RAILO SERVER 4.2

  • Railo 4.1 Beta! Check it out now!

    Railo 4.2 Beta! Check it out now!

    Check out the upcoming update. Feature packed and ready to go

    Download it now »

  • Railo newsletter

     

    You want the latest news? just subscribe to our newsletter.

    Subscribe »

  • Update Notification

    Check for Railo updates

    You want the latest server updates? just subscribe to our update notification service.

    Subscribe »

  • Vote for your favorite Railo enhancement

    Need something implemented?

    Railo a better productthanks to you

    Vote and suggest the next Railo features

    Learn More »

  • Super Support Options!

    Support Packages to suit your business

    Whether you are a big enterprise, or an individual developer, we are here to help and get your project on it's way.

    See which one suits you »

  • Get Up to Speed!

    Training Courses for all your team

    Getting up to speed on using Railo Server effectively is now even easier than ever with our on-site and remote training courses

    Attend a course now »

Railo Book
Finally out on the shelves is the Railo 3: Beginner's Guide book. Written by Mark Drew, with contribution by Gert Franz, Paul Klinkenberg and Jordan Michaels, this is an indispensable guide to getting up and running with Railo Server. You can get it now from Packt Publishing.
Buy it now!
Railo Community

We know it can be frustrating getting going, but with the documentation, help and support from the community you will get going in no time! Why not check out the mailing list? As well as community based support you can call on a professional team of consultants to get you going in a jiffy!

Community Resources
Railo Source Code

Want to check out the latest Railo Source? Railo Server is hosted at Github. This means you can clone the source, build the server and even implement new and exciting features. 

View the Source

Railo Blog

April 17, 2014
Railo Server and the Heartbleed vulnerability

Recently there has been a lot of buzz around one of the largest vulnerabilities in SSL, the Heartbeat exploit. There have been questions from the CFML community whether or how Railo Server is affected by this security threat.

Railo Server is a servlet that runs on any servlet engine and therefore by itself (except perhaps for the libraries it uses) not potentially affected by the Heartbleed vulnerability.

Railo Server internal libraries

What libraries which deal with SSL does Railo internally use?

  • Railo uses several libraries that are dealing with SSL. Amongst them there is one that makes use of OpenSSL. Some details.
    • This library is called bcprov-jdk14.jar which is already several years old and therefore alone by this fact not affected by the Heartbleed bug.
    • Next to that the library implements only the SSL client which is anyway not affected by the bug, even though there are issues on the client side as well (see links below).
  • All other libraries Railo uses, use a different SSL library. In any event, these libraries provide an SSL client which anyway is not affected by the bug.
  • Here are all libraries in the current Railo distributions that use some form of SSL:
Library name
apache-commons-httpclient.jar
apache-commons-sanselan.jar
apache-jakarta-commons-fileupload.jar
apache-jakarta-commons-httpclient.jar
apache-jakarta-commons-net.jar
apache-poi-ooxml-schemas.jar
apache-poi.jar
bcprov-jdk14.jar
flex-messaging-proxy.jar
h2.jar
javaparser.jar
jencrypt.jar
jfreechart.jar
jpedal_gpl.jar
jtds.jar
microsoft-sqljdbc.jar
ojdbc14.jar
PDFRenderer.jar
postgresql.jar
sun-jai_core.jar
sun-mail.jar
xdb.jar

Servlet containers

  • Tomcat:
    • Our research revealed that the "tcnative" library is the only piece of Tomcat that is potentially affected as it is the only piece of Tomcat that uses an OpenSSL implementation of SSL.
    • Java's implementation of SSL (JSSE) is not vulnerable. The Railo Tomcat installers don’t do anything with tcnative since most users will use Apache, nginx or IIS to serve up SSL
    • Unless you have specifically compiled tcnative for your system, your instances are safe from a Railo/Tomcat point of view.
  • Jetty
    • Jetty uses JSSE as well, so it's not effected either.

So from a Railo perspective you are safe, if you use our official downloads for your system installation. If however you have built your own system ontop of Tomcat and Apache, nginx etc, you need to follow the different procedures in order to protect your system. There are several different tools out there in order to test and update your systems. The main heartbleed site contains a list of them.

Links:

April 9, 2014
(Last) Railo beta release (4.2.0.007)

On the "Development" update provider, you can find the latest Railo Beta release (4.2.0.007).

That release not only bring a lot of bug fixes, it also has some new features.


Iterator (Callback/Closure) Functions

In the last release we already added a couple of new iterator functions to Railo (arrayEach,arrayEvery,arrayMap,...), in this release we even extended that list with iterator functions for the "query" and  "string lists".
So we have new the following functions:
- QueryEach
- QueryEvery
- QueryFilter
- QueryMap
- QueryReduce
- QuerySome
- ListEach
- ListEvery
- ListFilter
- ListMap
- ListReduce
- ListSome
 
We had a vivid discussion about how the argument scope of the udf/closure called with the query functions should look like, again thx to everybody for that!
We decided not do add a new "QueryColumn" type to Railo and simply pass the current row as a struct to the closure/udf and the hole query with the 3th argument
(We will do a detailed blog post about this in the near future).
Of Course all the new query functions can also be used "member functions" (Example: myQuery.each(function(struct row,numeric rowNumber,query query){dump(row)});).
 
