March 13, 2012 (This post is more than 2 years old.)Security hotfix available for ColdFusioncoldfusionTitle says it all - we released a new hotfix for ColdFusion today: http://www.adobe.com/support/security/bulletins/apsb12-06.htmlSupport this Content!If you like this content, please consider supporting me. You can become a Patron, visit my Amazon wishlist, or buy me a coffee! Any support helps!Want to get a copy of every new post? Use the form below to sign up for my newsletter. SubscribeWebmentionsArchived CommentsComment 1 by Rick posted on 3/13/2012 at 11:36 PMIf only there were an easy way to ensure that all current updates (security and otherwise) are installed on a CF server......or is there? (Got any secrets you want to share? I only have under a dozen CF servers of various versions....so could use the help.)Comment 2 by Raymond Camden posted on 3/14/2012 at 12:09 AMFor security, you should make use of Foundeo's HackMyCF service. It sounds scary, but it's an incredible service that will scan your machines and report issues to you. It's free, with a paid version. I cannot recommend it enough.As for everything else, unfortunately there isn't a real nice way to do this. ColdFusion 10 makes it easier since you can go to your CF Admin and check there though.Comment 3 by Michael Williams posted on 3/14/2012 at 6:15 AMWow. 14 steps to manually apply a security update. This is sad. I have a lot of servers. Adobe should do better than this.Comment 4 by Raymond Camden posted on 3/14/2012 at 6:22 AMAs I said above, ColdFusion 10 makes it easier. You can install hotfixes via the admin.Comment 5 by Michael Williams posted on 3/14/2012 at 7:12 AMIn a multi-server install would it be safe to patch the 1st instance: cfusion then build and ear from that instance and deploy new servers based on it using the Instance Manager? I suppose a .car could also work but I'm having trouble getting a .car created and deployed on my test server.Comment 6 by Raymond Camden posted on 3/14/2012 at 7:15 AMHate to say it - but no idea. I never use multiserver.Comment 7 by Michael Williams posted on 3/14/2012 at 7:22 AMI got the Packaging & Deployment > J2EE Archives to make an ear of my /cfusion patched instance and then deployed it as a new instance /cfusion4 with all the settings and files from the /cfusion instance. It seems to be working. No errors thrown. This might be a good way to patch this monster on CF8 Enterprise if all your server instances share the same or near the same settings. Trying to find the support forums for CF on the adobe site to see if anyone else has tried this approach. I dont' think I've needed the support forums since the Macromedia days...Comment 8 by Chris Bowyer posted on 3/15/2012 at 12:00 AMDuh!Instructions state...Customers who have applied the previous Security Hotfix APSB11-14 (included in ColdFusion 9.0.1 Cumulative Hotfix 2), see Section1. If you have not applied the previous Security Hotfix APSB11-14, see Section 2.As there is no reference in ColdFusion Administrator to hotfix numbers. Would ColdFusion version: 9,0,1,274733 mean Security Hotfix APSB11-14 has been applied?Comment 9 by Dan O&aposKeefe posted on 3/16/2012 at 2:23 AM@Chris, I tend to doubt it.I am in the same boat and that is how I ended up here. Ray is right about the hackmysite.com service. You need the paid version to get the HF status. Other than that, I think going back to CHF1 and looking at the changes required, download the update and compare file dates/times to the files on your server is the best way to go. Then do the same for CHF2.CHF1 08/31/2010 cpsid_86263CHF2 09/15/2011 cpsid_91836APSB11-29 12/13/2011APSB12-06 03/13/2012I believe that is the way it lays out.DanComment 10 by Eric Belair posted on 3/26/2012 at 9:52 PMRunning ColdFusion Version 8,0,1,195765. No idea what Cumulative Updates or Hotfixes are already applied. How should I proceed?Comment 11 by Raymond Camden posted on 3/26/2012 at 10:06 PMIt should be visible if you hit the I in the upper right hand corner of the CF Admin. (The system info link.) There should be an update level.