cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
ShowĀ Ā onlyĀ  | Search instead forĀ 
Did you mean:Ā 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • EspaƱol
      • FranƧais
      • PortuguĆŖs
  • ę—„ęœ¬čŖžć‚³ćƒŸćƒ„ćƒ‹ćƒ†ć‚£
    Dedicated community for Japanese speakers
  • ķ•œźµ­ ģ»¤ė®¤ė‹ˆķ‹°
    Dedicated community for Korean speakers
Exit
0
Upvote

Is there any hope in a new STIG to support newest ColdFusion

neowire
Explorer ,
Apr 28, 2023 Apr 28, 2023

Copy link to clipboard

Copied

While its vulnerabilities are still mostly relevant towards newer versions of ColdFusion, DISA has now sunset the Adobe ColdFusion 11 STIG as it has not seen an update since 26 Jul 2021. Is there any hope at all for Adobe to work through the vendor STIG process for the newest iterations of the software? 

Reference: https://public.cyber.mil/stigs/downloads/
Reference: https://public.cyber.mil/stigs/vendor-process/

Views

223

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
replies 5 Replies 5
latest latest Jump to latest reply
BKBK Community Expert
Community Expert ,
Apr 30, 2023 Apr 30, 2023

Copy link to clipboard

Copied

You are asking about Adobe working through the vendor STIG process for the newest iterations of which ColdFusion version?  

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Charlie Arehart Community Expert
Community Expert ,
Apr 30, 2023 Apr 30, 2023

Copy link to clipboard

Copied

In Response To BKBK

Indeed, and I will add that I'd brought this to Adobe's attention directly the other day, and asked them to please offer some answer here. 


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
neowire
Explorer ,
Jul 13, 2023 Jul 13, 2023

Copy link to clipboard

Copied

In Response To BKBK

@BKBK , I apologize for the great delay. I forgot that I put this out there. Yes, I am asking if Adobe has plans to go through the vendor STIG process for newer iterations of ColdFusion. 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Dave Watts Community Expert
Community Expert ,
Jul 13, 2023 Jul 13, 2023

Copy link to clipboard

Copied

LATEST
In Response To neowire

I have no idea. But I would guess not. It's a lot of work! Adobe ColdFusion contains a bunch of bundled products that Adobe doesn't completely control: a modified version of Apache Tomcat, a modified version of Apache Solr, DataDirect JDBC drivers, a bunch of JARs, a server JVM, and so on. So why should they go through that if they don't have to? My guess was that they did it back for CF 10 or whatever and decided there wasn't any benefit for them.

 

Dave Watts, Eidolon LLC 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Josh28586295ez4u
Community Beginner ,
May 01, 2023 May 01, 2023

Copy link to clipboard

Copied

Adobe has a history of responding to security vulnerabilities in their products and releasing updates to address them. It's possible that they will work through the vendor STIG process for their newest iterations of ColdFusion, but this would depend on their internal priorities and resources.

In the meantime, organizations using ColdFusion should continue to follow best practices for securing their systems, including keeping up with security updates and patches, monitoring for potential security threats, and implementing appropriate access controls and other security measures.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation
ColdFusion User Guide
Copyright Ā© 2023 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices