Does Adobe have a timeline for providing a hotfix for TomCat 7.0.70

Forum|Forum|9 years ago
August 10, 2016
1 reply
1998 views

I know I've asked these questions before, but I'm curious if anyone can speak to when Tomcat bundled with ColdFusion 11 will be updated?

Tomcat is bundled as part of ColdFusion 11, previously Adobe has provided a hotfix to upgrade Tomcat. Is this something on the product road map?

Tomcat 7.0.70 fixes the following issue:

Moderate: Denial of Service CVE-2016-3092

This topic has been closed for replies.

Correct answer Anit_Kumar

Hi Joe,

CF is not impacted with CVE-2016-3092 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092

Regards,

Anit Kumar

Anit_KumarCorrect answer

Inspiring

Hi Joe,

CF is not impacted with CVE-2016-3092 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3092

Regards,

Anit Kumar

pete_freitag

Participating Frequently

Thanks for providing that info Anit! I have downgraded this from Important to Warning on the HackMyCF scanner. I still keep it as Warning because I think it is important to know incase your CFML code makes use of the vulnerable classes.

I still hope Adobe plans to upgrade to Tomcat 7.0.70+ in CF10/11, and 8.0.36+ in CF2016 in the next update. It is important for many organizations.

Priyank Shrivastava.

Inspiring

Has Adobe upgraded to Tomcat 7.0.70+ for CF11 or 8.0.36+ for CF2016? If not, do we have a timeline when we can expect that?

Hi,

We will not be releasing any update for CF11 as it is end of life. But we will release an update for CF2016 and upgrade the Tomcat.

Thanks,

Priyank

Thanks, Priyank Shrivastava

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded