ColdFusion (2018 release) Update 1, ColdFusion (2016 release) Update 7, and ColdFusion 11 Update 15 Released

We are pleased to announce the updates for ColdFusion (2018 release), ColdFusion (2016 release), and ColdFusion 11. These updates address a few security issues, which are mentioned in the security bulletin APSB18-33, upgrade the Tomcat engine and OpenSSL jars for PDFgServlet.

ColdFusion (2018 release) Update 1

In addition to fixing the vulnerabilities mentioned in the security bulletin, this update contains bug fixes, an upgraded Tomcat (ver 9.0.10), and upgraded OpenSSL upgrade to 1.0.2p for PDFgServlet.

For more information on the update and installation instructions, see this tech note.

ColdFusion (2016 release) Update 7

In addition to fixing the vulnerabilities mentioned in the security bulletin, this update contains bug fixes, an upgraded Tomcat (ver 8.5.32), and upgraded OpenSSL to 1.0.2p for PDFgServlet.

For the security fixes to be effective, ColdFusion (2016 release) must be on JDK 8u121 or higher.

For more information on the update and installation instructions, see this tech note.

For a list of previous ColdFusion (2016 release) updates, see Updates.

ColdFusion 11 Update 15

In addition to fixing the vulnerabilities mentioned in the security bulletin, this update contains bug fixes, an upgraded Tomcat (ver 7.0.90), and upgraded OpenSSL to 1.0.2p for PDFgServlet.

For the security fixes to be effective, ColdFusion 11 must be on JDK 7u131 or JDK 8u121 or higher.

For more information on the update and installation instructions, see this tech note.

For a list of previous ColdFusion 11 updates, see Updates.

Docker images

We have also updated the Docker images with the latest updates for the 2016 and 2018 releases of ColdFusion.

To use the images, see ColdFusion Docker.

3 Responses

    • Ryan, did you mean “out sites” or “our sites”? If the former, do you mean by way of cfhttp or CF scheduled tasks, perhaps?

      There would seem nothing about hotfix 7 that would seem related to that. Can you clarify what you were on before hotfix 7? Also, have you checked the update’s log (the long-named one in the folder for the update under your CF hf-updates folder)? For more, see my blog post on this:

      https://www.carehart.org/blog/client/index.cfm/2016/9/6/solve_common_problems_with_CF_updates_in_10_and_above

      Also, are you sure you didn’t do something else? It could be that since CF was restarted as a part of the update, perhaps some other change was made (in CF or its jvm config) that didn’t take effect until the CF restart. In that case, the update itself may have nothing to do with the problem.

Leave a reply

Related