Adobe has released new security and performance updates for maintained versions of ColdFusion Server. The ColdFusion 2018 update is “update 9” while the ColdFusion 2016 update is “update 15.” If you’re running wither of these versions of Adobe ColdFusion Server, you should strongly consider applying these updates.
Specifically, some vulnerabilities addressed relate to denial-of-service attacks, privilege escalation, and system file structure disclosures. Epicenter Consulting has installed these updates and is testing their impact on production systems.
The details of the updates, and what has changed is outlined in this Adobe Security Bulletin.