Issues
4 of 4
ACF 2025 Will Completely Remove the CFMX_COMPAT Algorithm
Description
Details
Assignee
Michael OffnerMichael OffnerReporter
Brian ReillyBrian ReillyLabels
New Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue
Fix versions
Priority
New
Details
Details
Assignee
Michael Offner
Michael Offner
Reporter
Brian Reilly
Brian Reilly
Labels
New Issue warning screen
Before you create a new Issue, please post to the mailing list first https://dev.lucee.org
Once the issue has been verified, one of the Lucee team will ask you to file an issue
Fix versions
Priority
NewCreated 12 December 2024 at 17:40
Updated 3 days ago
Activity
Show:
Michael Offner24 January 2025 at 15:26
For Lucee 7 we will completely remove it
Michael Offner24 January 2025 at 15:04
For Lucee 6.2 we added the possibility to set a different algorithm via env var/system prop, details here
but default still is CFMX_COMPAT (no breaking change in minor releases)
Per this Community post from Adobe, ACF will completely remove the CFMX_COMPAT Algorithm - https://community.adobe.com/t5/coldfusion-discussions/important-notice-upcoming-deprecations-and-removals-in-coldfusion-2025-release/td-p/15034185
ACF2023 U8 and ACF2021 U14 changed the default algorithm from CFMX_COMPAT in several encryption-related functions – (Encrypt, EncryptBinary, Decrypt, DecryptBinary, Rand, Randomize, RandRange per https://helpx.adobe.com/coldfusion/kb/coldfusion-2023-update-8.html) , but in ACF2025 the CFMX_COMPAT is slated to be completely removed. CFMX_COMPAT is a legacy algorithm and is cryptographically insecure as it only uses a 32-bit key.
Creating a Lucee incompatibility issue for this item.