ColdFusion (2018 release) Update 3, ColdFusion (2016 release) Update 10, and ColdFusion 11 Update 18 released
We are pleased to announce that we have released the updates for the following ColdFusion versions:
The following are links to the tech notes for each update:
The releases address security vulnerabilities, which are documented in the bulletin APSB19-14.
In these updates, we have also introduced the following:
- A new application setting blockedExtForFileUpload to specify a comma-separated list of file extensions for file that must be blocked for uploading.
- In the ColdFusion Administrator, in Server Settings > Settings, there are is an option Blocked file extensions for CFFile uploads. Specify a comma-separated list of file extensions, which will be blocked from being uploaded by the cffile tag/functions.
- The Admin API, setRuntimeProperty has a new property, BlockedExtForFileUpload. The values are a comma-separated list of file extensions to restrict file uploading of the appropriate files.
For more information, see the tech notes and the tag/function documentation.