Skip to main content
S
Community Manager
Saurav_GhoshCommunity Manager
Community Manager
November 14, 2023
Question

NOW LIVE! Adobe ColdFusion 2023 and 2021 November security updates

  • November 14, 2023
  • 2 replies
  • 2629 views

We are pleased to announce that we have released security updates to ColdFusion (2023 release) Update 6 and ColdFusion (2021 release) Update 12.

 

These updates resolve critical vulnerabilities that could lead to the deserialization of untrusted data, improper access control, and others. For more information, view the security bulletin,  APSB23-52.

 

Where do I download the updates from

Download the updates from the following locations:

 

What do the updates contain

For more information, view the following tech notes:

 

Are the Docker images available

The images are available on the Docker hub and ECR.

 

Please update your ColdFusion versions and provide us with your valuable feedback.

      This topic has been closed for replies.

      2 replies

      N
      neochad
      Inspiring
      November 16, 2023

      You may want to post these to the main update pages for CF 2021 (https://helpx.adobe.com/ca/coldfusion/kb/coldfusion-2021-updates.html) and CF 2023 (https://helpx.adobe.com/ca/coldfusion/kb/coldfusion-2023-updates.html), the are still showing the updates from October and not the most recent ones from November 14th.

      S
      Community Manager
      Saurav_GhoshCommunity ManagerAuthor
      Community Manager
      November 16, 2023

      Thanks @neochad Let me check with my localization team.

      S
      shige.
      Participating Frequently
      November 15, 2023

      CF2023 Update 6 is not listed in CF Admin when installed with the refreshed ColdFusion 2023 installer.

      Please update the updates.xml:

      https://cfdownload.adobe.com/pub/adobe/coldfusion/xml/updates.xml
      need to add an entry for <cfhf_server version="2023,0,05">. Currently there is only 2023,0,0.

      Charlie Arehart
      Community Expert
      Charlie ArehartCommunity Expert
      Community Expert
      November 15, 2023

      I have not found that to be true. Instead, what I find can happen (with about every update) is that something between your cf server and the Adobe server that serves that xml. You may want to try to visit it on a browser on your server. I'm not saying it WILL help, but it could. Otherwise in time you will find the update appears. You could also download it manually, as discussed and offered in the update technote. 

      /Charlie (troubleshooter, carehart. org)
      S
      shige.
      Participating Frequently
      November 16, 2023

      updates.xml has been changed and this issue is resolved. Thank you adobe.

      Terms & ConditionsAccessibility statement
      Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices