We recently received a vulnerability report on Apache Tomcat 9.0.106 from our security team and have been instructed to upgrade to 9.0.108. Are there steps to manual upgrade Tomcat within ColdFusion? If so, can you kindly provide guidance?
That's right. I came across the vulnerabilities in Apache Tomcat versions 9.0.106 and 9.0.107. To check the Tomcat version used by your ColdFusion installation, run the following line of code:
<cfoutput>#createobject('java','org.apache.catalina.util.ServerInfo').getServerInfo()#</cfoutput>
It is not yet possible for the developer to manually upgrade the Tomcat version within ColdFusion. However, I would imagine that Adobe is aware of the vulnerabilities. We should therefore expect Adobe's ColdFusion engineers to release a hotfix for this soon.
But there is something you can already do. If only to put your mind at rest. Use the Request-Feature tool in Tracker to appeal to Adobe to urgently release the hotfix.
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
AdChoices