Copy link to clipboard
Copied
I can upgrade Tomcat myself, but that approach isn't documented and isn't likely to be supported by Adobe.
Tomcat is bundled as part of ColdFusion 11, previously Adobe has provided a hotfix to upgrade Tomcat. Is this something on your roadmap?
Tomcat 7.0.68 fixes the following issues:
Moderate: CSRF token leak CVE-2015-5351
Moderate: Security Manager bypass CVE-2016-0714
Moderate: Security Manager bypass CVE-2016-0763
Joe,
I can confirm Tomcat is updated to 7.0.68 in CF 11 Update 8, and will be out very soon.
Regards,
Immanuel
Copy link to clipboard
Copied
This is supposedly being fixed in CF 11 Update 8. There is no ETA on the update but it is "just around the corner"
Copy link to clipboard
Copied
Joe,
I can confirm Tomcat is updated to 7.0.68 in CF 11 Update 8, and will be out very soon.
Regards,
Immanuel