This update also addresses a high severity vulnerability in ColdFusion that could be exploited to create arbitrary files on the remote system. This issue was addressed by updating the underlying code to avoid the creation of files outside of the web root. Update 14 resolves another high severity vulnerability that could be exploited to bypass the XSS filter. This update also addresses several moderate and low severity issues, including: - An issue where a user’s password was not being masked when it was stored in a field that was later submitted to the server. The issue was addressed by masking passwords before they are sent to the server in the field. - An issue where a user could see an error message when accessing a sub-site if that sub-site was configured to force a login. The issue was addressed by not showing the error message when accessing the sub-site. - An issue where a user could not create a sub-site if that sub-site was configured to require a login. Update 14 also includes a fix for a performance issue experienced when using ColdFusion Builder with a large number of templates in a project.
What is Adobe ColdFusion?
ColdFusion is a platform that provides a web application development platform with powerful features. ColdFusion supports developing, testing, and deploying cross-platform solutions in Ruby on Rails, Python, Java, PHP, Perl and others.
ColdFusion uses the ActionScript 3 programming language to develop interactive content for websites.
What is the ColdFusion Update Center?
The ColdFusion Update Center is a tool that provides automatic updates for the latest fixes and security releases. It will download, install, and update any previously downloaded patch or security release without any further user interaction. For more information, see the ColdFusion Security Update Guide.
How to Install ColdFusion Update 14?
To install the update, log in to your ColdFusion server and follow these steps:
- Open ColdFusion Administrator.
- Expand the Update Manager node on the left side of the window.
- Expand Update 14.
- Click Install This Update from the Actions dropdown menu.
- Select your appropriate Server Type, follow prompts to complete installation.
What is Apache ColdFusion?
ColdFusion is an application server designed to create dynamic websites. ColdFusion was originally developed by Macromedia in 1995 and has since been acquired by Adobe Systems. ColdFusion is widely used in enterprise software as well as on the web, and it is now supported by many third-party developers.
ColdFusion is a web application development platform that enables anyone to build web applications with ease, using common programming languages and frameworks such as Java, PHP, Perl, Python, Ruby on Rails, Node.js and more! Using ColdFusion Builder you can quickly and easily create rich internet applications without having to write a single line of code.
**UPDATE**
This update includes a fix for a performance issue experienced when using ColdFusion Builder with a large number of templates in a project.
Timeline
Published on: 10/14/2022 20:15:00 UTC
Last modified on: 10/14/2022 20:31:00 UTC