This may not be “news” for everyone but somehow it had slipped by me: the ColdFusion 2021 Lockdown Guide has been available since December 2020 (and was updated slightly in Jan 2021). I find no mention of it here, so I thought it a good post to share.
The 2021 guide is about 9 pages longer than the 2018 version. The new version covers security-related aspects of new features in CF2021, such as CF package management (cfpm), as well as security-related aspects of new features in the CF Administrator, and some modest additions to coverage of security-related aspects in the Performance Monitoring Toolset (PMT) and the CF Api Manager.
As with the CF2018 version of the guide, the 2021 version discusses many things in the context of presuming that you are running the ColdFusion Lockdown Tool that was introduced in CF2018. Some readers find value in reading the CF2016 Lockdown Guide, since it did not presume use of that tool.
As always, thanks to ColdFusion security maven Pete Freitag who has been creating the guide for Adobe for several releases.
For more blog posts from Charlie Arehart, see his posts here as well as his posts at carehart.org. And follow him on Twitter and other social media as carehart.