When will Adobe provide a hotfix for TomCat 7.0.54

Question

I can upgrade Tomcat myself, but that approach isn't documented and isn't likely to be supported by Adobe.

Tomcat is bundled as part of ColdFusion 11, so I would hope Adobe would either provide a hotfix or suggest a supported method to upgrade Tomcat.

Tomcat 7.0.59 fixes the following issues:

Security Manager bypass CVE-2014-7810
Request Smuggling issue CVE-2014-0227
Denial of Service issue CVE-2014-0230

Anit_Kumar · Accepted Answer

I understand Joe. But as mentioned earlier, it will be in the next CF update. It's too early, to specify an exact date as of now.

Regards,

Anit Kumar

Hi Joe,

Tomcat is now upgraded to 7.0.64. The update is available in pre-release as of now and would be live soon. Please refer to the following blog articles.

http://blogs.coldfusion.com/post.cfm/coldfusion-11-update-7-is-available-for-early-access‌

ColdFusion 10 Update 18 is available for early access — Adobe ColdFusion Blog‌

Regards,

Anit Kumar

Anit_Kumar · Answer

I am looking into this Joe.Regards,Anit Kumar

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded