April 2018, adobe announced the release of ColdFusion 2016 Update 6 & ColdFusion 11 Update 14.
These updates –
address security vulnerabilities mentioned in the security bulletin APSB18-14,
upgrade the Tomcat engines & OpenSSL jars, and
contain few other bug fixes.
ColdFusion 2016 Update 6
ColdFusion 2016 Update 6 acknowledges the vulnerabilities listed inside security bulletin APSB18-14.
Along with it a Tomcat version upgrade to 8.5.28, OpenSSL upgrade to 1.0.2n & other bugs fixes.
For fixes to take effect, ColdFusion must be on JDK 1.8.0_121 or later. Post update the build number of ColdFusion 2016 should be 2016.0.06.308055.
Visit the page technote for complete installation instructions and the list of bugs fixed with this update.
ColdFusion 11 Update 14
ColdFusion 11 Update 14 acknowledges the vulnerabilities shown in the security bulletin APSB18-14.
Along with it a Tomcat version upgrade to 7.0.85, OpenSSL upgrade to 1.0.2n and other fixes.
The effect of the security fixes can be seen in, ColdFusion must be on JDK 1.7.0_131 or JDK 1.8.0_121 or higher.
Post update the build number of ColdFusion 11 should be 11,0,14,307976.
For detailed installation instructions and the list of bugs fixed with this update, refer this technote.