Dear Macromedia Customer,

During a routine internal security audit of Macromedia
ColdFusion, Macromedia discovered two important security
issues that affect ColdFusion Server versions 2.0 through
4.5.1 SP2.

We have released a Security Bulletin about these issues
and a patch for ColdFusion Server versions 3.1.1, 4.0, 4.0.1,
4.5, 4.5.1 SP1, and 4.5.1 SP2 (all editions).

We are strongly encouraging customers to review the new
Macromedia Product Security Bulletin (MPSB01-07) and to
install the patch as quickly as possible. You can find the
security bulletin and the patch in the Security Zone at:

http://www.allaire.com/security

~~~~~~~
MPSB01-07: Macromedia releases patch that addresses
ColdFusion security issues.

Please note, the security issues DO NOT affect ColdFusion
Server 5.

As a Web application server vendor, the security of the
systems our customers deploy is a top priority. Securing
Web applications, especially those deployed on the Internet,
is complex and involves a wide range of technologies and
methodologies from a variety of vendors. Macromedia uses
the Security Zone in order to better inform our customers
about security issues that may affect them.

In the Security Zone you will find Security Bulletins that
explain important issues, technical briefs, and links to
other resources. In addition, you can subscribe to the
Security Notification Service in order to receive future
Security Bulletins when they are published.

We understand how important security is to our customers,
and we're committed to working to provide a secure platform
for your Web application development. Thank you for your
time and consideration on this issue.

   - Security Response Team, Macromedia, Inc.

~~~~
P.S. As a reminder, Macromedia has set up an e-mail
address that customers can use to report security issues
associated with any Macromedia product; that is:

secureallaire.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Macromedia Support and E-mail Information
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

For Customer Service and all Macromedia contacts, visit:
http://www.macromedia.com/macromedia/index_contact.fhtml

Thank you for your continued interest in Macromedia products.
If you'd rather not receive e-mails about events, classes,
or product updates, send an e-mail to removemacromedia.com
and type REMOVE ME in the Subject line.

~~~~~~~
THE INFORMATION PROVIDED BY MACROMEDIA IN THIS
BULLETIN IS PROVIDED "AS IS" WITHOUT WARRANTY OF
ANY KIND. MACROMEDIA AND ITS SUPPLIERS DISCLAIM ALL
WARRANTIES, WHETHER EXPRESS OR IMPLIED OR OTHERWISE,
INCLUDING THE WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE. ALSO, THERE IS NO
WARRANTY OF NON-INFRINGEMENT, TITLE OR QUIET
ENJOYMENT. (USA ONLY) SOME STATES DO NOT ALLOW THE
EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE
EXCLUSION MAY NOT APPLY TO YOU.

IN NO EVENT SHALL MACROMEDIA, INC. OR ITS SUPPLIERS
BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING,
WITHOUT LIMITATION, DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, SPECIAL, PUNITIVE, COVER, LOSS OF
PROFITS, BUSINESS INTERRUPTION OR THE LIKE, OR LOSS
OF BUSINESS DAMAGES, BASED ON ANY THEORY OF
LIABILITY INCLUDING BREACH OF CONTRACT, BREACH OF
WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT
LIABILITY OR OTHERWISE, EVEN IF MACROMEDIA, INC. OR
ITS SUPPLIERS OR THEIR REPRESENTATIVES HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. (USA
ONLY) SOME STATES DO NOT ALLOW THE EXCLUSION OR
LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR
INCIDENTAL DAMAGES, SO THE ABOVE EXCLUSION OR
LIMITATION MAY NOT APPLY TO YOU AND YOU MAY ALSO
HAVE OTHER LEGAL RIGHTS THAT VARY FROM STATE TO STATE.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]