UsefulConcept

I got an email with a security update bulletin from Adobe yesterday. 

It seems there is some sort of vulnerability via cfid and cftoken regarding session hijacking.  It affects both cf7 and cf8 unless you are using J2EE session management.

Patch can be found here.

If you use shared hosting and your host knows CF well then you are probably all set.  If they don't or your not sure you should let them know about the update.  Also if you don't get secuirty bulletins via email from adobe you should sign up for that today.

On a side note, I find the font color for the link in the security bulletin very hard to differentiate from the text of the page.  Took me a bit to find where to actually download the update.

Like this entry? Subscribe to my blog.