-
Close Search
NOW LIVE — the June 2026 security updates for ColdFusion 2025 and ColdFusion 2023 have been released. This update includes important security fixes that mitigate vulnerabilities related to arbitrary code execution, arbitrary file write, information disclosure, stored cross-site scripting, and security feature bypass. What’s included The June 2026 release contains: Tomcat upgrades. See the respective tech notes for more details. Security fixes for multiple vulnerabilities (including remote code execution and privilege escalation vectors). Patches to harden request handling, deserialization paths, […]
NOW LIVE — the April 2026 security updates for ColdFusion 2025 and ColdFusion 2023 have been released. This update addresses multiple security issues and includes important mitigations we recommend you apply as soon as possible. What’s included The April 2026 release contains: Tomcat upgrades. See the respective tech notes for more details. Security fixes for multiple vulnerabilities (including remote code execution and privilege escalation vectors). Patches to harden request handling, deserialization paths, and template parsing logic. Updates to packages. Why […]
We are pleased to inform you that we’ve released security updates for ColdFusion 2025 and 2023 releases. For more information, see the respective tech notes: ColdFusion (2025 release) Update 6 ColdFusion (2023 release) Update 18 What’s new and changed The releases address CVE-2025-66516, a critical XXE in Apache Tika libraries. Adobe strongly recommends that you apply this update as soon as possible. Note that this update is cumulative and includes fixes from previous updates.This update upgrades the embedded Apache Tika […]
We are pleased to inform you that we’ve released security updates for ColdFusion 2025, 2023, and 2021 releases. For more information, see the respective tech notes: ColdFusion (2025 release) Update 5 ColdFusion (2023 release) Update 17 ColdFusion (2021 release) Update 23 The updates includes important security fixes that mitigate vulnerabilities related to arbitrary file system write, arbitrary file system read, arbitrary code execution, and security feature bypass. The updates also include: New JVM flags Changes to serialfilter CAR migration changes […]
We are pleased to inform you that we’ve released security updates for ColdFusion 2025, 2023, and 2021 releases. For more information, see the respective tech notes: ColdFusion (2025 release) Update 4 ColdFusion (2023 release) Update 16 ColdFusion (2021 release) Update 22 The updates address an important security fix related to critical path traversal.View the security bulletin, APSB25-93, for more information.Download the updates ColdFusion 2025 updates ColdFusion 2023 updates ColdFusion 2021 updates Docker and CFFiddle CFFiddle is now updated with the changes […]
We are pleased to inform you that we’ve released security updates for ColdFusion 2025, 2023, and 2021 releases. For more information, see the respective tech notes: ColdFusion (2025 release) Update 3 ColdFusion (2023 release) Update 15 ColdFusion (2021 release) Update 21 The updates include a newer version of Tomcat, important security fixes that mitigate vulnerabilities related to arbitrary file reads, code execution, privilege escalation, and security feature bypass. View the security bulletin, APSB25-69, for more information.Download the updates ColdFusion 2025 updates ColdFusion […]
We are pleased to inform you that we’ve released security updates for ColdFusion 2025, 2023, and 2021 releases. For more information, see the respective tech notes: ColdFusion (2025 release) Update 1 ColdFusion (2023 release) Update 13 ColdFusion (2021 release) Update 19 These updates resolve several critical and important vulnerabilities that could lead to arbitrary file system read, arbitrary code execution, and security feature bypass. View the security bulletin, APSB25-15, for more information. Download the updates ColdFusion 2025 updates ColdFusion 2023 updates ColdFusion 2021 […]
We have released critical security updates for ColdFusion (2023 release) and ColdFusion (2021 release). Adobe is aware that CVE-2024-53961 has a known proof-of-concept that could cause an arbitrary file system read. View the security bulletin, APSB24-107, and the tech notes for more information. Download the updates from the following locations: ColdFusion (2023 release) Updates ColdFusion (2021 release) Updates For more information, view the following tech notes: ColdFusion (2023 release) Update 12 ColdFusion (2021 release) Update 18 Known issues in the updates […]
[Update 13 Dec]: Added cfencode.sh to the table of removals. Updated Customizing an HTTP response to HTTP reason phrases. Added contact email id cf-deprecation@adobe.com In the upcoming ColdFusion (2025 release), we will deprecate and remove certain features to enhance the overall experience, improve security, stay aligned with the latest technological advancements, and eliminate obsolete libraries. We announced the deprecations and removals on the ColdFusion pre-release forum a few days ago. If you haven’t already signed up, please do so today As part of this exercise, […]
We are pleased to announce that we have released general updates to ColdFusion (2023 release) Update 11 and ColdFusion (2021 release) Update 17. The updates include bug fixes and enhancements in Administrator, Language, CFSetup, Database, and other areas. They also contain library upgrades, such as netty, ehcache, etc. The updates also include enhancements to whitespace management and client variable support in CFPM. Where do I download the updates from Download the updates from the following locations: ColdFusion (2023 release) Updates […]
We are pleased to announce that we have released general updates to ColdFusion (2023 release) Update 10 and ColdFusion (2021 release) Update 16. The updates resolve a critical vulnerability that could lead to the deserialization of untrusted data. For more information, view the security bulletin APSB24-71. ColdFusion (2021 release) Update 16 also fixes bug CF-4223435, where the previous installation (2021.15) caused certain packages to be uninstalled. View the tech note of ColdFusion 2021.16 for more details. Where do I download the updates from […]
We are pleased to announce that we have released general updates to ColdFusion (2023 release) Update 9 and ColdFusion (2021 release) Update 15. We’ve upgraded Tomcat from version 9.0.85 to version 9.0.93 for both versions. Where do I download the updates from ColdFusion (2023 release) Updates ColdFusion (2021 release) Updates Tech Note link ColdFusion (2023 release) Update 9 ColdFusion (2021 release) Update 15 Are the Docker images available? Docker images are available to use Docker hub and ECR.
