NOW LIVE! Adobe ColdFusion 2023 and 2021 November security updates

Report · Nov 14, 2023

We are pleased to announce that we have released security updates to ColdFusion (2023 release) Update 6 and ColdFusion (2021 release) Update 12.

These updates resolve critical vulnerabilities that could lead to the deserialization of untrusted data, improper access control, and others. For more information, view the security bulletin, APSB23-52.

Where do I download the updates from

Download the updates from the following locations:

What do the updates contain

For more information, view the following tech notes:

Are the Docker images available

The images are available on the Docker hub and ECR.

Please update your ColdFusion versions and provide us with your valuable feedback.

Report · Nov 14, 2023

CF2023 Update 6 is not listed in CF Admin when installed with the refreshed ColdFusion 2023 installer.

Please update the updates.xml:

https://cfdownload.adobe.com/pub/adobe/coldfusion/xml/updates.xml
need to add an entry for <cfhf_server version="2023,0,05">. Currently there is only 2023,0,0.

Report · Nov 14, 2023

I have not found that to be true. Instead, what I find can happen (with about every update) is that something between your cf server and the Adobe server that serves that xml. You may want to try to visit it on a browser on your server. I'm not saying it WILL help, but it could. Otherwise in time you will find the update appears. You could also download it manually, as discussed and offered in the update technote.

/Charlie (troubleshooter, carehart.org)

Report · Nov 15, 2023

updates.xml has been changed and this issue is resolved. Thank you adobe.

Report · Nov 15, 2023

There was nothing for Adobe to do. Did you read my previous reply? You simply benefited from the expiring of whatever cache held up you seeing the updated xml. Again, I got it yesterday, the day it went live.

/Charlie (troubleshooter, carehart.org)

Report · Nov 15, 2023

I have found a post on CFML Slack that there have been some changes made and I confirmed the updates.xml has been changed.

Report · Nov 16, 2023

You may want to post these to the main update pages for CF 2021 (https://helpx.adobe.com/ca/coldfusion/kb/coldfusion-2021-updates.html) and CF 2023 (https://helpx.adobe.com/ca/coldfusion/kb/coldfusion-2023-updates.html), the are still showing the updates from October and not the most recent ones from November 14th.

Report · Nov 16, 2023

Thanks @neochad Let me check with my localization team.

Report · Nov 17, 2023

Hi @neochad

Please check the pages. They're updated now.

Report · Nov 23, 2023

Apologies for the late reply, that page is showing properly now. Though I also noticed that the coldfusion downloads page also shows the same issue. https://helpx.adobe.com/ca/coldfusion/kb/coldfusion-downloads.html#downloads3 and https://helpx.adobe.com/coldfusion/kb/coldfusion-downloads.html#downloads3 will show different JDK downloads as well.

Report · Nov 23, 2023

Thanks @neochad let me check. could be the same issue.