I've not yet seen anyone try to create an ultimate list of *all* the new features in CF10, so here's my shot at it. (This is based on the public beta. I will update it soon with info from the final release.) Of course many (including Adobe) have created lists that show perhaps a couple dozen of what they think may be the most prominent features, or the most interesting for them, etc. I've just not yet seen anyone list even simply all the features mentioned in the beta new features guide. That's what I'm doing here.

But to be clear, I am not listing every new tag and function (that would be tedious.) Instead, I'm listing them as concepts, and where warranted, any relevant subtopics that expand on the new feature.

I've got more to say about the list (how I created it basically from the 244-page CF10 new feature docs, and what you can do to help expand it). But some will want me to cut to the chase, so here's the list. Please check out the additional discussion after it.

Charlie's Ultimate List of new CF10 Features, revision 1.8 (Mar 8 2012), listing 216 items

• Replacement of JRun with Tomcat
  • Includes support for instances and clusters, as previously (since final, this is clarified as still being Enterprise-only)
  • Support for IIS, Apache, and built-in web server, as previously
  • Support for SSL and virtual directories
  • Support for CFStat, even in multiple instances (and how to change the connector port for that)
  • Support for SES (Search engine safe) URLs and log rotation, as previously
  • Support for persistent sessions over restarts
  • Support for configuring Apache virtual host for each ColdFusion instance
  • new sessionStartTime function (this seems listed in the wrong place in the doc) (as of final release, not mentioned in docs nor appearing in results of CF's getfunctionlist function)

• Security enhancements
  • Handling XSS attacks
    • Only the following characters are allowed as values for the attribute name in the tag cfform: alphanumeric characters, _ (underscore), - (hyphen), : (colon), and . (dot). It prevents stored XSS for the scriptsrc field
    • The following new encoding methods are added to reduce XSS attack vulnerability: encodeForHTML, encodeForHTMLAttribute, encodeForJavaScript, encodeForCSS, and encodeForURL. Encode the user inputs depending on the contexts. To decode the input string, added a method: canonicalize

  • Handling CSRF attacks
    • CSRFGenerateToken: Returns a random token and stores it in the session
    • CSRFVerifyToken: Validates the given token and the key against the same stored in the session

  • Session improvements
    • CF Session cookies (CFID, CFTOKEN, CFAuthorization_app-name). The new features to manage session cookies are:
      • The following properties of ColdFusion session cookies can be configured at server level or application level:
        • httponly: true by default
        • secure: false by default
        • domain
        • timeout: 30 years by default
    • New methods added for session management: SessionInvalidate, SessionRotate

  • Handling CRLF attacks
    • Protection is added against CRLF attacks for the tags which create a header, for example, cfheader, cfcontent, cfmail, cfmailpart, and cfmailparam

  • Information disclosure (Passwords for all services are encrypted in this version)

  • New HMAC function (Hash-based Message Authentication Code)

  • cfcookie support in CFScript

  • Miscellaneous Changes
    • The httponly cookies support is available on Tomcat supporting J2EE 1.6
    • A new parameter, numIteration, is added to the hash() method
    • Strengthened cflogin and authorization cookies
    • You are logged out from one of the ColdFusion administrators, if from the same host, you log in to the ColdFusion (10) Administrator and the ColdFusion Administrator of an older version
    • For a user with RDS access, in the ColdFusion Administrator, you can set the data source and secured file path permissions
    • The default values for the new sandbox are changed to make it more secure
    • If the action attribute is not specified in the cfform tag, it does not generate the action using the current URL. If there are issues, add the following entry in the ColdFusion-install-dir\cfusion\bin\jvm.config file: -Dcoldfusion.generateformaction=true

