Security update for ColdFusion 9, 10 and Update 11: July 2013
A security update for ColdFusion 9 and ColdFusion 10 is released on 9th July. It fixes an important Denial of Service issue for ColdFusion 9 family running on JRun. There is also an update on ColdFusion 10 which fixes critical vulnerability that could permit an attacker to invoke public methods on ColdFusion CFCs using WebSockets. Complete details can be found at this bulletin and tech-note.
If you are on ColdFusion 10, you will see a new update 11 within the ColdFusion administrator. This update includes fix for above mentioned vulnerability as well as 50+ bug fixes. Complete details of the issues fixed can be found in this tech-note.