A year or two ago I would have replied that ColdFusion is actually dead, and that using it or really, even, maintaining applications in it is irresponsible, because it's virtually impossible to secure. But I think it may have become so archaic that vulnerability researchers aren't really hitting it as much any more? Maybe you've weathered the storm, and CF will be safe to use from here on out?
As the article indicated, there are new releases, both in Adobe's proprietary version and the open source version (Lucee). Foundeo is a company built around CFML security tools (scanners and a WAF), and they release lockdown guides that are kept up to date.
I think it's the CF applications that aren't being maintained that are the biggest risk (and there's plenty of those) - Adobe has indicated which version are EOL:
I remember when it was being designed and first release that it was such a hodge-podge of ideas that in combination resulted in something that we could trivially see were bad using principles from long before.
(Obviously: don't use ColdFusion).