• ColdFusion WebSocket
  • Broadcast
  • Point to point

• Language enhancements
  • Support for for-in construct (for query)
  • Provide cffile content in the tag body
  • Callstack for ColdFusion functions (new function CallStackDump)
  • Getting application metadata (new function getApplicationMetadata)
  • Getting disk space details (new getTotalSpace, getFreeSpace functions)
  • Application-specific In-memory file system
  • Securing your uploads by default (by verifying the MIME type),
    • (Note that some of the features below are useful beyond just securing file uploads)
    • New Application.cfc event method, onAbort
    • New action copy for cfdirectory
    • New function directoryCopy
    • Modifications to the tag cffile
    • New function FileGetMimeType
  • New function ArraySlice
  • New parameter merge supports arrayAppend
  • Implicit constructor for CFC
  • Method chaining for CFC methods
  • CFC Implicit notation
  • New parameter format added to LSParseDateTime function
  • New attribute runOnce added to cfinclude
  • New attribute timeout in cfstoredproc
  • New attribute maxLength in cfparam
  • New functions dateTimeFormat and lsDateTimeFormat
  • New function reEscape
  • The function replaceList takes delimiters
  • Modifications to the functions arraySort, listSort, and structSort
  • Implicit struct now supports use of : (colon) separator
  • The attribute output is ignored in the interface signature
  • FUNCTION is now a ColdFusion datatype
  • Dynamic references supported in query looping
  • New function invoke
  • New attribute secure in cfpop
  • New attribute group in cfloop
  • For-in constructs now support Java arrays
  • Enhancements to queryAddRow and queryNew functions
  • New function listRemoveDuplicates
  • Support for XPath 2.0 and XSLT 2.0 syntax
  • (Note that there are some other new tags and functions, mentioned in other sections of this document.)

• Closures
  • Also adds several new functions, some useful with on their own as well as with closures: ArrayEach, ArrayFilter, ArrayFind, ArrayFindAll, ListFilter, isClosure, StructEach, StructFilter

• Enhanced Java integration
  • Integrating Java libraries (dynamic class loading)
  • CFC Proxy (cfcproxy)
  • createDynamicProxy function

• ColdFusion ORM search (full text search)
  • Settable at application, component, and property level
  • Supports both Auto-indexing (on persistence) or Offline indexing (on-demand using ORMIndex)

• Solr enhancements¹
  • Use Data Import Handler for database indexing
  • Index and search based on dynamic custom fields
  • Reload individual collections
  • Add languages for search
  • Secure your search system using ColdFusion Administrator
  • Autocommit indexed documents
  • Boost specific fields or entire document for improved search results

• Scheduler enhancements
  • Grouping
  • Application-specific tasks
  • Event Handling
  • Chaining
  • Cluster
  • Cron commands
  • Prioritize tasks
  • Exclude dates
  • In case of error
  • If task misfires
  • Pause and resume/Pause all and resume all
  • List tasks
  • Retry
  • Repeat
  • Customize quartz

• New system functions
  • getSystemFreeMemory
  • getSystemTotalMemory
  • getCPUUsage

• Connect to Microsoft Exchange Server 2010
  • Folder operations such as create, modify, or delete
  • Get rooms and roomlist in the exchange organization
  • Information on user availability, that helps effective scheduling
  • Conversation operations such as find conversation details, copy, move, and the status if the conversation is read

• Lazy loading across client and server (for applications that use ColdFusion ORM in the back end and Flex as the front end)

• Web service enhancements
  • About:
    • Adds WSDL 2.0 specification support to current WSDL 1.1
    • Axis 2 support in ColdFusion lets you consume web services that publish WSDL in the following styles:
      • Adds "Document Literal Wrapped", to current RPC and Document Literal support
    • Adds SOAP 1.2 protocol support to current SOAP 1.1

• RESTful Web Services in ColdFusion
  • About
    • Follows HTTP request-response model
    • Supports all HTTP methods
    • Implicit handling of serialization/deserialization
    • Publish web service as both REST service and WSDL service

• Media Player enhancements
  • HTML 5 video playback capability
  • Fallback to HTML 5 video playback if Flash player is not installed
  • Browser independent video controls
  • Dynamic streaming of Flash videos
  • Advanced skinning for media player
  • Play list for Flash videos
  • Embedding subtitles in SRT format using HTML track element
  • Extending media player using plug-ins built using Open Source Media Framework (OSMF), for example to:
  • Play videos in the YouTube server
  • Use stage video support by showing advertisements within the videos in linear and non-linear mode
  • Adding title to the video

• HTML enhancements
  • Displaying geolocation
  • cfinput attribute type now supports all HTML 5 input types, for example, email, range, or date; as well as new attributes such as max and min.

