A security update for ColdFusion is now available for versions 10, 9, 9.0.1, 9.0.2. This hotfix addresses two vulnerabilities mentioned in the security bulletin APSB13-19.
If you are on ColdFusion 10, you will see a new update 11 within the ColdFusion administrator for you to download and install. ColdFusion 10 Update 11 includes an important security fix. It also includes several important bug fixes in addition to support for 64-bit COM interoperability, MySQL 5.6 and SQL Server 2012.
Adobe recommends users to update their product installation with this update. Here's a link to the related security technote.
The technote at http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-19.html for the ColdFusion 9.0.x fix should be updated to remove mentions of J2EE installations on Installation Step 2 and Uninstallation Step 1 since the fix is specifically for ColdFusion 9.0.x running on top of JRun.
@Nimit,
I meant to paste this link
http://helpx.adobe.com/coldfusion/kb/coldfusion-10-update-11.html
instead of the security bulletin page.
I just think it would be helpful if those “kb” pages also indicate published dates.
@AXL: We always mention publish date in the bulletin articles. You can see the released date in the second line.
http://www.adobe.com/support/security/bulletins/apsb13-19.html
Wouldn’t it be nice if these pages show published dates?
http://www.adobe.com/support/security/bulletins/apsb13-19.html
http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-19.html
If you check the source, yes it’s in the meta tag, but…
Do REST application names still need to be unique server-wide instead, or can we finally use the same REST app name in multiple applications and bind them to different locations?
The release notes are woefully bad at actually describing what changed. A list of bug reports with sparse feedback on them does not a “change list” make.
@MRC: JAR file for ColdFusion 10 can be downloaded from this link:
http://download.adobe.com/pub/adobe/coldfusion/hotfix_011.jar
You must be logged in to post a comment.