June 11, 2024
RELEASED- ColdFusion 2023 and 2021 June 11th, 2024 Security Updates
Comments
(2)
June 11, 2024
RELEASED- ColdFusion 2023 and 2021 June 11th, 2024 Security Updates
I am working with ColdFusion Support team.
Staff 12 posts
Followers: 11 people
(2)

We are pleased to announce that we have released security updates to ColdFusion (2023 release) Update 8 and ColdFusion (2021 release) Update 14.This update includes several security fixes to ensure the safety and security of our systems. These changes address potential vulnerabilities and threats and are part of our ongoing commitment to protecting your data and privacy.For more information, view the security bulletin,  APSB24-41. Where do I download the updates from
Download the updates from the following locations:

What do these updates contain
Change in default algorithm
  • The default encryption algorithm in ColdFusion changes from CFMX_COMPAT to another algorithm for seven encryption functions.
  • Use the new JVM argument -Dcoldfusion.encryption.useCFMX_COMPATAsDefault =TRUE to make the change. By default, the value is False, if you need to use CFMX_COMPAT.
  • The flag – Dcoldfusion.encryption.useCFMX_COMPATAsDefault will be supported in future security updates for the 2023 and 2021 releases of Adobe ColdFusion.
CFdocument access control issues
We’ve introduced a new JVM flag: -Dcfdocument.metahttpequivrefresh.localfile=TRUE. This flag allows you to call the URL or location passed in the HTML meta tag. By default, the value is FALSE.
  • However, in the next major release of ColdFusion, we WILL remove the flag.
Package updates
The following packages have been updated:
  • document
  • htmltopdf
  • presentation
  • pdf
  • print
  • report
Solr upgrade
If you manually upgraded Solr to version 8.11.2 using the instructions in Upgrade SOLR to mitigate security risks in ColdFusion, then after installing Update 8, SOLR will not downgrade to version 7.9. For more information, view the following tech notes:
Are the Docker images available?
They will be available shortly. We’ll update this post when the Docker images are available.
Please update your ColdFusion versions and provide us with your valuable feedback.
2 Comments
2024-06-19 08:24:03
2024-06-19 08:24:03

Hi Denard35960915l8bb

Apologies for the delay in response.

Kindly refer the technote – ColdFusion (2023 release) Update 8 (adobe.com) or ColdFusion (2021 release) Update 14 (adobe.com) for more information on the algorithm change

Like
2024-06-12 13:45:10
2024-06-12 13:45:10

“changes from CFMX_COMPAT to another algorithm”

’another algorithm’ – what is the new ‘default’ algorithm?

Like
Add Comment