• Client-side charting
  • Popular chart formats with appropriate fallback functionality: Use HTML 5, Flash, SVG, or VML charts

• Caching enhancements
  • Application-specific caching (optional along with existing server-level)
  • Enhanced query caching using Ehcache (configurable at server or app level, including max size and removal of cache entries by id or region)
  • New and modified cache functions
  • removeCachedQuery
  • Enhancements to existing cache functions
  • Cache statistics
  • CFLOGIN now uses ehcache for an authentication cache

• Other enhancements
  • Virtual File System: Support for HTTP, FTP, and ZIP
  • CAR, migration, and Code Analyzer (not really "new" in CF10, nor even seemingly updated)
  • Interoperability with Microsoft Office 2010
  • ColdFusion image enhancements
    • An optional attribute interpolation has been added to cfimage action = "resize" for resampling
    • Change of behavior if attribute name used for cfimage action = "captcha" (with respect to destination)
    • The function imageDrawText now returns struct with width, height of text drawn
    • Fallback to system font for cfimage action = "captcha"
    • New function imageCreateCaptcha
    • New function ImageMakeColorTransparent creates an image and sets a transparent color
    • New function ImageMakeTranslucent create a new translucent image with given percentage of translucence
    • New parameters rule and alpha for the function imageOverlay
  • Support for HTML 5 multifile input field in fileUploadAll and Form scope
  • Function expandPath resolves files in custom tag directory
  • Form fields with same name can be accepted as an array, if new this.sameformfieldsasarray = "true" is used
  • Enhancements to Amazon S3 integration regarding file uploads
  • Available Administrator password reset script
  • Database enhancements
    • Track client information (enable auditing on database, while performing a database operation, in databases that support such tracking)
      • using new ClientInfo attribute available on query tags to set the info
      • use new type="clientinfo" for CFDBINFO to determine supported ClientInfo properties
      • retrieve tracking info passed using new fetchclientinfo attribute on query tags
      • Can pass client information on datasource definition in ColdFusion administrator
    • Support for new SQL types (CF_SQL_NCHAR, CF_SQL_NVARCHAR, CF_SQL_LONGNVARCHAR, CF_SQL_NCLOB, CF_SQL_SQLXML)
    • Miscellaneous enhancements that include enhancements to connection validation and exception handling (returned with cfcatch type=database)

• ColdFusion Administrator enhancements
  • Server update (auto hotfix management)
    • List available updates
    • Notification of new updates (on admin front page)
    • Download updates, to apply now or later (via gui or command line)
  • Scheduler (scheduled task interface)
    • Manage Application- and Server- Level Scheduled Tasks
    • Enable Cluster Setup
  • Securing search system (can make Solr an HTTPS secured server)
  • Caching enhancements
    • Use Internal Cache to store queries
    • Clearing query cache
    • Clearing folder-specific template cache
  • Web services
    • specifying default Axis version
    • specifying proxy server details (previously settable only on cfinvoke)
  • RDS can be enabled from ColdFusion Administrator
  • Disable dumping of application scope of unnamed applications
  • Accessing the ColdFusion Administrator in Developer mode when 2-IP address access limit is reached
  • Restricting access to ColdFusion Administrator (optionally, to specified IP addresses)
  • Logging Administrator actions (all admin changes now tracked in audit.log file)
  • Changes to the default settings (for new CF installations)
    • Client variable storage name now defaults to cookie
    • Use UUID for cftoken now defaults to enabled
    • Enable Global Script Protection now defaults to enabled
    • Maximum number of simultaneous Template requests raised from 10 to 25
    • Maximum number of simultaneous CFC function requests (called via URL) raised from 10 to 15
    • Minimum JVM Heap Size (MB) changed from unspecified to 256mb
    • Maximum size of post data (in MB) lowered from 100mb to 20mb
    • Enable ColdFusion Event Gateway Services now disabled by default
  • Session cookie settings (HTTPONLY session cookie, Secure Session cookie, Session cookie timeout options)
  • Server monitor now shows URL for request, in request details ²

How did I come up with list?

