A priority 2 update addressing an important vulnerability in ColdFusion 9 and above is released today. Adobe recommends to update the ColdFusion servers. Here is the link for security bulletin.
This hot fix resolves a vulnerability which could result in a sandbox permissions violation in a shared hosting environment - CVE-2012-5676. As a result to this fix named application scope will not be available in servlet context. This might affect applications using JSP interoperability.
In case you want to revert to old behavior you can add JVM flag -Dcoldfusion.allowappdatainservletcontext=true
For ColdFusion 10, use updater to get this update. This is update 6 and it contains previous updates for ColdFusion 10.
The details can be found at tech-note here.
This hot fix resolves a vulnerability which could result in a sandbox permissions violation in a shared hosting environment - CVE-2012-5676. As a result to this fix named application scope will not be available in servlet context. This might affect applications using JSP interoperability.
In case you want to revert to old behavior you can add JVM flag -Dcoldfusion.allowappdatainservletcontext=true
For ColdFusion 10, use updater to get this update. This is update 6 and it contains previous updates for ColdFusion 10.
The details can be found at tech-note here.