Announcing ColdFusion updates released Jan 13 2026 - p1 security update

Posted At : January 14, 2026 12:21 AM | Posted By : Charlie Arehart
Related Categories: updates, security, cf2025, cf2023
Comments: (0)

An update for ColdFusion has been released, Jan 13 2026, for each of cf2025 (as its update 6) and cf2023 (as its update 18). (This is the first update since CF2021 has reached its end of life as I blogged previously, so this is the first cf update NOT available for cf2021, which is something folks running that should beware.)

In brief, this update (for both versions) addresses a P1 (Priority 1, "Critical") security vulnerability, related to the Apache Tika java framework which Adobe embeds for certain processing with CF.

Before proceeding, it's of some concern to note that unlike recent CF security updates, Adobe does NOT report (in the APSB, linked to below) that they are, "not aware of any exploits in the wild for any of the issues addressed in these updates." That omission would seem to imply that they ARE aware of this vuln being exploited, which raises the urgency of getting it applied. (It also raises the concern all the more for those on CF2021 or earlier, for whom Adobe will no longer offers ANY updates, including security updates.)

In this post, I share the details about the update (from Adobe and from others). I also share additional info you may want to consider before (or after) doing the update.

For more, read on.

[....Continue Reading....]

Comments (0)

Comments

There are no comments for this entry.

[Add Comment]

Home

View all posts

Enter your email address to subscribe to this blog.

Recent Comments

Announcing ColdFusion updates released Dec 9 2025 - p1 security update and more
Charlie Arehart said: Thanks for that, Michael. I've not heard others needing it, but if someone does maybe we'l ... [more]

Announcing ColdFusion updates released Dec 9 2025 - p1 security update and more
Michael said: the update broke our Oracle JDBC connection. adding oracle.sql.**; to the se ... [more]

Announcing ColdFusion updates released Sep 9 2025 - p1 security update
Bill Tudor said: Invaluable spot from Matt - I too got the mail tag error after jumping from an Update 04 to 17 CF202 ... [more]

How to disable the Asus NumberPad, embedded within touchpad on some modern laptops
hannah said: I accidentally locked my numberpad when I first got my laptop and this finally helped my fix it yay& ... [more]

How to disable the Asus NumberPad, embedded within touchpad on some modern laptops
Charlie Arehart said: JG, that's the second of the options I offer at the top of my post here.

Calendar

Sun	Mon	Tue	Wed	Thu	Fri	Sat
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

Entries by year

2025 (19)
2024 (28)
2023 (33)
2022 (20)
2021 (18)
2020 (17)
2019 (23)
2018 (15)
2017 (14)
2016 (17)
2015 (10)
2014 (19)
2013 (18)
2012 (32)
2011 (21)
2010 (30)
2009 (52)
2008 (95)
2007 (94)
2006 (94)

RSS

Contact

About

A veteran server troubleshooter who's worked in enterprise IT for more than three decades, Charlie Arehart (@carehart) is a longtime contributor to the community who as an independent consultant provides remote, short-term, and even on-demand troubleshooting/tuning assistance for organizations of all sizes and experience levels (carehart.org/consulting).

You can reach Charlie by email at charlie (at) carehart.org, or you can follow him on twitter/X, @carehart. This blog is one resource among several within https://www.carehart.org/, where you can also find out more about him.

In fact, if you'd like his help, he's available for consulting for as little as 15 minutes.

Appreciate any of the resources I've offered?

Archives By Subject

admin (109) [RSS]
apache (11) [RSS]
API Manager (4) [RSS]
basics (8) [RSS]
blogging (14) [RSS]
boxlang (1) [RSS]
bug reports (1) [RSS]
business (2) [RSS]
carehart classics (26) [RSS]
CF Server Monitor (26) [RSS]
cf10 (60) [RSS]
cf11 (46) [RSS]
cf2016 (61) [RSS]
CF2016 Intro Series (9) [RSS]
cf2018 (60) [RSS]
cf2021 (68) [RSS]
cf2023 (48) [RSS]
cf2025 (13) [RSS]
cf411 series (10) [RSS]
cf8 (52) [RSS]
cf9 (34) [RSS]
cf911 (54) [RSS]
CFBuilder (20) [RSS]
CFFundamentals (6) [RSS]
cfml (35) [RSS]
cfmx (8) [RSS]
cfmythbusters (7) [RSS]
commandbox (4) [RSS]
community (30) [RSS]
connector (8) [RSS]
contributions (13) [RSS]
debugging (14) [RSS]
derby (5) [RSS]
docker (8) [RSS]
editors (10) [RSS]
evangelism (5) [RSS]
fusionreactor (63) [RSS]
general (59) [RSS]
hidden gems (12) [RSS]
homesite+ (3) [RSS]
hotfix (21) [RSS]
IIS (13) [RSS]
installation (9) [RSS]
introduction (2) [RSS]
java (49) [RSS]
javascript (2) [RSS]
jdbc (10) [RSS]
keyboard shortcuts (5) [RSS]
licensing (8) [RSS]
logs (8) [RSS]
lucee (21) [RSS]
migrating (2) [RSS]
monitoring (42) [RSS]
news (22) [RSS]
orm (2) [RSS]
performance (15) [RSS]
personal (3) [RSS]
PMT (6) [RSS]
podcasts (5) [RSS]
presentations (34) [RSS]
railo (10) [RSS]
redis (2) [RSS]
resource lists (26) [RSS]
security (29) [RSS]
seefusion (11) [RSS]
sql server (14) [RSS]
tips (22) [RSS]
tomcat (9) [RSS]
tools (44) [RSS]
training (8) [RSS]
troubleshooting (76) [RSS]
tuning (14) [RSS]
ugtv (11) [RSS]
updates (73) [RSS]
web services (8) [RSS]
webserver (5) [RSS]
writing (20) [RSS]
zeus (3) [RSS]

Upcoming/Recent Conference Appearances

Adobe CF Summit
Sep 2025

CFCamp
May 2025

Into The Box
May 2025

Adobe CF Summit East
Mar 2025

BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the HTML in this page?)

Managed Hosting Services provided by