G'day:
SSIA, really. But you know me: I can pad 14 words of information out to take 1400 words to say...
This is in reference to the security holes that were discovered in ColdFusion 10's web sockets implementation a few days ago, as I discussed in an earlier article: "Web socket security issue: risk assessment & findings".
Rakshith posted on Twitter & on the Adobe ColdFusion blog today that a fix is in the pipeline. He does not go into any details as to whether they're fixing all the issues identified, or some, or what: I guess time will tell.
However I'm pretty impressed with their turn-around time on this one. Henry raised the issue on June 27, and it's only a week later and they're got a patch in the works (I presume it's well under way, not that they were simply starting it when Rakshith announced it).
I look forward to testing it, and I will feedback with my findings having done so.
Not bad: only 180-odd words to re-articulate the necessary 14 ;-)
--
Adam