We are pleased to announce that we have released security updates to ColdFusion (2023 release) Update 8 and ColdFusion (2021 release) Update 14.This update includes several security fixes to ensure the safety and security of our systems. These changes address potential vulnerabilities and threats and are part of our ongoing commitment to protecting your data and privacy.For more information, view the security bulletin, APSB24-41. Where do I download the updates from
Download the updates from the following locations:
Change in default algorithm
- The default encryption algorithm in ColdFusion changes from CFMX_COMPAT to another algorithm for seven encryption functions.
- Use the new JVM argument -Dcoldfusion.encryption.useCFMX_COMPATAsDefault =TRUE to make the change. By default, the value is False, if you need to use CFMX_COMPAT.
- The flag – Dcoldfusion.encryption.useCFMX_COMPATAsDefault will be supported in future security updates for the 2023 and 2021 releases of Adobe ColdFusion.
We’ve introduced a new JVM flag: -Dcfdocument.metahttpequivrefresh.localfile=TRUE. This flag allows you to call the URL or location passed in the HTML meta tag. By default, the value is FALSE.
- However, in the next major release of ColdFusion, we WILL remove the flag.
The following packages have been updated:
- document
- htmltopdf
- presentation
- report
If you manually upgraded Solr to version 8.11.2 using the instructions in Upgrade SOLR to mitigate security risks in ColdFusion, then after installing Update 8, SOLR will not downgrade to version 7.9. For more information, view the following tech notes:
Staff
17 posts
Apologies for the delay in response.
Kindly refer the technote – ColdFusion (2023 release) Update 8 (adobe.com) or ColdFusion (2021 release) Update 14 (adobe.com) for more information on the algorithm change
“changes from CFMX_COMPAT to another algorithm”
’another algorithm’ – what is the new ‘default’ algorithm?
You must be logged in to post a comment.
23 Nov
10AM Pacific
Online
