An important security hot-fix is released today for ColdFusion 9.0.1 and earlier. Here is the link to the security bulletin. This hot-fix addresses Cross site scripting (XSS) issues for cfform tag and RDS.

We have released fix for “Session is invalid” issue. The fix is done for CF9.0.1 as part of CHF2 (Cumulative hot fix 2) as well as in the form of the update on June security Hot-fix. For CF9.0.1 & CHF 2 – Cumulative Hotfix 2 consists of previously released fixes for the Security issues mentioned in the bulletins APSB11-04, APSB11-14, APSB11-15 along with the cumulative hotfix 1 and the new bug fixes. This cumulative hot fix...

There is an update on security hot-fix released in June. Tech note is updated with the information of what bugs are fixed and how to apply the changes. http://kb2.adobe.com/cps/907/cpsid_90784.html The hot-fix bundle is updated with the changes for those who are applying this hot-fix for the first time. If one has already applied the June Hot-fix, see updates section: http://kb2.adobe.com/cps/907/cpsid_90784.html#main_Instructions to apply...

We have released ColdFusion security bulletin today. Here is the link to the bulletin Adobe has also released BlazeDS/LCDS security bulletin. Check here.

Our security expert Peleus has started a new CF security resource page. The idea is to provide a page with most relevant information that is easy to find. Here is the link - http://www.owasp.org/index.php/ColdFusion_Security_Resources

JDK 1.6.0_24 is now officially certified and supported with ColdFusion versions 9.0.1, 9.0, 8.0.1, 8.0. Here is the technote that talks about this. http://kb2.adobe.com/cps/894/cpsid_89440.html