Applying CF security hotfixes: do it from oldest to newest (depending!)

Posted At : December 16, 2011 4:47 PM | Posted By : Charlie Arehart
Related Categories: admin, hotfix, troubleshooting
Comments: (0)

Note: This blog post is from 2011. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.

If you may be applying several security hotfixes to a new implementation of CF (or one where none have been applied before), you may wonder if there's any significance to applying them in either chronological order (newest to oldest, or oldest to newest). The technotes don't really clarify this.

Update: Great news. It turns out that just days before I wrote this entry in late 2011, Adobe had in fact addressed and resolved this problem (quietly, I'd say) by making security fixes written from Dec 2011 (apsb11-29) on now have 2 sets of steps, one for if you HAD applied the security hotfix previous to it, and one for if you HAD NOT. And this has proven to be the case for the next few, as I write this update in late 2012. So we can now consider them effectively "cumulative", for those from Dec 2011, on. You need only focus on the latest, and follow either of its 2 provided sets of steps.

That said, I'm not 100% sure if all those from Dec 2011 include all ones prior to that. Has anyone tested things to know?

I'll leave the rest of the note below here for posterity, but stricken out.

[....Continue Reading....]

Comments (0)

Related Blog Entries

CF911: Are you finding CF (or CF Admin) busted after applying a hotfix? A few possible reasons (October 21, 2011)
CFMyths: "If/when I apply Cumulative Hotfixes, I need apply only the latest CHF, right?" (December 12, 2010)
CFMyths: "When I download CF to install it from scratch, it has the latest fixes/updaters" (December 11, 2010)
You may have mistakenly applied an 8.0 CHF on a 8.0.1 CF server, and not realize it! (September 23, 2009)

Comments

There are no comments for this entry.

[Add Comment]

Enter your email address to subscribe to this blog.

Recent Comments

I'll be presenting at the online CFMeetup, on Adobe's 'new' CFSetup tool, useful for any CF version
Eric Seibert said: Charlie, thanks for all the information over the years for supporting and implementing ColdFusion. I ... [more]

Beware that latest Oracle JDK installers will REMOVE older JDK installs of that version
Charlie Arehart said: Eric, thanks so much. I'd indeed missed that news, which is first partly because I find few people s ... [more]

Beware that latest Oracle JDK installers will REMOVE older JDK installs of that version
eric said: As of build 381 of JDK 8 with the exe or MSI will act the same way and remove older versions.

New updates released for Java 8, 11, 17, 21, and 22 as of Apr 16 2024: resources and thoughts
Charlie Arehart said: I'll say first that you can indeed update the jvm Lucee uses, just as you can with CF, though like C ... [more]

New updates released for Java 8, 11, 17, 21, and 22 as of Apr 16 2024: resources and thoughts
Chris said: Hi, we're new to Lucee (have previously been running on Adobe CF for some time). We've noticed that ... [more]

Calendar

Sun	Mon	Tue	Wed	Thu	Fri	Sat
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30

Entries by year

2024

April (4)
March (1)
February (2)
January (6)

2023 (33)
2022 (20)
2021 (18)
2020 (17)
2019 (23)
2018 (15)
2017 (14)
2016 (17)
2015 (10)
2014 (19)
2013 (18)
2012 (32)
2011 (21)
2010 (30)
2009 (52)
2008 (95)
2007 (94)
2006 (94)

RSS

Contact

About

A veteran server troubleshooter who's worked in enterprise IT for more than three decades, Charlie Arehart (@carehart) is a longtime contributor to the community who as an independent consultant provides remote, short-term, and even on-demand troubleshooting/tuning assistance for organizations of all sizes and experience levels (carehart.org/consulting).

You can reach Charlie by email at charlie (at) carehart.org, or you can follow him on twitter, @carehart. This blog is one resource among several within https://www.carehart.org/, where you can also find out more about him.

In fact, if you'd like his help, he's available for consulting for as little as 15 minutes.

Appreciate any of the resources I've offered?

Archives By Subject

admin (97) [RSS]
apache (10) [RSS]
API Manager (4) [RSS]
basics (8) [RSS]
blogging (14) [RSS]
business (2) [RSS]
carehart classics (26) [RSS]
CF Server Monitor (26) [RSS]
cf10 (58) [RSS]
cf11 (43) [RSS]
cf2016 (56) [RSS]
CF2016 Intro Series (8) [RSS]
cf2018 (53) [RSS]
cf2021 (45) [RSS]
cf2023 (25) [RSS]
cf411 series (10) [RSS]
cf8 (52) [RSS]
cf9 (33) [RSS]
cf911 (54) [RSS]
CFBuilder (20) [RSS]
CFFundamentals (5) [RSS]
cfml (35) [RSS]
cfmx (8) [RSS]
cfmythbusters (7) [RSS]
commandbox (3) [RSS]
community (24) [RSS]
connector (8) [RSS]
contributions (13) [RSS]
debugging (13) [RSS]
derby (5) [RSS]
docker (7) [RSS]
editors (10) [RSS]
evangelism (5) [RSS]
fusionreactor (62) [RSS]
general (59) [RSS]
hidden gems (12) [RSS]
homesite+ (3) [RSS]
hotfix (21) [RSS]
IIS (12) [RSS]
installation (8) [RSS]
introduction (2) [RSS]
java (42) [RSS]
javascript (2) [RSS]
jdbc (10) [RSS]
keyboard shortcuts (5) [RSS]
licensing (1) [RSS]
logs (7) [RSS]
lucee (19) [RSS]
monitoring (42) [RSS]
news (21) [RSS]
orm (2) [RSS]
performance (13) [RSS]
personal (3) [RSS]
PMT (5) [RSS]
podcasts (5) [RSS]
presentations (27) [RSS]
railo (10) [RSS]
resource lists (26) [RSS]
security (26) [RSS]
seefusion (11) [RSS]
sql server (14) [RSS]
tips (22) [RSS]
tomcat (8) [RSS]
tools (44) [RSS]
training (8) [RSS]
troubleshooting (71) [RSS]
tuning (14) [RSS]
ugtv (11) [RSS]
updates (51) [RSS]
web services (8) [RSS]
webserver (5) [RSS]
writing (20) [RSS]
zeus (3) [RSS]

Upcoming/Recent Conference Appearances

Adobe CF Summit East
Apr 2024

Into The Box
May 2024

CFCamp
June 2024

BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by