• Railo 4.1 Beta! Check it out now!

    Railo 4.2 Beta! Check it out now!

    Check out the upcoming update. Feature packed and ready to go

    Download it now »

  • Railo newsletter


    You want the latest news? just subscribe to our newsletter.

    Subscribe »

  • Update Notification

    Check for Railo updates

    You want the latest server updates? just subscribe to our update notification service.

    Subscribe »

  • Vote for your favorite Railo enhancement

    Need something implemented?

    Railo a better productthanks to you

    Vote and suggest the next Railo features

    Learn More »

  • Super Support Options!

    Support Packages to suit your business

    Whether you are a big enterprise, or an individual developer, we are here to help and get your project on it's way.

    See which one suits you »

  • Get Up to Speed!

    Training Courses for all your team

    Getting up to speed on using Railo Server effectively is now even easier than ever with our on-site and remote training courses

    Attend a course now »

Railo Book
Finally out on the shelves is the Railo 3: Beginner's Guide book. Written by Mark Drew, with contribution by Gert Franz, Paul Klinkenberg and Jordan Michaels, this is an indispensable guide to getting up and running with Railo Server. You can get it now from Packt Publishing.
Buy it now!
Railo Community

We know it can be frustrating getting going, but with the documentation, help and support from the community you will get going in no time! Why not check out the mailing list? As well as community based support you can call on a professional team of consultants to get you going in a jiffy!

Community Resources
Railo Source Code

Want to check out the latest Railo Source? Railo Server is hosted at Github. This means you can clone the source, build the server and even implement new and exciting features. 

View the Source

Railo Blog

May 3, 2015
A message from the majority shareholder of The Railo Company

Dear Railo Community, Customers and Fans,

On behalf of 4F Technology Innovation BV (“4FTI”), majority owner of The Railo Company Ltd. (“TRC”), we would like to clear up the confusion that may have been created recently regarding the future of Railo.

We reflected long and hard before posting this, but we felt that it would be consistent with the mission, vision, and spirit of Railo to correct the public record.

We at 4FTI share the commitment to the future of CFML and, in large part, this commitment drove our initial decision to build TRC and to grow Railo. This is absolutely unchanged today.

When, back in 2012, 4FTI acquired its majority stake in TRC and became an investor in the company, it had 2 main objectives stemming from the fact that the 4FTI companies themselves are all long-time CFML development companies from across Europe:

  • To ensure the future of CFML and
  • To release a commercial version of the Railo platform

Together, working towards and achieving these objectives would make TRC a profitable, sustainable business for years to come.

Since our very public launch at CF.Objective 2012, Railo has successfully expanded its customer base, continued to innovate with new versions, launched a global partner program, and implemented development of a commercial platform. Over the last few years, all releases of Railo were released under the TRC brand. That recently stopped with Version 4.2, for reasons that we at 4FTI only recently came to learn: the launch of Lucee.

To be clear:  we at 4FTI enthusiastically support the Lucee initiative’s principles and the use of Railo’s open source platform to build new and exciting products and solutions. This is precisely what we set out to do when we launched TRC. Indeed, the recent launch of Lucee is further proof that the rumors of CFML’s demise have been greatly exaggerated.

However, Lucee was founded by the same people who still own and operate Railo Technologies GmbH (“RT”), a part owner of TRC.  And they used the Railo platform to do it.

As you might expect, RT sees no problem with any of this. We do.  

Simply stated, TRC is the exclusive owner of all intellectual property of any kind whatsoever regarding Railo. This is not limited only to the Trademark as some have blogged, but this means all the technology, systems, logo's, the domains……in short, everything under the sun associated with the Railo platform is owned by TRC.

Here are the facts:

  • TRC was established in 2012, with Gert Franz appointed Managing Director on Day 1, as a part of the investment arrangements and written agreements.
  • Railo Technologies GmbH (“RT”), owned by Michael Offner-Streit and Tanja Stadelmann, and with Gert Franz as President of the Management, transferred all assets and intellectual property in the Railo Platform - in writing - in exchange for an ownership stake in TRC. So, for clarity, TRC became the sole controlling owner of all Railo intellectual property.
  • Unfortunately, despite this obligation, RT did not transfer credentials (such as CMS and email system) to our company’s domain until very recently.
  • RT and its shareholders also assumed very specific obligations and responsibilities regarding their role in TRC. Among other things, RT (including its owners and management)  “cannot license the Railo Server or perform any services in connection with or related to the Railo Server for or on behalf of any third party except as expressly authorized by TRC”.
  • In connection with the founding of Lucee and other RT business activities, no such authorization has been requested by or granted to RT or any of the “original” Railo people - not to Michael Offner-Streit, not to Gert Franz, not to any other person.
  • Instead, the same people who today still own RT and, therefore, still own a part of TRC, used Railo without permission from TRC not only for their own business interests but also - and much to our surprise – for the founding of Lucee. We believe this to be an act of "Bad Faith" by RT and/or its shareholders.
  • These same individuals were supposedly developing the commercial platform for TRC together with Railo 5 but were actually working on the launch of Lucee --- with functionalities now available through Lucee that were intended to be part of the commercial version of Railo, and which today belong to TRC.

What this means in a nutshell

The open source version of Railo is available to the world. But that world does not include RT or any of its principals, each of which owes very specific duties to TRC.

The idea that open source technology “can be forked by anyone”, as has been suggested in various blogs, is not correct. The companies and individuals who were and even today still are part owners of TRC, cannot simply “fork” the technology for their own purposes as they have done, compete "against" their own company (TRC), and simply ignore contracts that prevent them from doing so.

4FTI has made a significant investment of capital, time, and other resources to ensure the growth and success of Railo. Despite efforts over many months to untie these knots, we have been left no other choice but to protect our investment, the Railo brand and the Railo technology through litigation.

So, unfortunately, it is now up to the UK courts to settle these issues.

What this means for Lucee

Again, we support the spirit and intent of the Lucee initiative, although we fail to see the advantage of another CFML platform. However, the use and development of Railo to release what is now being “packaged” as Lucee 5 was not authorized by TRC and, therefore, remains the property of TRC.

For this reason, we are compelled to provide notice that any use of Railo by Lucee or by its membership may constitute an unlawful infringement of TRC’s intellectual property rights. We strongly urge you or your customers to request that Lucee and its founders warrant that nothing contained in any Lucee release is subject to claims from third parties including TRC and that all IP is free and clear to Lucee. We are confident that no such warranty can or will be provided.

All of these internal issues will take time to sort out and we will try to keep you updated throughout.

What this means for the future of Railo

What we can tell you now is this: Railo is alive and well!  New customers continue to come online.  Existing customers continue to add to the Railo platform. And development of a commercial version continues.

While we had hoped to release a new (and much talked about) version (Railo 5) last year, we - like you - now understand why that did not happen as planned. However, we remain undaunted and we are planning the future development and innovation of the Railo platform. And we have taken steps to do so. 

If you want to help, let us know.

We welcome any questions you may have and, to the extent we can comment, we will. We hope this provides greater clarity regarding Railo and the path ahead.

Watch this space for further announcements.

Best regards,
4F Technology Innovation BV

May 16, 2014
Railo 4.2 Final release
Some of you maybe already saw that we releases yesterday Railo 4.2 final (was about time!).
We did this as part of our "Railo 4.2/5.0" presentation at cf.objective as a soft release.
So ATM you can update in the Railo Admin, but there are no downloads available on our website yet,
but this will follow soon.
So what is Railo 4.2 about?
Let me start with the general and language improvements.
Tags in Script

In addition to the already supported script tags in Railo, we add support for the syntax introduced with ACF11, so it's up to you to choose the syntax you like!

Example new Syntax:

cfloop (from=1, to=10, index="i") {

Example existing and still supported syntax:

loop from=1 to=10 index="i" {
Member function with Literals
Railo allows to use member functions on literal structs/arrays


[1,2,3,4].each( function() {

{susi:"Sorglos"}.each( function() { dump(arguments); 
Easy access for single characters in a string
Railo allows to use a string like a array.


