New Security Update Available for ColdFusion 9.0, 9.0.1, 9.0.2 and 10

New security update is available for coldfusion versions 9.0, 9.0.1, 9.0.2 and 10.0. This hotfix addresses the security issues specified in the technote here. Here is the link to the security bulletin for this hotfix. It also includes few important bug fixes for coldfusion 10 as specified here.

We recommend locking down your server by following the lock down guide and disable unused features in the production environments. 

New ColdFusion security update for version 9 and above

A security update for ColdFusion is now available for versions 10, 9, 9.0.1, 9.0.2. This hotfix addresses two vulnerabilities mentioned in the security bulletin APSB13-19.

If you are on ColdFusion 10, you will see a new update 11 within the ColdFusion administrator for you to download and install. ColdFusion 10 Update 11 includes an important security fix. It also includes several important bug fixes in addition to support for 64-bit COM interoperability, MySQL 5.6 and SQL Server 2012.

Adobe recommends users to update their product installation with this update. Here's a link to the related security technote.

ColdFusion 10 WebSocket Vulnerability

There have been a couple of posts describing the vulnerability using the websocket functionality in ColdFusion 10. The Adobe Product Security Incident Response Team (PSIRT) is aware of this issue and is actively engaged with the ColdFusion Product Team to release a fix. Adobe PSIRT is not aware of this issue being exploited in the wild.

There will be a new update released soon that directly prevents the ability to invoke non-remote methods on the CFC using Websockets.  

 

 

New updates for ColdFusion 9, 9,0.1, 9.0.2 and 10 – Java 7 now supported

[Update: All the technotes ( for CF10, CF9, CF9.0.1 and CF9.0.2) now have an update section to reflect the change that was made. The refreshed CHFs for ColdFusion 9 and the refreshed ColdFusion 10 update 8 contains a fix for the an issue in Google Maps. New CHFs have been released for CF9 and CF9.0.1 – Read the related post here]

 

The new cumulative hotfix for ColdFusion 9.0, 9.0.1, 9.0.2 includes support for Google Maps JavaScript API v3 and JDK 1.7 Update 15.These Cumulative Hotfixes consists of previously released cumulative hotfixes and security updates.

Details of cumulative hotfixes are here – 9.0, 9.0.1, 9.0.2

 

ColdFusion 10 Update 8 includes support for Google Maps JavaScript API v3, Mac OS X Mountain Lion 10.8 and JDK 1.7 Update 15. It includes all the bug fixes from previous updates of ColdFusion 10. 

You apply this update using the update mechanism within ColdFusion 10 Administrator.

For more details about the update, refer the link here.

 

 

ColdFusion Security Update

A security update for ColdFusion is now available for versions 10, 9, 9.0.1 and 9.0.2.

If you are on ColdFusion 10, you will see a new update 6 within the ColdFusion administrator for you to download and install.

Adobe recommends users update their product installation with this update. Here’s a link to the related security bulletin.