The ColdFusion team has announced a critical update to ColdFusion 10 (Update 21) and 11 (Update 10) to address a potential issue associated with parsing crafted XML entities that could lead to information disclosure. CF2016 is not vulnerable to this issue. (ColdFusion 9 and earlier may be vulnerable, but are no longer supported. If you are running an older version of Coldfusion you really need to upgrade immediately).