Note: This blog post is from 2011. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.If you may be applying several security hotfixes to a new implementation of CF (or one where none have been applied before), you may wonder if there's any significance to applying them in either chronological order (newest to oldest, or oldest to newest). The technotes don't really clarify this.
Update: Great news. It turns out that just days before I wrote this entry in late 2011, Adobe had in fact addressed and resolved this problem (quietly, I'd say) by making security fixes written from Dec 2011 (apsb11-29) on now have 2 sets of steps, one for if you HAD applied the security hotfix previous to it, and one for if you HAD NOT. And this has proven to be the case for the next few, as I write this update in late 2012. So we can now consider them effectively "cumulative", for those from Dec 2011, on. You need only focus on the latest, and follow either of its 2 provided sets of steps.
That said, I'm not 100% sure if all those from Dec 2011 include all ones prior to that. Has anyone tested things to know?
I'll leave the rest of the note below here for posterity, but stricken out.