Adobe has just released a security hotfix for the FCKeditor vulnerability in ColdFusion 8.
Also of Note, Adobe's Terry Ryan posted a blog entry today detailing How to report a ColdFusion Security Issue to Adobe. Update, link no longer works, but today you can report issues to Adobe's PSIRT team.
Comments
Just a head's up to anyone applying this one: 1) The .jar file comes down as a .zip file. Just change the extension 2) I downloaded this one locally, uploaded to the server, and then copied over into the CFIDE folder. After that, I got a server login bix whenever I tried to use cftextarea. Turns out the cftextarea.js file had the FTP folder priviliages, and it required more privliages to work in the CFIDE folder. Once I set them up to match the other folder in that directory, it was fine again.