Pete Freitag Pete Freitag

Latest ColdFusion Security Updates - September 2024

Published on September 10, 2024
By Pete Freitag
coldfusion

I am going to attempt to keep this page updated with the latest ColdFusion Security Updates and Hotfixes published by Adobe. This will allow me to update this page as more info becomes available about updates. I will also try to back fill this so it has past info as well.

Latest ColdFusion Security Update


September 2024 - ColdFusion 2023 Security Update 10, ColdFusion 2021 Security Update 16

Release Date: September 10, 2024

Adobe Product Security Bulletin APSB24-71 fixes one critical vulnerability.

Vulnerabilities Fixed

  • CVE-2024-41874 - critical (9.8) Deserialization of Untrusted Data vulnerability allowing for arbitrary code execution

Links & Resources

  • APSB24-71 - Adobe Product Security Bulletin
  • CF2023 Update 10 - Adobe KB article for ColdFusion 2023 Update 10
  • CF2021 Update 16 - Adobe KB article for ColdFusion 2021 Update 16
  • Forum Thread - Adobe ColdFusion forum thread discussing ColdFusion 2023 Update 10 and CF 2021 Update 16.

Notes / Issues

No updates to connector or packages in this release. Fixed bug CF-4223435 caused by previous update.


Past ColdFusion Security Updates


August 2024 - ColdFusion 2023 Update 9, ColdFusion 2021 Update 15

Release Date: August 20, 2024

This ColdFusion update primarily updated the version of Tomcat from 9.0.85 to 9.0.93.

Links & Resources

Notes / Issues

No connector or package updates in this release.

Bug CF-4223435 removed packages previously installed during the update process (see link above). Fixed CF2023 update 10, CF2021 Update 16.



coldfusion security updates hotfixes

Latest ColdFusion Security Updates - September 2024 was first published on September 10, 2024.

If you like reading about coldfusion, security, updates, or hotfixes then you might also like:

FuseGuard Web App Firewall for ColdFusion

The FuseGuard Web Application Firewall for ColdFusion & CFML is a high performance, customizable engine that blocks various attacks against your ColdFusion applications.

CFBreak
The weekly newsletter for the CFML Community


Post a Comment