Wednesday, 3 July 2013

Official confirmation: Adobe is on the case regarding ColdFusion 10's web sockets security issue

G'day:
SSIA, really. But you know me: I can pad 14 words of information out to take 1400 words to say...

This is in reference to the security holes that were discovered in ColdFusion 10's web sockets implementation a few days ago, as I discussed in an earlier article: "Web socket security issue: risk assessment & findings".

Rakshith posted on Twitter & on the Adobe ColdFusion blog today that a fix is in the pipeline. He does not go into any details as to whether they're fixing all the issues identified, or some, or what: I guess time will tell.

However I'm pretty impressed with their turn-around time on this one. Henry raised the issue on June 27, and it's only a week later and they're got a patch in the works (I presume it's well under way, not that they were simply starting it when Rakshith announced it).

I look forward to testing it, and I will feedback with my findings having done so.

Not bad: only 180-odd words to re-articulate the necessary 14 ;-)

--
Adam