March 12, 2024
RELEASED- ColdFusion 2023 and 2021 March 12th, 2024 Security Updates
Comments
(2)
March 12, 2024
RELEASED- ColdFusion 2023 and 2021 March 12th, 2024 Security Updates
I am working with ColdFusion Support team.
Staff 15 posts
Followers: 13 people
(2)
ColdFusion (2023 release) Update 7  and ColdFusion (2021 release) Update 13  (release date, March 12, 2024) addresses vulnerabilities mentioned in the security bulletin [APSB24-14] and fixes other security issues. This update also contains a Tomcat upgrade (v9.0.85). This update also contains a major change related to scope look-up behavior that could impact your applications.

 

Where do I download the updates from
In these updates, we’ve fixed a few security bugs mentioned in the security bulletin, APSB24-14
.
For more information, see the tech notes below:
Are the Docker images available?
It will be available tomorrow
Please update your ColdFusion versions and provide us with your valuable feedback.
2 Comments
2024-03-17 13:27:11
2024-03-17 13:27:11

Beside seeing the technotes linked to in this blog post, readers will want to see much more shared elsewhere. First, Adobe offered a forum post the same day with more info. But more important, perhaps, there have been many comments, feedback, questions, and answers offered in reply there.

Also, I did a blog post that same day, also with far more info–especially on the implications of the important change regarding searchimplicitscopes: what to consider, options to try, and links to still more info. (I also link there to info from cf security maven Pete Freitag related to the update and this matter.)

Hope that’s helpful.

Like
(1)
>
Charlie Arehart
's comment
2024-03-25 15:41:21
2024-03-25 15:41:21
>
Charlie Arehart
's comment

Thanks for the links.

Like
(1)
Add Comment