Answered
When will Adobe provide a hotfix for Tomcat 9
Will Adobe provide a Coldfusion 2018 hotfix to address vulnerability in Tomcat 9? We currently have version 9.0.50. See CVE-2021-42340.
Thank you.
This topic has been closed for replies.
Yes, they will. They always do. What we do NOT know (nor will they tell us) is WHEN they will do it.
We can reasonably expect it will be in the next CF update, update 14 for CF2018 and update 4 for CF2021, which should include as well lots of CF bug fixes (that have remained even through the last update, which addressed only log4j vulns), and perhaps they will also remove any remaining reliance on log4j1.
But they don't announce in advance when those come out. It could be Friday, it could be next month. It is indeed lamentable, as there have been some known Tomcat issues for many months. (And inevitably, there will be new ones, and we will again be stuck awaiting their update to CF, as WE cannot update the Tomcat that underlies CF. Only they can, at least reliably.)
Sign up
Already have an account? Login
To post, reply, or follow discussions, please sign in with your Adobe ID.
Sign inSign in to Adobe Community
To post, reply, or follow discussions, please sign in with your Adobe ID.
Sign inEnter your E-mail address. We'll send you an e-mail with instructions to reset your password.
AdChoices