Hi,
We have an application in Cold Fusion 9 and we ran a PCI pen test on it only to find that the application has vulnerabilities like HTTP response splitting (CVE-2012-2041), cross-site scripting (CVE-2011-0580) and authentication bypass (CVE-2013-0632). We have decided to migrate from CF 9 to the Latest version . My one humble question before i start digging in the world of cold fusion, although i am hearing about CF 11, all i see is a stable version of CF10 available.Is it the latest version of CF as far as production implementation are concerned?And also If we upgrade the application, will it do any harm to the code(like any tags or anything has been depricated)?
I have worked in java/j2ee for 3.5 years and never worked on CF. I hope you will pardon my ignorance.