String member functions
Railo is supporting all string member function including list member functions


str="Susi Sorglos";
dump(str.len());// equal to stringLen(str);
dump(str.listLast(' ')); // equal to listLast(str,' ');
We also added new member functions not supprted as regular functions 


str="Susi Sorglos";
dump(str.hasPrefix("Su")); // true
dump(str.hasSuffix("los")); // true
CFML based Filesystems
Railo is supporting a lot of virtual filesystems for a long time (ram,s3,ftp,http,zip ...), all this Filesystems are implemented in Java,
Railo now allows to write a virtual filesystem in CFML, so you can for example do a "dropbox" filesystem "simply" by implementing a specific component.
Detailed information about this will follow soon ...
Custom tag search in archives
Railo now can search Railo Archives recursive for custom tags
Extended or new Function/Tags
Railo 4.2 also comes with a basked filled with new and extended Tags and Functions
cachedwithin "request"
the attribute "cachedwithin" you have with the tag cffunction,cfquery,cfinclude allows to define "request" instead of a timespan. 
This way the result is cached for the current request.


<cfquery name="qry" cachedWithin="request">
   select lastname from Person where whatever=#whatever#
"cachedwithin" with tag cfinclude
we added the attribute "cachedwithin" to the tag cfinclude, so now you can cache includes the same way you can queries and functions!
cffunction "cachedwithin" improved
cffunction cachedwithin now also works with complex objects in the argument scope what was not possible before.
We added the function QueryExecute, so now you have a additional way to do queries in script
here you have some examples for it, detailed documentation will follow ...
Iterator/Closure functions

Railo added a lot of new iterator/closure functions, i will not go into detail about the functionality of this functions, here just the list:
structEvery, structMap, structReduce,structSome
listEvery,listMap,listReduce,listSome,ListEach, extend listFilter (https://issues.jboss.org/browse/RAILO-2994)
Of course all this functions are available as member functions as well.
All functions (expect ...reduce) supporting the "parallel" and "maxThreads" arguments, that allows to execute parallel execution!
The response from the tag <cfhttp> now contains a new key "cookie" that contains the cookies passed back as a query, so you no longer have to parse the cookie header yourself.
cfdirectory/cffile createPath
extended the tags cfdirectory/cffile with the attribute "createPath" to have influence on whatis happening when a parent directory not exists
added function getCanonicalPath that cleans a given path
add function "queryRowData" to red a specific row from a query
structFind default
extended the function structFind with a optional default value
CreateObject pathes
3th argument of createObject("java",... can be a array instead of a string list
CallStackGet output type
added optional argument to the function callStackGet to get influence on the output type (text,hrtml,json) 
CfProcessingDirective preserveCase
add attribute "preservecase" to the tag <cfprocessingdirective> to control the behavior with dot notation keys in a template
ToBinary charset
add new optional argument "charset" to function "toBinary"
UCFirst improvement
it's useful to be able to lowecase an input string before calling UCFirst if ALL of the characters in the input string are UPPER case.
many times users input their names as: "SUSI SORGOLIS", in which case UCFirst does not do anything.
the proposed feature will correctly convert such an input string to "Susi Sorgolis", while preserving the case of the D in an input string like "Ronald McDonald"
GetTickCount improvement
Railo added support for shortcut for argument "unit"
QueryNew improvement
Extended QueryNew to allow populate the query directly
SerializeJson charset
Add argument charset to function SerializeJson
GetLocalHostIP improvement
improve function getLocalHostIP
DateTimeFormat improvement
Enhance function DateTimeFormat() to support ISO8601
DeserializeJson improvement
The function DeserializeJson keep order when deserialize a json struct
IsEmpty member function
Add member function isEmpty
We did also some improvements for the Administrator
Disable type checking
You can now disable type checking in the Railo Administrator
Mapping inspect "inherit"
Railo now allows you to define "inherit" for inspect setting of a mapping to inherit the behavior defined for the context.
Session/Client Storage definition
Railo now allows to define session/client storage in the Railo admin.
Application.cfc/CFApplication Tag
Railo 4.2 brings a lot of new possible settings for the Application.cfc, settings only possible in the Railo Administrator in previous versions.
This makes it easier for application developer to provide applications with specific environment needs to everybody.
For every setting in the Railo Admin that is also possible in the Application.cfc as well, you see a the following hint "<?/>" in the admin, that shows you how to use in the Application.cfc.
There is also a new page "Settings/Export" that shows you all settings possible in the Application.cfc that are possible in the Administrator.
All the following settings are also available with the tag <cfapplication>.  
Tag attribute default values
Railo allows you to define default values for attributes of all tags, including tags defined with extension.
this.tag.location.addtoken=false; // core tag library need no "cf" prefix definition

