Adobe ColdFusion (2021 release) Updates Release Notes

Adobe ColdFusion (2021 release) Updates Release Notes

What's new and changed in ColdFusion (2021 release) Update 17

ColdFusion (2021 release) Update 17 (release date, October 15, 2024) includes bug fixes and enhancements in Administrator, Language, CFSetup, Database, and other areas. The update contains library upgrades, such as Jackson-data-bind, netty, ehcache, etc. 

For more details, see this article.

What's new and changed in ColdFusion (2021 release) Update 16

ColdFusion (2021 release) Update 16 (release date, September 10, 2024) resolves a critical vulnerability that could lead to the deserialization of untrusted data. View the security bulletin, APSB24-71, for more information.

For more details, see this article.

What's new and changed in ColdFusion (2021 release) Update 15

In ColdFusion (2021 release) Update 15 (release date, August 20, 2024), we’ve upgraded Tomcat from version 9.0.85 to version 9.0.93.

For more details, see this article.

What's new and changed in ColdFusion (2021 release) Update 14

ColdFusion (2021 release) Update 14 (release date, June 11, 2024) addresses vulnerabilities mentioned in the security bulletin, APSB24-41.

For more details, see this article.

What's new and changed in ColdFusion (2021 release) Update 13

ColdFusion (2021 release) Update 13 (release date, 12 March, 2024) addresses vulnerabilities mentioned in the security bulletin, APSB24-14.

For more details, see this article.

What's new and changed in ColdFusion (2021 release) Update 12

ColdFusion (2021 release) Update 12 (release date, November 14, 2023) addresses vulnerabilities that are mentioned in the security bulletin, APSB23-52. These updates resolve a critical vulnerability that could lead to improper access control and security feature bypass.

This update also removes the cf-logging.jar file and creates its backup in the updates folder.

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2021 release) Update 11

ColdFusion (2021 release) Update 11 (release date: October 6, 2023) includes bug fixes and enhancements in Administrator, Installer, Migration, Package manager, Database, and other areas. The update contains upgrades to Tomcat (v9.0.78) and other libraries, such as jackson-databind, Netty, etc. Note that this update is cumulative and includes fixes from the previous updates.

With this update, we are upgrading the library jackson-databind from 2.9.8 to 2.15.0. This library version does not support POJO deserialization of java.time.* .The objects return NULL objects, which leads to data loss from aws dynamodb and azure service bus. See the bug fix section for more information.

If you are on Java 11.0.20 or higher, use the flag java -Djdk.util.zip.disableZip64ExtraFieldValidation=true -jar hotfix.jar

From Update 12 onwards, you need not use the flag.

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2021 release) Update 10

ColdFusion (2021 release) Update 10 (release date, 16 August, 2023) introduces the ColdFusion serial filter that can be used to allow or disallow Java classes or packages for the deserialization of Wddx packets.

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2021 release) Update 9

ColdFusion (2021 release) Update 9 (release date, 19 July, 2023) resolves critical vulnerabilities that could lead to improper access control and security feature bypass.

For more information, see the security bulletin APSB23-47.

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2021 release) Update 8

ColdFusion (2021 release) Update 8 (release date, 14 July, 2023) addresses vulnerabilities that could lead to arbitrary code execution.

For more information, security bulletin APSB23-41.

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2021 release) Update 7

ColdFusion (2021 release) Update 7 (release date, 11 July, 2023) addresses vulnerabilities that could lead to arbitrary code execution and security feature bypass.

For more information, security bulletin APSB23-40.

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2021 release) Update 6

ColdFusion (2021 release) Update 6 (release date, 14 March, 2023) addresses vulnerabilities that could lead to arbitrary code execution, arbitrary file system read, and memory leak.

For more information, security bulletin APSB23-25.

New jvm flags

In this update, we've disabled cfclient by default. If you need to enable it, there is a new flag to do it.

  • -Dcoldfusion.cfclient.enable=true/false

Doing so will enable cfclient, but will allow only CFCs to be read. To allow other files to be read, use the flag listed below:

  • -Dcoldfusion.cfclient.allowNonCfc=true/false

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2021 release) Update 5

ColdFusion (2021 release) Update 5 (release date, 11 October 2022) addresses vulnerabilities that are mentioned in the security bulletin APSB22-44.

This release also includes support for macOS M1 and macOS 12 (Monterey).

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2021 release) Update 4

ColdFusion (2021 release) Update 4 (release date, 10 May, 2022) addresses vulnerabilities that are mentioned in the security bulletin APSB22-22.

This release also contains the following library upgrades:

  • Tomcat 9.0.60
  • jQuery 3.6.0
  • jQuery UI 1.13.1
  • Log4j 2.17.2

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2021 release) Update 3

ColdFusion (2021 release) Update 3 (release date, 17 December, 2021) addresses vulnerabilities that are mentioned in CVE-2021-44228 and CVE-2021-45046.

For more information, see the tech note for the update.

What's new and changed in ColdFusion (2021 release) Update 2

ColdFusion (2021 release) Update 2 (release date, 14 September, 2021) addresses vulnerabilities that are mentioned in the security bulletin, APSB21-75, and features the following:

For more information, see the tech notes.

What's new and changed in ColdFusion (2021 release) Update 1

ColdFusion (2021 release) Update 1 (release date, 22 March, 2021) features the following:

For more information, see the tech notes.

 Adobe

Get help faster and easier

New user?