A ColdFusion security patch released two days before Christmas? I have a feeling that may have resulted in many sysadmins shouting "Fiddlesticks!" (or perhaps another f-word) earlier today. And on that note, may I suggest this perfect album for a little holiday cheer after the servers have been patched, the wine has been mulled, and the goose has been roasted to perfection:
Ghosts of Vulnerabilities Past?
Adobe released APSB24-107 today, which addresses one vulnerability in ColdFusion tracked as CVE-2024-53961 and described as a path traversal that could lead to file retrieval. Based on a quick review of the corresponding patches, it appears to be a security enhancement that improves protection (and possibly remediates bypasses) against the attack vectors first addressed in APSB24-14 / CVE-2024-20767 back in March.