A couple people have told me they had no idea how to report a security issue in ColdFusion. So I figured I would clear it up.
Normally when you have an enhancement request or a bug report, we direct you to the “Go/Wish” page. This is the page for all Adobe products. You choose ColdFusion from the product list and enter your request, which is then emailed out to the product team. (Soon there will be a more public version of this available for just ColdFusion.)
However, if you have a security issue, it makes more sense to report it to the Product Security Incident Response Team. Then the process is a little different. There is a lot more back and forth communication. The actual process is documented publicly. In any case there are two ways to report it:
- Fill out a Security Issue Report
- Or send an email to PSIRT@adobe.com
One thought on “Reporting ColdFusion Security Issues”
Figure I write up a post about the art of writing up a proper bug report to help this process out. It’s at http://www.codfusion.com/blog/post.cfm/how-to-submit-a-bug-report. Want to prevent emails flying into Adobe will bogus or badly documented reports.