Entries Tagged as ' Security'

This post is to announce the release of updates for ColdFusion 11 and ColdFusion 10.
These updates address the security vulnerability CVE-2014-3529, mentioned in the bulletin APSB16-30.
ColdFusion 2016 is not affected by this vulnerability.
Refer the following KB articles for instructions on how to download and install the updates.
ColdFusion 11 Update 10
ColdFusion 10 Update 21

As you are probably aware, with each version of ColdFusion, security is at the top of the priority list. With the latest release of ColdFusion, it is not just the security related features. Emphasis was laid on the inherent security of the ColdFusion platform by itself. To validate this, the PSIRT (Product Security Incident Response Team) at Adobe helped arrange a third party security audit for ColdFusion. The audit did come up with a few findings. Our Product engineers did an excellent job of mitigating all the findings to the fullest. 

To validate the above claim, we now have a public facing security report, from the agency that performed the security audit, indicating that 100% of all findings have been mitigated. Here is the public facing report with all the details. You can also view the link to this security audit report under datasheets and whitepapers section of the ColdFusion product home page on the Adobe website.

The following ColdFusion updates are now available for download. These updates address a common XXE vulnerability in BlazeDS. For details refer the security bulletin hyperlinks in the sections below.

Users who are using LCDS with ColdFusion, should refer this technote, for updating their LCDS installation.

ColdFusion 11 Update 6

This Update addresses a vulnerability mentioned in the security bulletin APSB15-21. This update is cumulative and includes fixes from previous ColdFusion 11 updates.

For details, refer this technote.

ColdFusion 10 Update 17

This Update addresses a vulnerability mentioned in the security bulletin APSB15-21. This update is cumulative and includes fixes from previous ColdFusion 10 updates. 

For details, refer this technote.

The following ColdFusion updates are now available for download:

ColdFusion 11 Update 5

This Update includes approximately 115 bug fixes related to Language, Mobile Support, File Management, Document Management, Administrator, Connector and several other areas.

It also addresses a vulnerability mentioned in the security bulletin APSB 15-07 and support for Apache 2.4.10. With this update the Web Server Config tool now backs up all the connector configurations files.

For the details refer this technote.

ColdFusion 10 Update 16

ColdFusion 10 Update 16 includes approximately 35 bug fixes related to File Management, ORM, Language, Document Management and certain other areas. It also addresses a vulnerability mentioned in the security bulletin APSB15-07.

For the details refer this technote.

Many of you are looking for a central location to find the full list of ColdFusion Updaters.  We try to keep these updated for the core supported versions with links to the latest released updaters.  These are a good place to look for the full list of updaters available on each version along with a download link to the .jar file. 

 

ColdFusion 11: 

http://helpx.adobe.com/coldfusion/kb/coldfusion-11-updates.html

 

ColdFusion 10:

http://helpx.adobe.com/coldfusion/kb/coldfusion-10-updates.html

 

ColdFusion 9:

http://helpx.adobe.com/coldfusion/kb/hot-fixes-coldfusion-9.html

 

 

Additional updates for ColdFusion server and Builder:

http://www.adobe.com/support/coldfusion/downloads_updates.html

 

Read more...