2 Replies Latest reply on Jun 7, 2013 5:50 AM by MSGTUSAF

    CF 8 vulnerability support

    MSGTUSAF

      Are security vulnerability patches being made available to CF 8.xx license holders until the 31 July 14 "End of Life" schedule on the ADOBE product matrix?

        • 1. Re: CF 8 vulnerability support
          rupesh_kumar Adobe Employee

          For any product, a patch is released only till the core support is there for the product. This means that there would not be any security patches released for CF 8.x.

          • 2. Re: CF 8 vulnerability support
            MSGTUSAF Level 1

            If what you say is true Please address the question in this forum from 14 May 2013.."Does vulnerability CVE-2013-3336 apply to CF8.0?

             

            This question is a response to clarify the release note from ADOBE..."ADOBE has identified a critical vulnerability affecting CF10, 9.0.2, 9.0.1, 9.0 and "earlier" versions for Windows, Mac...and Unix.  This vulnerability (CVE-2013-3336) could permit an unauthorized user to remotely retrieve files stored on a server.

             

            This release by ADOBE indicates CVE-2013-3336 earlier versions of coldfusion and that seems to include CF8.  Also, if an owner has extended support why would ADOBE allow extended support to go without vulnerability coverage?