The "List" Functions work the same way as the array functions, with the different that you call them with a string list and not a array ;-)
ATM the list functions are not supported as "member functions" (more below).
 
In the last release we also added iterator functions that are not specific to a type, functions that can handle all kind of "collections", the same way <cfloop collection="..."> can.
problem was that the short names of this functions getting in conflict with existing  UDFs defined by existimg CFML applications, for example the function "map" that is also used as UDF in "wirebox".
So we decided to rename this functions to "collection...", so for example "Map" is now renamed to "collectionMap".
 
Of course all this new iterator functions (except ...reduce) are supporting parallel execution like the existing ones!
 
Member Functions
Railo is supporting member functions for some time now, for the types [array,date,struct,query]. In the current beta release ACF has adopted this feature and they added additional support for the type string,"list" and image as well.
In this release we added support for "string" as well (and the next release will support "image"), what we not have is support for "list" functions, because it was not sure at the time of the release how they will look like in ACF (current implementation is not ... very good and they plan to change it for the next beta release).
Until the final release all of this is not curved in stone, so please feel free to eat it alive!
 
we also added new member function for strings (startsWith,endsWith,isEmpty)
 
GetBuiltInFunction (experimental)
This new function is returning you any built in function as a object that can be used the same way as a closure/udf.
Example:
function test(function finder,string str,string sub){
   return finder(sub,str);
}
if(custom) func=function (string sub, strig str){...};
else if(caseSensitive) func=getBuiltinFunction("find");
else func =getBuiltinFunction("findNoCase");
res=test(func,str,sub);
 
Function Reference Documentation in Admin
in the function reference in the Railo Administrator you can now filter functions by keywords, so for example you choose "iterator" to list only the iterator functions.
 
Unary operators
Thx to Adam Cameron we have uncovered a bug with all unary operators that is fixed with this release.
 
This is the last beta release for 4.2, so please report any problem you have with it
Have fun
Micha 
 

List of Jira Tickets solved
Enhancement
[RAILO-2250] - add member function isEmpty() to String

Feature Request
[RAILO-2986] - add function QueryEach
[RAILO-2987] - add function QueryEvery
[RAILO-2992] - add function QueryMap
[RAILO-2994] - extend function ListFilter
[RAILO-2995] - add function ListMap
[RAILO-2996] - add function ListReduce
[RAILO-2997] - add function ListSome
[RAILO-2998] - add string member functions
[RAILO-3001] - add member methods startsWith() and endsWith() to string objects
 
Bugs
[RAILO-2961] - returning a complex object containing an array of complex objects with base components, does not return base components properties
[RAILO-2963] - Providing array of Structs for SOAP function argument as an array of Complex objects
[RAILO-2965] - properties of complex soap arguments are not dynamically typed
[RAILO-2976] - webservice Complex Objects as arguments don't get accessible data.
[RAILO-2978] - Soap webservices Complex type composed of an array of complex types, throws exception
[RAILO-3003] - webservice with component argument breaks
[RAILO-3005] - railo-inst.jar is deleted during upgrade process
[RAILO-3022] - unary operator creating a new variable in a other scope in some situation
April 1, 2014
CFML Tip Of the week: Replacing the last element of a string
The functions replace() and replaceNoCase() offer the option to either replace one element or all elements. But what if I want to replace the last occurrence of a given text.

Consider the following problem. We have the string:

this is the haystack where the needle is hidden. This is a very small needle, so I hope the needle will be found

and we want to replace the last occurrence of the word needle with object. So that the text looks like this:

this is the haystack where the needle is hidden. This is a very small needle, so I hope the object will be found

Obviously there is the usual programmed posibility to do something like this:

<cfscript>
   sNeedle = "needle";
   sReplace = "object";
   sHayStack = "this is the haystack where the needle is hidden. This is a very small needle, so I hope the needle will be found";
   iTmpPos = find(sNeedle, sHaystack, 1);
   iLastPos = iTmpPos;
   while (iTmpPos neq 0) {
      iLastPos = iTmpPos;
      iTmpPos = find(sNeedle, sHaystack, iLastPos+1);
   }
   replacedString = left(sHayStack, iLastPos - 1) & replace(mid(sHayStack, iLastPos), "needle", sReplace, "once");

   dump(replacedString);
</cfscript>


This code is first searching for the last occurrence of the search string. Then it concatenates the result and replaces the new string in the partial string which contains the last occurrence of the search string.

But there is a very neat other way of doing it. Have a look at this code:

<cfscript>
   replacedString = reverse(replace(reverse(sHayStack), reverse("needle"), reverse(sReplace), "once"));
   dump(replacedString);
</cfscript>


It just occurred to me when a colleague of mine asked me about replaceLast(). Obviously it will work correspondingly with replaceNoCase as well.