July 9, 2013
New ColdFusion security update for version 9 and above
Comments
(12)
July 9, 2013
New ColdFusion security update for version 9 and above
Staff 17 posts
Followers: 1 people
(12)

A security update for ColdFusion is now available for versions 10, 9, 9.0.1, 9.0.2. This hotfix addresses two vulnerabilities mentioned in the security bulletin APSB13-19.

If you are on ColdFusion 10, you will see a new update 11 within the ColdFusion administrator for you to download and install. ColdFusion 10 Update 11 includes an important security fix. It also includes several important bug fixes in addition to support for 64-bit COM interoperability, MySQL 5.6 and SQL Server 2012.

Adobe recommends users to update their product installation with this update. Here's a link to the related security technote.

12 Comments
2013-07-11 08:45:49
2013-07-11 08:45:49

The technote at http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-19.html for the ColdFusion 9.0.x fix should be updated to remove mentions of J2EE installations on Installation Step 2 and Uninstallation Step 1 since the fix is specifically for ColdFusion 9.0.x running on top of JRun.

Like
2013-07-10 23:07:47
2013-07-10 23:07:47

@Roland Collins,

REST services still need to have unique rest app name.
What changed is the way we store the paths of each rest service.

Like
2013-07-09 23:52:38
2013-07-09 23:52:38

@AXL,

I appreciate your suggestion. It will be taken care of.

Like
2013-07-09 23:47:43
2013-07-09 23:47:43

@Nimit,

I meant to paste this link
http://helpx.adobe.com/coldfusion/kb/coldfusion-10-update-11.html
instead of the security bulletin page.

I just think it would be helpful if those “kb” pages also indicate published dates.

Like
2013-07-09 22:01:47
2013-07-09 22:01:47

@AXL: We always mention publish date in the bulletin articles. You can see the released date in the second line.

http://www.adobe.com/support/security/bulletins/apsb13-19.html

Like
2013-07-09 17:55:06
2013-07-09 17:55:06

Wouldn’t it be nice if these pages show published dates?

http://www.adobe.com/support/security/bulletins/apsb13-19.html
http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-19.html

If you check the source, yes it’s in the meta tag, but…

Like
2013-07-09 14:55:34
2013-07-09 14:55:34

Do REST application names still need to be unique server-wide instead, or can we finally use the same REST app name in multiple applications and bind them to different locations?

http://localhost:8500/rest//

The release notes are woefully bad at actually describing what changed. A list of bug reports with sparse feedback on them does not a “change list” make.

Like
2013-07-09 12:32:32
2013-07-09 12:32:32

May I ask what’s new specifically in this update that brings support to SQL Server 2012? We used SQL Server 2012 with cF9/CF10 before this update and it had been working fine so far. Thank you.

Like
2013-07-09 11:49:16
2013-07-09 11:49:16

[subscribe]

Like
2013-07-09 11:22:34
2013-07-09 11:22:34

@MRC: JAR file for ColdFusion 10 can be downloaded from this link:

http://download.adobe.com/pub/adobe/coldfusion/hotfix_011.jar

Like
2013-07-09 10:20:03
2013-07-09 10:20:03

the JAR file for CF10 to be more specific.

Like
2013-07-09 10:17:00
2013-07-09 10:17:00

please post the URL where a JAR file can be downloaded.

Like
Add Comment