New ColdFusion security update for version 9 and above

A security update for ColdFusion is now available for versions 10, 9, 9.0.1, 9.0.2. This hotfix addresses two vulnerabilities mentioned in the security bulletin APSB13-19.

If you are on ColdFusion 10, you will see a new update 11 within the ColdFusion administrator for you to download and install. ColdFusion 10 Update 11 includes an important security fix. It also includes several important bug fixes in addition to support for 64-bit COM interoperability, MySQL 5.6 and SQL Server 2012.

Adobe recommends users to update their product installation with this update. Here's a link to the related security technote.

12 thoughts on “New ColdFusion security update for version 9 and above

  1. May I ask what’s new specifically in this update that brings support to SQL Server 2012? We used SQL Server 2012 with cF9/CF10 before this update and it had been working fine so far. Thank you.

  2. Do REST application names still need to be unique server-wide instead, or can we finally use the same REST app name in multiple applications and bind them to different locations?


    The release notes are woefully bad at actually describing what changed. A list of bug reports with sparse feedback on them does not a “change list” make.

  3. @Roland Collins,

    REST services still need to have unique rest app name.
    What changed is the way we store the paths of each rest service.

Leave a Reply

Your email address will not be published. Required fields are marked *