :id");
queryResult = result.getResult();

Fixing these components are not as straightforward as the removed functions. We can use the queryExecute function to rewrite this code:

queryResult = queryExecute("SELECT * FROM tbl WHERE id = :id",
	{ id={name="id",value=url.id,cfsqltype="integer"} });

The http() component

The http script component is used to make http calls, here’s an example of how it was used:

httpService = new http();
httpService.setUrl("https://example.com/");
httpResult = httpService.send().getPrefix();

We can rewrite this one using the tag to script syntax:

cfhttp( url="https://example.com/", result="httpResult" );

Other script components

There are a few other script components that were removed in ColdFusion 2025. You should be able to replace these with the tag to script syntax. Here are the other components:

• mail() - use cfmail() tag to script syntax instead, the body can go inside a {} and output using writeOutput
• storedproc() - use cfstoredproc()
• pdf() - use cfpdf()
• pop() - use cfpop()
• feed() - use cffeed()
• collection() - use cfcollection()
• dbinfo() - use cfdbinfo()
• ftp() - use cfftp()
• search() - use cfsearch()
• imap() - use cfimap()

Note that it may be possible that they are called by their full name in your code, for example com.adobe.coldfusion.query().

Fixinator will detect all of these in a compatibility scan, however it returns the results with a medium confidence level (since it is possible you might also just have a cfc named mail.cfc for example).

Removal of the statustext attribute of cfheader

The cfheader tag no longer supports the statustext attribute. Here’s what the unsupported code looks like:

<cfheader statuscode="404" statustext="Not Found">

You’ll now get this error in ColdFusion 2025:

Attribute validation error for tag CFHEADER.It does not allow the attribute(s) STATUSTEXT.

This removal is due to a change in Tomcat that prevents you from customizing the status text.

To fix these you'll need to just remove the statustext attribute, eg:

<cfheader statuscode="404">

Removal of Apache AXIS 1 Support

Adobe has removed Apache AXIS 1 support in ColdFusion 2025. Apache AXIS is a SOAP web services engine. So if you are consuming or publishing SOAP web services using AXIS version 1 you’ll want to take a closer look at this one.

ColdFusion has used AXIS version 2 for several years (since ColdFusion 10 I believe), but it provides several ways within your code or ColdFusion administrator to use Axis version 1 instead. There are a few ways this might exist in ColdFusion code, and Fixinator can detect all of these with a compatibility scan:

• In Application.cfc using this.wssettings.version.publish = "1";
• In a component by adding the attribute wsversion=1
• In the cfinvoke tag with the attribute wsversion=1
• In a createObject tag by passing a struct with wsversion=1 in the third argument.

If you are using AXIS 1 somewhere you will definitely want to test this. Since this is an opt-in change, it was probably added on purpose because AXIS 2 was not working properly. Perhaps the service you are trying to consume has now been fixed to work with AXIS version 2. If not it is technically possible to craft your own SOAP requests using CFHTTP, I’ve done this many many years ago.

Removal of support for encoded templates

Templates encoded with cfencode no longer run on ColdFusion 2025. These templates were sometimes referred to as encrypted templates or encrypted cfm files.

Encoded templates were popular back in the early 2000's when custom tags were a popular method for shipping modular code (before we had functions, and components!), so be sure to check your custom tags folder if you have one.

Fixinator will alert you of these during a scan, but in order to fix these you'll need to replace the encoded cfm with the original source code.

Other Removals in ColdFusion 2025

There are several other less significant tag/function removals in ColdFusion 2025, but I think I’ve outlined the ones that will come up the most above. I encourage you to check out Adobe’s deprecation and removals doc, and scan your code with Fixinator. Here are a few more to be aware of:

• Removed / unsupported UI tags: cfsprydataset, cfmenu, cfmenuitem, cftree, tooltip, cfcalendar, cfclient, cfformitem, cfformgroup, cftable, cfcol, cfmediaplayer
• Other Removed functions: threadTerminate, getTemplatePath, StoreAddACL, StoreSetACL
• Removed certain attributes or attribute values on several tags: cfthread, cfindex, cfinput, cfform, cfobject (these tags still work, just not all attribute/values)
• Removed CFMX_COMPAT encryption / hash algorithm (it was also changed as the default algorithm in recent CF2023, and 2021 updates)
• SandBox Security is Deprecated due to JEP486 - the Java SecurityManager upon which SandBox Security is built will be removed in Java 24, it has been deprecated since Java 17. I've been working on a Java SecurityManager alternative called JarLock. If you are interested in beta testing it please reach out.

I think Fixinator is finding most if not all tag or function removals introduced in ColdFusion 2025. As always if I’ve missed something please let me know.

Bugs in ColdFusion 2025 that might cause an upgrade issue

I'll use this section to keep track of any bugs that might arise causing a compatibility issue. These will likely not make it into fixinator, unless a fix is not imminent.

• Val in Ternary Operator - The code val("") ? "yes" : "no" results in true on CF2025. Bug CF-4225874 has been logged, Adobe created a hotfix for this issue within 24 hours of it being reported (it is attached to the bug hf202500-4225874.jar), so I will expect this one to be fixed in CF2025 update 1.

Upgrading from an older version of ColdFusion?

All of the above changes are new for ColdFusion 2025, but if you are coming from a version earlier than ColdFusion 2023, then there might be a few other things you'll want to check. Here are a few notable compatibility issues introduced on versions of ColdFusion before 2025:

• DateFormat - D mask change
• Unscoped Variables / searchImplicitScopes change
• Change to default Encrypt / Decrypt / Hash Algorithms in CF2023 update 8 and CF2021 update 14
• Reserved words such as final, static, abstract and function after CF2018

Fixinator can once again assist you here, it can detect all of the above potential compatibility issues found in earlier versions of ColdFusion.

Give Fixinator a try

As you may have noticed I've spent a lot of time researching the compatibility issues, and I have put what I've learned into the Fixinator Compatibility scanner. I hope you'll consider giving it a try. Here's an example of it running on some parameterExists code:

Note that I'm using the autofix option of fixinator above to fix the code for me, but you don't have to let fixinator fix the code, you can just use it to find issues.