This just came to my attention courtesy of Ron Stewart on Twitter:
#ColdFusion folks: Adobe has apparently released hotfixes for both ColdFusion 10 and 11: https://t.co/fR2fxVkKPU
— Ron Stewart (@oneofwe3geeks) April 14, 2015
Adobe also reported it, but I didn't notice. Oops.
Anyhow, the details are on their blog: "ColdFusion 11 Update 5 and ColdFusion 10 Update 16 released". But in summary:
ColdFusion 11 Update 5This Update includes approximately 115 bug fixes related to Language, Mobile Support, File Management, Document Management, Administrator, Connector and several other areas.
ColdFusion 10 Update 16ColdFusion 10 Update 16 includes approximately 35 bug fixes related to File Management, ORM, Language, Document Management and certain other areas
More importantly, both fix a security issue, as detailed in APSB15-07. It sounds like it's a XSS thing, so it's probably worth looking at (they're pretty light on detail, for obvious reasons). What detail is available is here: CVE-2015-0345.
Update:ColdFusion 11 update 5 might not show up in CFAdmin's updater page if you are already on Update 4. Anit is aware of this, and is on the case now. Make sure you're following him on Twitter for updates to this update ;-)
Update again: blimey, they had it fixed in about 5min. No bullshit.
I just installed the ColdFusion 11 update (from update 3), and it went smoothly. I went to version 11,0,05,293506. I'll try ColdFusion 10 shortly, and update this when done...[Adam makes dinner, installs update]... done. This update takes me to 10,0,16,293499.
I can't actually remember if these were the updates that we had beta versions for a while back, or whether they've been busy since then?
I do have to say I really appreciate the way they've lifted their games getting updates out though.
Do make sure to at least "subscribe" to that Adobe blog article too (again: "ColdFusion 11 Update 5 and ColdFusion 10 Update 16 released"): this way if anyone has any grief, you'll find out about it.
Good work, ColdFusion Team!