[Looking for Charlie's main web site?]

Announcing ColdFusion updates released Dec 9 2025 - p1 security update and more

Posted At : December 10, 2025 2:40 AM | Posted By : Charlie Arehart
Related Categories: updates, cf2021, cf2025, cf2023
Comments: (0)

An update for ColdFusion has been released, Dec 9 2025, for each of cf2025 (update 5), cf2023 (update 17) and cf2021 (update 23). This is in fact that FINAL update of CF2021, as it has reached its end of life as I blogged last month.

In brief, this update (for all 3 versions) ad.dresses several P1 (Priority 1, "Critical") security vulnerabilities, and also updates Tomcat, along with updating several CF packages, and makes some other changes (see below). Note that Adobe is also reporting currently that, "Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates."

In this post, I share the details about the update (from Adobe and from others). I also share additional info you may want to consider before (or after) doing the update.

Having installed the update for each of the releases on multiple machines, I can report that it went well expect for this:

Warning: on CF2023, after applying the update, I and others have experiences that the CF Admin is inaccessible and packages that were updates are unexpectedly uninstalled. I will offer a follow-up post on that, including how to solve the problem (until Adobe does), and how to ensure your own manual efforts to solve it are complete.

[....Continue Reading....]

Comments (0)

Comments

There are no comments for this entry.

[Add Comment]

Home

Search

Subscribe

Enter your email address to subscribe to this blog.

Recent Entries

Announcing ColdFusion updates released Dec 9 2025 - p1 security update and more

Reminder that CF2021 is end-of-life as of Monday Nov 10 2025

Announcing Java updates of Oct 21, 2025 for 8, 11, 17, 21, and 25 - thoughts and resources

Announcing ColdFusion updates released Sep 9 2025 - p1 security update

Announcing Java updates of Jul 15, 2025 for 8, 11, 17, 21, and 24 - thoughts and resources

Recent Comments

Announcing ColdFusion updates released July 8 2025 - p1 security update and more
Vicki said: To provide some quick answers: - I was previously on ColdFusion 2023 Update 14 &# ... [more]

Announcing ColdFusion updates released July 8 2025 - p1 security update and more
Charlie Arehart said: Vicki, I have some follow up (it's not clear if you tried things in that demo tool, though ... [more]

Announcing ColdFusion updates released July 8 2025 - p1 security update and more
Vicki said: Hi Charlie - yes, ColdFusion 2023 (not 2025), that was a typo. Yes, I deleted the felix-ca ... [more]

Announcing ColdFusion updates released July 8 2025 - p1 security update and more
Charlie Arehart said: Oh, and as a follow-up to my reply to Vicki just now, I just confirmed I got the same successful res ... [more]

Announcing ColdFusion updates released July 8 2025 - p1 security update and more
Charlie Arehart said: Vicki, I appreciate that you're offering that to help others, but I don't find that to be ... [more]

Calendar

Entries by year

2025

November (1)
October (1)
September (1)
July (2)
June (1)
May (1)
April (2)
March (3)
February (1)
January (4)

2024 (28)
2023 (33)
2022 (20)
2021 (18)
2020 (17)
2019 (23)
2018 (15)
2017 (14)
2016 (17)
2015 (10)
2014 (19)
2013 (18)
2012 (32)
2011 (21)
2010 (30)
2009 (52)
2008 (95)
2007 (94)
2006 (94)

RSS

Contact

About

charlie portrait

A veteran server troubleshooter who's worked in enterprise IT for more than three decades, Charlie Arehart (@carehart) is a longtime contributor to the community who as an independent consultant provides remote, short-term, and even on-demand troubleshooting/tuning assistance for organizations of all sizes and experience levels (carehart.org/consulting).

You can reach Charlie by email at charlie (at) carehart.org, or you can follow him on twitter/X, @carehart. This blog is one resource among several within https://www.carehart.org/, where you can also find out more about him.

In fact, if you'd like his help, he's available for consulting for as little as 15 minutes.

Appreciate any of the resources I've offered?

Archives By Subject

admin (109) [RSS]
apache (11) [RSS]
API Manager (4) [RSS]
basics (8) [RSS]
blogging (14) [RSS]
boxlang (1) [RSS]
bug reports (1) [RSS]
business (2) [RSS]
carehart classics (26) [RSS]
CF Server Monitor (26) [RSS]
cf10 (60) [RSS]
cf11 (46) [RSS]
cf2016 (61) [RSS]
CF2016 Intro Series (9) [RSS]
cf2018 (60) [RSS]
cf2021 (67) [RSS]
cf2023 (46) [RSS]
cf2025 (11) [RSS]
cf411 series (10) [RSS]
cf8 (52) [RSS]
cf9 (34) [RSS]
cf911 (54) [RSS]
CFBuilder (20) [RSS]
CFFundamentals (6) [RSS]
cfml (35) [RSS]
cfmx (8) [RSS]
cfmythbusters (7) [RSS]
commandbox (4) [RSS]
community (30) [RSS]
connector (8) [RSS]
contributions (13) [RSS]
debugging (14) [RSS]
derby (5) [RSS]
docker (8) [RSS]
editors (10) [RSS]
evangelism (5) [RSS]
fusionreactor (63) [RSS]
general (59) [RSS]
hidden gems (12) [RSS]
homesite+ (3) [RSS]
hotfix (21) [RSS]
IIS (13) [RSS]
installation (9) [RSS]
introduction (2) [RSS]
java (49) [RSS]
javascript (2) [RSS]
jdbc (10) [RSS]
keyboard shortcuts (5) [RSS]
licensing (8) [RSS]
logs (8) [RSS]
lucee (21) [RSS]
migrating (2) [RSS]
monitoring (42) [RSS]
news (22) [RSS]
orm (2) [RSS]
performance (15) [RSS]
personal (3) [RSS]
PMT (6) [RSS]
podcasts (5) [RSS]
presentations (34) [RSS]
railo (10) [RSS]
redis (2) [RSS]
resource lists (26) [RSS]
security (28) [RSS]
seefusion (11) [RSS]
sql server (14) [RSS]
tips (22) [RSS]
tomcat (9) [RSS]
tools (44) [RSS]
training (8) [RSS]
troubleshooting (75) [RSS]
tuning (14) [RSS]
ugtv (11) [RSS]
updates (71) [RSS]
web services (8) [RSS]
webserver (5) [RSS]
writing (20) [RSS]
zeus (3) [RSS]

Upcoming/Recent Conference Appearances

Adobe CF Summit
Sep 2025

CFCamp
May 2025

Into The Box
May 2025

Adobe CF Summit East
Mar 2025

Copyright ©2025 Charlie Arehart

BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the HTML in this page?)

Managed Hosting Services provided by