This probably flew under the radar to many but Adobe has recently updated one of their support docs on upgrading JVM in ColdFusion, they now clearly state that you can upgrade to the latest minor release of a supported jvm version in ColdFusion:
All ColdFusion users can upgrade Java to the latest minor version for their ColdFusion servers. For example, ColdFusion customers using jdk 1.6.0_x can upgrade to the latest jdk 1.6.0_x update. (At the time of writing, the current version is jdk 1.6.0_35.) All future JDK 1.6.0_x releases are supported.
See http://helpx.adobe.com/coldfusion/kb/upgrading-java-coldfusion.html for details.
This is great news because Oracle frequently releases security and bug fixes for Java, and ColdFusion customers have been reluctant to upgrade the JVM in the past due to worry about Adobe Support.
Comments
Thanks for this info Pete. I've never updated the JVM before. Reading links on Charlie's article below, it appears I just install the 1.6.0_35 JDK and change the directory in the CF Administrator to the new directory instead of the directory under the /cf9/runtime/jre folder and then restart CF. Does it matter if I install 32 or 64-bit? http://www.carehart.org/blog/client/index.cfm/2011/10/28/CF911-Have-you-updated-your-ColdFusion-JVM-to-24-yet-Important-security-fix-for-CF-89
@Jeff - yes you are correct, you simply install the jvm and point CF to the new one. It certainly does matter if you install the 32 or 64 bit JVM, you will want to continue using whatever option you picked when you installed CF. If you run into any problems locate the jvm.config file and revert back to the path. Chances are though if you made a mistake you specified the wrong folder or installed 64 bit vs 32.
Good news! For which versions of ColdFusion? They wrote "for all users" .. but CF 8, 8.0.1, 9, 9.0.1, 9.0.2, 10? Thanks
@Paolo - I believe they are talking about all supported versions in this kb article. So that would include CF9-10 and CF8 if you have an extended support contract (core support for CF8 ended on 7/31/2012).