this.tag.cfdump.format="classic"; // but you can use "cf" prefix definition

cfapplication onMissingTemplate
you can define "onMissingTemplate" event listener with the tag <cfapplication> as well.
Railo added support for this.locale and this.timezone to the Application.cfc
Railo added support to set charsets in the Application.cfc
Scope cascading
Allow to define the scope cascading behavior in the Application.cfc as follows:
Request Timeout
Railo added the possibility to set the request timeout in the Application.cfc
(also this.timeout is supported as alias, for compatibility to ACF)
GZip Compression
Railo added support for enable/disable gzip compression in Application.cfc
Railo 4.2 has a completely rewritten logging framework which is now using log4j instead of a custom one previously. In addition, in the Railo admin you now can inspect all logs created by Railo and you can control where log files are written and how the output looks like. Railo 4.2 dramatically improves performance for the existing logging
Log "cfcatch"
Railo added a new attribute "exception" to the tag <cflog>, to make it possible to send exceptions (cfcatch) directly to a log.
	<cfthrow message="shit happens!!!">
		<cflog application="true" type="error" exception="#cfcatch#">
Administrator Frontend
There is now a page in the Railo Administrator to manage all the log files used
Attribute "log" improved
Since you now can define several individual loggers in the Railo Administrator, by giving them a name, you can use every of these loggers defined in the extended attribute "log". So you can not only use "scheduler" and "application" but you can define your custom logger in the Administrator and use it within the attribute. This is similar to the way you use a datasource name.
<cflog  log="myCustomLogger" message="#msg#">
Railo 4.2 improves the information you receive when an exception is raised. For example when you use a non-existing key in your code, Railo checks if there is a similar key available and informs about this key in the error message.
Lock increase Exception message
When a lock severity is getting increased inside an inner lock from read to exclusive, an exception thrown indicating that it was not possible to acquire the lock. In this particular case it is helpful to know why the error occurred. So the exception is informing you that your request already performed read lock and you now try to acquire an exclusive lock.
ORM Exceptions
Improved ORM Exceptions
April 17, 2014
Railo Server and the Heartbleed vulnerability

Recently there has been a lot of buzz around one of the largest vulnerabilities in SSL, the Heartbeat exploit. There have been questions from the CFML community whether or how Railo Server is affected by this security threat.

Railo Server is a servlet that runs on any servlet engine and therefore by itself (except perhaps for the libraries it uses) not potentially affected by the Heartbleed vulnerability.

Railo Server internal libraries

What libraries which deal with SSL does Railo internally use?

  • Railo uses several libraries that are dealing with SSL. Amongst them there is one that makes use of OpenSSL. Some details.
    • This library is called bcprov-jdk14.jar which is already several years old and therefore alone by this fact not affected by the Heartbleed bug.
    • Next to that the library implements only the SSL client which is anyway not affected by the bug, even though there are issues on the client side as well (see links below).
  • All other libraries Railo uses, use a different SSL library. In any event, these libraries provide an SSL client which anyway is not affected by the bug.
  • Here are all libraries in the current Railo distributions that use some form of SSL:
Library name

Servlet containers

  • Tomcat:
    • Our research revealed that the "tcnative" library is the only piece of Tomcat that is potentially affected as it is the only piece of Tomcat that uses an OpenSSL implementation of SSL.
    • Java's implementation of SSL (JSSE) is not vulnerable. The Railo Tomcat installers don’t do anything with tcnative since most users will use Apache, nginx or IIS to serve up SSL
    • Unless you have specifically compiled tcnative for your system, your instances are safe from a Railo/Tomcat point of view.
  • Jetty
    • Jetty uses JSSE as well, so it's not effected either.

So from a Railo perspective you are safe, if you use our official downloads for your system installation. If however you have built your own system ontop of Tomcat and Apache, nginx etc, you need to follow the different procedures in order to protect your system. There are several different tools out there in order to test and update your systems. The main heartbleed site contains a list of them.