A couple people have told me they had no idea how to report a security issue in ColdFusion. So I figured I would clear it up.
Normally when you have an enhancement request or a bug report, we direct you to the “Go/Wish” page. This is the page for all Adobe products. You choose ColdFusion from the product list and enter your request, which is then emailed out to the product team. (Soon there will be a more public version of this available for just ColdFusion.)
However, if you have a security issue, it makes more sense to report it to the Product Security Incident Response Team. Then the process is a little different. There is a lot more back and forth communication. The actual process is documented publicly. In any case there are two ways to report it: