An important security hot-fix is released today for ColdFusion 9.0.1 and earlier. Here is the link to the security bulletin. This hot-fix addresses Cross site scripting (XSS) issues for cfform tag and RDS.

Cumulative Hot-Fix 2 is released for CF9.0.1. Cumulative Hotfix 2 consists of previously released fixes for the Security issues mentioned in the bulletins APSB11-04, APSB11-14, APSB11-15 along with the cumulative hotfix 1 and the new bug fixes. This cumulative hot fix also has the new session invalid fix added to the Security hot fix. The complete instructions and list of issues fixed can be found at –...

We have released fix for “Session is invalid” issue. The fix is done for CF9.0.1 as part of CHF2 (Cumulative hot fix 2) as well as in the form of the update on June security Hot-fix. For CF9.0.1 & CHF 2 – Cumulative Hotfix 2 consists of previously released fixes for the Security issues mentioned in the bulletins APSB11-04, APSB11-14, APSB11-15 along with the cumulative hotfix 1 and the new bug fixes. This cumulative hot fix...

There is an update on security hot-fix released in June. Tech note is updated with the information of what bugs are fixed and how to apply the changes. http://kb2.adobe.com/cps/907/cpsid_90784.html The hot-fix bundle is updated with the changes for those who are applying this hot-fix for the first time. If one has already applied the June Hot-fix, see updates section: http://kb2.adobe.com/cps/907/cpsid_90784.html#main_Instructions to apply...

We have released ColdFusion security bulletin today. Here is the link to the bulletin Adobe has also released BlazeDS/LCDS security bulletin. Check here.

There is an update for ColdFusion Security Hot-Fix, Feb 2011. See more details