From time to time I get questions I can’t answer (ok, a lot of times) and I like to share them when I’m interested in the question/answer as well. In order to ‘flag’ it a bit better for my readers, I’m going to try to remember to prefix the title with “Stump the Chump”. This is based on something my buddy Robi Sen told me ages ago. Apparently it’s a game you play with a presenter when you just know he is talking about something he doesn’t truly understand. As a presenter, that sounds evil. As a person who has attended a few boring presentations in the past - it sounds fun as heck. Anyway, on to the question. Paul asks:
I have a (possibly) simple question: if you have multi-server installation of ColdFusion MX 7, updated to the latest cumulative hotfix, should you apply any JRun updaters? We are mainly concerned with security risks. A up-to-date version of CF7 already has JRun Updater 5 applied. Updaters 6 & 7 mention 'security fixes' in their generic summaries, but I don't know if there's anything in them that actually applies to ColdFusion. There doesn't appear to be any recommendation from Adobe about this, and little discussion on blogs and forums, so the general feeling I get is that we shouldn't apply them.
Hopefully my readers know the answer to this. I have minimal experience with JRun. I’m using it now on my Leopard box just to get ColdFusion running, but normally I do the simpler install which hides such things away.