I obtained this list mostly from the Beta New Features Guide, which is listed from the CF10 wiki.

Surprisingly, there's no table of contents, which makes it hard therefore to appreciate what all is there. Instead, there is only the bookmarks bar on the left (if you view the doc as a PDF), and that does have an outline structure, but you have to expand each one to see all that's new, which I doubt most would bother to do. So then you would have to browse the whole document and identify the headings, etc. I've filed a bug report (3132948) recommending a Table of Contents be added, if you may want to vote for it.

To begin, I grabbed all the main sections (and some of the subsections) of that left navbar of the PDF to create this list. I also found often that some sections had features that were not drawn out into separate subsections in that outline of topics. Further, I also tweaked the wording a bit where necessary to make this stand better as a list on its own.

So my list here really is more than "just a regurgitation of the document outline".

FWIW, nearly all the same topics are listed also in the CF10 doc "Developing ColdFusion Applications", in the section, "What's new in ColdFusion 10". Just like the new features document and its PDF outline tree, in this other document you do also need to drill into each heading to find more details, and often it does not even list the details in the new features PDF (which at 224 pages is quite substantial).

Finding code examples and more information

The best news is that, just as with CF 9, inveterate fellow-list maker Albarsait has started his Adobe ColdFusion 10 Tutorials and Resources page where he tracks nearly all such resources (following almost the same pattern of top-level topics as I do above).

The list will surely evolve, help me do so

This is revision 1.8 of the list (as of an update I've done Mar 8 2012). I suspect it will grow and evolve. I know of some items that are being discussed that are not in this list, but I wanted to at least get this out as is in case it may help some readers. I will likely update it in place at least until it changes somehow substantially, so keep coming back to check the version if you're interested in tracking all that's new. :-)

I've had thought of doing something still more substantial, like a wiki (that many of us together would contribute to, to elaborate on each feature, show examples, point to resources like blog entries, etc.) If you may be interested in contributing to such a concept, let me know in the comments. (Sadly, we can't seem to contribute to the labs wiki. Plus, that will likely be removed once the beta is over.)

BTW, some of you will know that I created a similar list back in Oct 2011, when I did a talk called, "What's new in Zeus. I had compiled that list from the few public presentations Adobe had given. Silly me, I never got around to offering that list as a blog entry, so many never noticed it. I hope this list may help more people.

If you have items you think ought to be added, do let me know in the comments, which will serve as your means of being credited (I'd rather not clutter the list with names if I add items, for now).

Check out what the presentation I offered today, "What's Next In CF Zeus?" (PDF of slides), which I presented at CFCamp in Munich.

(I had mentioned last week that I would be presenting this and another presentation, as well as a daylong class. BTW, the daylong class was popular, with 13 students. Great to meet all those who attended.)

I explain in the slides how I gathered the info, from 5 public Adobe Zeus sessions I've seen so far. None of those had yet cataloged ALL features that had been shown in the other sessions. There were certain things mentioned in all 4, but then also each showed things (or in more detail) that the other did not. I enjoyed pulling this all together in this talk.

As I also note in the slides, I was not permitted to show live demos (only Adobe employees can do that), but still the listing of features and brief discussions (including some code) should still be valuable. I also point to the URLs for the 4 currently available recorded public Adobe sessions, which do in fact offer more code and live demos.

I suspect I'll offer the talk soon on the CFMeetup. I may also present them in another form. But until then, enjoy the slides.

Do let me know if it's a useful list for you, or if I left anything out!