Announcing ColdFusion updates released Apr 14 2026 - p1 security update

Posted At : April 14, 2026 10:14 PM | Posted By : Charlie Arehart
Related Categories: updates, security, cf2025, cf2023
Comments: (2)

An update for ColdFusion has been released, Apr 14 2026, for each of cf2025 (as its update 7) and cf2023 (as its update 19). In brief, this update is classed by Adobe as a P1 (Priority 1, "Critical") security update. Then again, the security bulletin (link below) indicates as of today that, "Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates."

(This is the second update since CF2021 has reached its end of life as I blogged previously, which is something folks running that should beware. You are now QUITE exposed to things fixed in these two updates, for which there is no fix for you.)

In this post, I share the details about the update (from Adobe and from others). I also share additional info you may want to consider before (or after) doing the update.

For more, read on.

[....Continue Reading....]

Comments (2)

Comments

[Add Comment]

the installer now mentions that it is clearing the felix-cache automatically. which is good. I checked and it was cleared.

# Posted By Michael | 4/15/26 6:51 PM

Michael, FWIW, I do acknowledge and address that in the section above on the topic:
https://www.carehart.org/blog/2026/4/14/coldfusion_updates_released_apr_14_2026#felix

where I conclude:

"While it's true that updates in early 2025 started doing a delete of the felix-cache folder as a FIRST step in the update process, that doesn't help if the update did update packages, in which case it's wise to delete it again AFTER the update, as discussed here. Again, this is just a recommended practice from my experience helping with hundreds of CF updates, not something Adobe mandates.)"

# Posted By Charlie Arehart | 4/15/26 9:10 PM

[Add Comment]

Home

View all posts

Enter your email address to subscribe to this blog.

Recent Comments

Announcing ColdFusion updates released Apr 14 2026 - p1 security update
Charlie Arehart said: Michael, FWIW, I do acknowledge and address that in the section above on the topic: ht ... [more]

Announcing ColdFusion updates released Apr 14 2026 - p1 security update
Michael said: the installer now mentions that it is clearing the felix-cache automatically. which is good. I check ... [more]

Announcing ColdFusion updates released Dec 9 2025 - p1 security update and more
sleepy said: Thank you very much for your detailed investigation and insights—I really appreciate it. & ... [more]

Announcing ColdFusion updates released Dec 9 2025 - p1 security update and more
Charlie Arehart said: You're absolutely right, Sleepy, now that you mention it. I can confirm see ... [more]

Announcing ColdFusion updates released Dec 9 2025 - p1 security update and more
sleepy said: Please see below. {code ... find cfusion/hf-updates&# ... [more]

Calendar

Sun	Mon	Tue	Wed	Thu	Fri	Sat
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30

Entries by year

2026

April (1)
January (2)

2025 (19)
2024 (28)
2023 (33)
2022 (20)
2021 (18)
2020 (17)
2019 (23)
2018 (15)
2017 (14)
2016 (17)
2015 (10)
2014 (19)
2013 (18)
2012 (32)
2011 (21)
2010 (30)
2009 (52)
2008 (95)
2007 (94)
2006 (94)

RSS

Contact

About

A veteran server troubleshooter who's worked in enterprise IT for more than three decades, Charlie Arehart (@carehart) is a longtime contributor to the community who as an independent consultant provides remote, short-term, and even on-demand troubleshooting/tuning assistance for organizations of all sizes and experience levels (carehart.org/consulting).

You can reach Charlie by email at charlie (at) carehart.org, or you can follow him on twitter/X, @carehart. This blog is one resource among several within https://www.carehart.org/, where you can also find out more about him.

In fact, if you'd like his help, he's available for consulting for as little as 15 minutes.

Appreciate any of the resources I've offered?

Archives By Subject

admin (109) [RSS]
apache (11) [RSS]
API Manager (4) [RSS]
basics (8) [RSS]
blogging (14) [RSS]
boxlang (1) [RSS]
bug reports (1) [RSS]
business (2) [RSS]
carehart classics (26) [RSS]
CF Server Monitor (26) [RSS]
cf10 (60) [RSS]
cf11 (46) [RSS]
cf2016 (61) [RSS]
CF2016 Intro Series (9) [RSS]
cf2018 (60) [RSS]
cf2021 (68) [RSS]
cf2023 (49) [RSS]
cf2025 (14) [RSS]
cf411 series (10) [RSS]
cf8 (52) [RSS]
cf9 (34) [RSS]
cf911 (54) [RSS]
CFBuilder (20) [RSS]
CFFundamentals (6) [RSS]
cfml (35) [RSS]
cfmx (8) [RSS]
cfmythbusters (7) [RSS]
commandbox (4) [RSS]
community (30) [RSS]
connector (8) [RSS]
contributions (13) [RSS]
debugging (14) [RSS]
derby (5) [RSS]
docker (8) [RSS]
editors (10) [RSS]
evangelism (5) [RSS]
fusionreactor (63) [RSS]
general (59) [RSS]
hidden gems (12) [RSS]
homesite+ (3) [RSS]
hotfix (21) [RSS]
IIS (13) [RSS]
installation (9) [RSS]
introduction (2) [RSS]
java (50) [RSS]
javascript (2) [RSS]
jdbc (10) [RSS]
keyboard shortcuts (5) [RSS]
licensing (8) [RSS]
logs (8) [RSS]
lucee (21) [RSS]
migrating (2) [RSS]
monitoring (42) [RSS]
news (22) [RSS]
orm (2) [RSS]
performance (15) [RSS]
personal (3) [RSS]
PMT (6) [RSS]
podcasts (5) [RSS]
presentations (34) [RSS]
railo (10) [RSS]
redis (2) [RSS]
resource lists (26) [RSS]
security (35) [RSS]
seefusion (11) [RSS]
sql server (14) [RSS]
tips (22) [RSS]
tomcat (9) [RSS]
tools (44) [RSS]
training (8) [RSS]
troubleshooting (76) [RSS]
tuning (14) [RSS]
ugtv (11) [RSS]
updates (75) [RSS]
web services (8) [RSS]
webserver (5) [RSS]
writing (20) [RSS]
zeus (3) [RSS]

Upcoming/Recent Conference Appearances

Adobe CF Summit
Jun 2026

Into The Box
May 2026

CFCamp
May 2025

Adobe CF Summit East
Mar 2025

BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the HTML in this page?)

Managed Hosting Services provided by