[Looking for Charlie's main web site?]

CF911: New Adobe document about ColdFusion security hotfixes: required reading, I'd say

Note: This blog post is from 2013. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
Here's a new document from Adobe (new as of last week, it seems) that you may have missed, but which I would argue is REQUIRED READING for all CF admins and developers:

Important hotfix-related notes for ColdFusion 9 and ColdFusion 10

What is this about? and why is it important? Read on below, as the document itself and current links from Adobe don't quite convey its significance, I think. For more perspective, I discuss below both what has happened to many folks after applying ColdFusion security hotfixes in recent years, and how this document helps.

[....Continue Reading....]

Comments
That issue of session fixation does sound like something we may have unknowingly been hit by, and I agree that the info given isn't enough for me to understand the problem properly. Could you elaborate at all, or point me to a source?
# Posted By Jane | 5/23/13 12:31 PM
Hey Charlie - looking for some advice:
...is it possible to upgrade from 9,0,0,251028 direct to 9,0,2,282541, or do I need to uninstall 9,0,0,251028 , then install 9,0,2,282541 fresh? Or do all the 'hotfixes' just upgrade you to 9,0,2,282541? (e.g. will the hotfixes remove all the verity and turn my server into 9,0,2,282541)? Any help much appreciated.
Adobe info is a bit useless

Thanks
# Posted By jon | 8/18/13 9:36 AM
@Jane, so sorry I missed your comment there from back in May. As for more on fixation, I'd recommend you see the blg entry here:

http://www.petefreit...

@jon, no, you CANNOT upgrade a 9.0 or 9.0.1install to 9.0.2. You would have to remove 9.0 or 9.0.1 first. Why might you want to consider it? Why did Adobe create it? Since this this isn't the place to discuss that, I just created a new blog entry for you (and others):

http://www.carehart....
# Posted By Charlie Arehart | 8/19/13 12:47 AM
Thanks, that article helps a lot, especially the last sentence - since I first asked, we've moved up to CF10.
# Posted By Jane | 8/19/13 3:14 AM
Copyright ©2020 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting