Entries Tagged as ' Security'

This post is to announce the release of the following ColdFusion updates:

ColdFusion 2016 Update 4

ColdFusion 2016 Update 4 introduces support for Windows Server 2016, upgrades Tomcat to version 8.5.11.0 and fixes 115 bugs (including 52 external bugs) in areas such as Security, Language, Charting and Performance. This update also addresses vulnerabilities mentioned in the security bulletin APSB17-14.  For details and instructions on how to apply this update refer this technote.

ColdFusion 11 Update 12

ColdFusion 11 Update 12 upgrades Tomcat to version 7.0.75. It also addresses vulnerabilities mentioned in the security bulletin APSB17-14 and fixes 59 bugs (including 28 external bugs) related to areas such as AJAX, Charting and Language. For details and instructions on how to apply this update refer this technote.

ColdFusion 10 Update 23

ColdFusion 10 Update 23 upgrades Tomcat version to 7.0.75. This update addresses vulnerabilities mentioned in the security bulletin APSB17-14 and includes a total of 17 bug fixes (including 7 external bugs) related to Language, Charting, Scheduler, Document Management and certain other areas. For details and instructions on how to apply this update refer this technote.

 

Read more...

An important security fix for ColdFusion Builder 3 is now available for download. For more information on the vulnerability refer APSB16-44.

You can download the patch from here (md5 checksum : b67914e27ca4fb8e0fc5ecd354e9a330). Apply this patch to secure your ColdFusion Server and Builder installation. Follow the installation instructions detailed at this technote

This post is to announce the release of updates for ColdFusion 11 and ColdFusion 10.
These updates address the security vulnerability CVE-2014-3529, mentioned in the bulletin APSB16-30.
ColdFusion 2016 is not affected by this vulnerability.
Refer the following KB articles for instructions on how to download and install the updates.
ColdFusion 11 Update 10
ColdFusion 10 Update 21

As you are probably aware, with each version of ColdFusion, security is at the top of the priority list. With the latest release of ColdFusion, it is not just the security related features. Emphasis was laid on the inherent security of the ColdFusion platform by itself. To validate this, the PSIRT (Product Security Incident Response Team) at Adobe helped arrange a third party security audit for ColdFusion. The audit did come up with a few findings. Our Product engineers did an excellent job of mitigating all the findings to the fullest. 

To validate the above claim, we now have a public facing security report, from the agency that performed the security audit, indicating that 100% of all findings have been mitigated. Here is the public facing report with all the details. You can also view the link to this security audit report under datasheets and whitepapers section of the ColdFusion product home page on the Adobe website.

The following ColdFusion updates are now available for download. These updates address a common XXE vulnerability in BlazeDS. For details refer the security bulletin hyperlinks in the sections below.

Users who are using LCDS with ColdFusion, should refer this technote, for updating their LCDS installation.

ColdFusion 11 Update 6

This Update addresses a vulnerability mentioned in the security bulletin APSB15-21. This update is cumulative and includes fixes from previous ColdFusion 11 updates.

For details, refer this technote.

ColdFusion 10 Update 17

This Update addresses a vulnerability mentioned in the security bulletin APSB15-21. This update is cumulative and includes fixes from previous ColdFusion 10 updates. 

For details, refer this technote.