Skip to main content
Joe Rybacek
Joe Rybacek
Inspiring
August 11, 2015
Answered

When will Adobe provide a hotfix for TomCat 7.0.54

  • August 11, 2015
  • 1 reply
  • 2188 views

I can upgrade Tomcat myself, but that approach isn't documented and isn't likely to be supported by Adobe.


Tomcat is bundled as part of ColdFusion 11, so I would hope Adobe would either provide a hotfix or suggest a supported method to upgrade Tomcat.


Tomcat 7.0.59 fixes the following issues:

  • Security Manager bypass CVE-2014-7810
  • Request Smuggling issue CVE-2014-0227
  • Denial of Service issue CVE-2014-0230
    This topic has been closed for replies.
    Correct answer Anit_Kumar

    I understand Joe. But as mentioned earlier, it will be in the next CF update. It's too early, to specify an exact date as of now.

    Regards,

    Anit Kumar


    Hi Joe,

    Tomcat is now upgraded to 7.0.64. The update is available in pre-release as of now and would be live soon. Please refer to the following blog articles.

    http://blogs.coldfusion.com/post.cfm/coldfusion-11-update-7-is-available-for-early-access

    ColdFusion 10 Update 18 is available for early access — Adobe ColdFusion Blog

    Regards,

    Anit Kumar

    1 reply

    Anit_Kumar
    Anit_Kumar
    Inspiring
    August 11, 2015

    I am looking into this Joe.

    Regards,

    Anit Kumar

      Joe Rybacek
      Joe RybacekAuthor
      Inspiring
      August 17, 2015

      Hi Anit.  Any updates or thoughts on those security issues?

      Joe Rybacek
      Joe RybacekAuthor
      Inspiring
      August 24, 2015

      Hi Joe,

      We are looking into this and evaluating the upgrade options. This will take some time.

      Regards,

      Anit Kumar

      Re: When will Adobe provide a hotfix for TomCat 7.0.54


      Hi Anit, thanks for the fast replys.  Any idea on how long it will take before the team determines if the issue impacts ColdFusion 11 with hotfix 5?  I presume it will take a while for the correct patch to be built.  If the issues above do impact ColdFusion is this forum an acceptable way to make that request, or should it file the request in Adobe's bug base?

      Terms & ConditionsAccessibility statement
      Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices