I am working on a performance analysis for a client, some page requests need to do a cfhttp call, I had the thought to use cfthread for the http call, so that other processing could happen in parallel.

Adobe has just released a security hotfix for the FCKeditor vulnerability in Coldfusion 8.

Also of Note, Adobe's Terry Ryan posted a blog entry today detailing How to report a ColdFusion Security Issue to Adobe.

I've been meaning to post the slides the presentation I gave at cf.

I've had a chance to look at the FCKeditor code a little bit in order to determine what the risks actually are of this vulnerability.

There have been a few stories about a vulnerability in FCKeditor that is bundled with ColdFusion 8, first on SANS and now on The Register.

The FCKeditor ColdFusion connector isn't enabled on all CF installations, I think if you installed a fresh 8.0.