2012 ColdFusion Security Hotfix Posted
We just released security hotfix APSB12-15 for ColdFusion 9.0.1, 9.0, 8.0.1, and 8.0 for Windows, Macintosh and UNIX. This update resolves an HTTP response splitting vulnerability in the ColdFusion Component Browser.
Thanks for mentioning it.
Is this fix already included in 9.0.2 or did you just forget to add it to the list?
9.0.1 and earlier, so no, not applicable to 9.0.2. But, just to be sure, I am checking with the CF engineering team and will update if hear otherwise.
Thanks, Hemant confirmed it a few minutes ago on Twitter as well.