There will be no further patches released for CF8. As per the posting above, it's past it's "use by" date, basically: once it's out of "core support", there are no more patches. The "extended support" only counts if you are on the paid-for support programme for which that is relevant. Basically you pay Adobe some money for the possibility of being able to pay them even more money for them to fix their bugs.
However, for all these recent vulnerabilities that have been found, if you have run through the lockdown guide (which is essential to do for all public-facing servers as a matter of course anyhow) then the vulnerability is basically mitigated. The "vulnerabilities" are only really "vulnerabilities" on insecure servers.
That said: don't take my word for it, do some reasearch and draw your own conclusions. I say this only because I don't want to be seen to be pronouncing about Adobe's support and CF's vulnerabilities, because I don't want someone to get hacked adn refer back here and go "but that bloke Adam said..." ;-)
You wrote exactly my thoughts )
Mit freundlichen Grüßen
Corporate Information Technology
CIT CA HS 1 4
90411 Nürnberg, Deutschland
Tel. Geschäftlich: 091145051290
Tel. Mobil: 015254690615
Siemens Aktiengesellschaft: Vorsitzender des Aufsichtsrats: Gerhard Cromme; Vorstand: Peter Löscher, Vorsitzender; Roland Busch, Brigitte Ederer, Klaus Helmrich, Joe Kaeser, Barbara Kux, Hermann Requardt, Siegfried Russwurm, Peter Y. Solmssen, Michael Süß; Sitz der Gesellschaft: Berlin und München, Deutschland; Registergericht: Berlin Charlottenburg, HRB 12300, München, HRB 6684; WEEE-Reg.-Nr. DE 23691322
Von: Adam Cameron. email@example.com
Gesendet: Mittwoch, 29. Mai 2013 12:29
An: Winkelmann, Frank
Re: CVE-2013-0632, Hotfix APSB13-03 for Coldfusion 8 ???