Does Adobe have a timeline for providing a hotfix for TomCat 7.0.70

Forum|Forum|9 years ago
August 10, 2016
1 reply
1989 views

I know I've asked these questions before, but I'm curious if anyone can speak to when Tomcat bundled with ColdFusion 11 will be updated?

Tomcat is bundled as part of ColdFusion 11, previously Adobe has provided a hotfix to upgrade Tomcat. Is this something on the product road map?

Tomcat 7.0.70 fixes the following issue:

Moderate: Denial of Service CVE-2016-3092

This topic has been closed for replies.

Correct answer Anit_Kumar

Hi Joe,

CF is not impacted with CVE-2016-3092 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092

Regards,

Anit Kumar

Anit_Kumar

Correct answer

Community Manager

Hi Joe,

CF is not impacted with CVE-2016-3092 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092

Regards,

Anit Kumar

pete_freitag

Participating Frequently

Thanks for providing that info Anit! I have downgraded this from Important to Warning on the HackMyCF scanner. I still keep it as Warning because I think it is important to know incase your CFML code makes use of the vulnerable classes.

I still hope Adobe plans to upgrade to Tomcat 7.0.70+ in CF10/11, and 8.0.36+ in CF2016 in the next update. It is important for many organizations.

Anit_Kumar

Community Manager

That will definitely happen Pete.

Regards,

Anit Kumar

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded