As you are probably aware, with each version of ColdFusion, security is at the top of the priority list. With the latest release of ColdFusion, it is not just the security related features. Emphasis was laid on the inherent security of the ColdFusion platform by itself. To validate this, the PSIRT (Product Security Incident Response Team) at Adobe helped arrange a third party security audit for ColdFusion. The audit did come up with a few findings. Our Product engineers did an excellent job of mitigating all the findings to the fullest. 

To validate the above claim, we now have a public facing security report, from the agency that performed the security audit, indicating that 100% of all findings have been mitigated. Here is the public facing report with all the details. You can also view the link to this security audit report under datasheets and whitepapers section of the ColdFusion product home page on the Adobe website.

3 Comments to “ColdFusion (2016 release) - Security audit report”

  1. Aaron Neff
    Hi Rakshith,

    Awesome! Did CF2016 final build contain the fixes for all those issues?

    Thanks!,
    -Aaron
  2. Rakshith Naresh
    @Aaron: The critical issues and many others are already a part of the CF2016 final build. The remaining ones will be a part of the upcoming updates.
  3. Aaron Neff
    Hi Rakshith,

    Just saw your reply. I guess I forgot to subscribe. Very cool that the critical ones were included in final build. Once all the fixes have been released, could someone at Adobe please follow-up here letting us know? I think customers would also want to know when all the issues are actually mitigated in their own CF install.

    Thanks!,
    -Aaron

Leave a Comment

Leave this field empty: