Title says it all - we released a new hotfix for ColdFusion today: http://www.adobe.com/support/security/bulletins/apsb12-06.html
Title says it all - we released a new hotfix for ColdFusion today: http://www.adobe.com/support/security/bulletins/apsb12-06.html
Archived Comments
If only there were an easy way to ensure that all current updates (security and otherwise) are installed on a CF server......or is there? (Got any secrets you want to share? I only have under a dozen CF servers of various versions....so could use the help.)
For security, you should make use of Foundeo's HackMyCF service. It sounds scary, but it's an incredible service that will scan your machines and report issues to you. It's free, with a paid version. I cannot recommend it enough.
As for everything else, unfortunately there isn't a real nice way to do this. ColdFusion 10 makes it easier since you can go to your CF Admin and check there though.
Wow. 14 steps to manually apply a security update. This is sad. I have a lot of servers. Adobe should do better than this.
As I said above, ColdFusion 10 makes it easier. You can install hotfixes via the admin.
In a multi-server install would it be safe to patch the 1st instance: cfusion then build and ear from that instance and deploy new servers based on it using the Instance Manager? I suppose a .car could also work but I'm having trouble getting a .car created and deployed on my test server.
Hate to say it - but no idea. I never use multiserver.
I got the Packaging & Deployment > J2EE Archives to make an ear of my /cfusion patched instance and then deployed it as a new instance /cfusion4 with all the settings and files from the /cfusion instance. It seems to be working. No errors thrown. This might be a good way to patch this monster on CF8 Enterprise if all your server instances share the same or near the same settings. Trying to find the support forums for CF on the adobe site to see if anyone else has tried this approach. I dont' think I've needed the support forums since the Macromedia days...
Duh!
Instructions state...
Customers who have applied the previous Security Hotfix APSB11-14 (included in ColdFusion 9.0.1 Cumulative Hotfix 2), see Section1. If you have not applied the previous Security Hotfix APSB11-14, see Section 2.
As there is no reference in ColdFusion Administrator to hotfix numbers. Would ColdFusion version: 9,0,1,274733 mean Security Hotfix APSB11-14 has been applied?
@Chris, I tend to doubt it.
I am in the same boat and that is how I ended up here. Ray is right about the hackmysite.com service. You need the paid version to get the HF status. Other than that, I think going back to CHF1 and looking at the changes required, download the update and compare file dates/times to the files on your server is the best way to go. Then do the same for CHF2.
CHF1 08/31/2010 cpsid_86263
CHF2 09/15/2011 cpsid_91836
APSB11-29 12/13/2011
APSB12-06 03/13/2012
I believe that is the way it lays out.
Dan
Running ColdFusion Version 8,0,1,195765. No idea what Cumulative Updates or Hotfixes are already applied. How should I proceed?
It should be visible if you hit the I in the upper right hand corner of the CF Admin. (The system info link.) There should be an update level.