ADF Release Notes v2.5

Overview

The Application Development Framework (ADF) version 2.5 release contains enhancements and bug fixes to core ADF 2.4.1 functionality. Previous development builds of ADF 2.4.x have been rolled up into this 2.5 release build.

Version Compatibility

This 2.5 version of the ADF is ONLY compatible with CommonSpot 10.5.2 or 10.6.1 (or higher).


If your site is running CommonSpot 10 up to 10.5.1 or 10.6 please use ADF 2.4.x, however we strongly recommend upgrading to CommonSpot 10.5.2 or 10.6.1 and ADF 2.5!


ADF 1.8.x and older versions of the ADF are NOT compatible with CommonSpot 10.x. Please note if your site is running CommonSpot 9 or older you will need to use the ADF 1.8.1 release or the 1.8.2 development build.

ADF AjaxProxy CSRF Safe Mode

CommonSpot 10.5.2 and 10.6.1 introduced robust security enhancements to mitigate CSRF vulnerabilities by adding CSRF Token validation to it's form submits as well its internal /loader.cfm requests.


To complement these security enhancements, ADF 2.5 and its companion Apps have also be updated to add CSRF validation to its custom forms, internal CommonSpot /loader.cfm requests as well as its own /ajaxProxy.cfm requests.


However, due to the flexibility and customizability of the ADF and the ADF Applications, specifically the powerful ajaxProxy feature, the CSRF attack prevention validation has been disabled by default. It can be enabled when all custom ajaxProxy requests have been updated to take advantage of this security feature.


For more information see the ADF AjaxProxy CSRF Safe Mode documentation regarding enabling the security enhancement. 

Field Type CFCs

CommonSpot 10 and above, requires that all Custom Field Type Render modules be converted to be a CFC versus a CFM module. See the ADF 2.0 release notes for more information regarding CFC render modules built for the ADF 2.x releases.

Resource Loading

CommonSpot 10 introduces a new Resource Loading Framework to help efficiently load JavaScript and CSS resources. See the ADF 2.0 release notes for more information regarding using CommonSpot Resource Loading with ADF 2.x releases.


For detailed information about the Resource Loading Framework, see the CommonSpot Developer's Guide.

Installation/Upgrade

For detailed instructions for installing the ADF, see the ADF Installation Guide.


For detailed instructions for upgrading from a previous version of the ADF, see the ADF v2.5 Upgrade Guide.

If you are upgrading from an earlier release, we strongly recommend that you also read the following:

2.0.0 Release Notes

2.0.1 Release Notes

2.3.0 Release Notes

2.3.1 Release Notes

2.4.0 Release Notes

2.4.1 Release Notes

Previous ADF version Release Notes

Notable Enhancements

The ADF 2.5 release contains the following significant enhancements.

General

  • Added CSRF Token validation to custom forms, CommonSpot loader.cfm requests and ADF ajaxProxy.cfm requests.

Core

  • Added the enableADFcsrfSafeMode() method to the SiteBase.cfc.
  • Added the configuration method to the ADF.cfc to enable/disable the ADF CSRF Safe Mode.

Library Components

  • Added the csSecurity_2_0 library component to house the getCSRF_Token passthrough method for the CommonSpot getCSRF_Token method.
  • Updated the ajax_1_0.buildAjaxProxyString with the CSRF validation logic to protect ajaxProxy.cfm requests.
  • Added the ajax_1_0.buildAjaxProxyString with the siteCSRFSafeMode variable enable/disable the CSRF validation for ajaxProxy.cfm requests..
  • Added a forceRemote parameter to the CCAPI related methods in the api_1_0 component.
  • Added a forceRemote parameter to the api_1_0.populateCustom method.
  • Added the v_2.5 library component block to the version.xml.

Notable Updates

The following notable updates were in this release:

Library Components

  • Resolved an issue with utils_1_2.runCommand() not processing CommonSpot validatedArray data properly.

Updated ADF Applications

The following ADF applications were also updated as part of the ADF 2.5 release. Please check the release notes for these apps for details.