Yeah, the details are pretty sketchy. They also don't mention to what
degree the patch has been tested on all of those versions of CF. I mean,
great, they found a security problem and are trying to be forwared about it,
but jeesh, let us in on the secret. I'm not in the habbit of blindly
patching mission critical software.
Jim
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, July 11, 2001 10:55 AM
Subject: RE: Important ColdFusion Security Patch Released Today
> Does anyone know:
>
> 1) exactly what files are updated (looks like all the stubs - such as
> iscf.dll - but I'm not sure)
>
> 2) the nature of the security problem - obviously MM is going for
> security-thru-obscurity and is not going to describe the exact problem,
but
> some clue as to the possible effects, how to tell if the weakness has been
> taken advantage of, etc would be helpful
>
> 3) what workarounds, if any, can be used instead of applying the patch
>
> 4) If there's a way to apply the patch without a reboot (if it's just the
> stubs an IIS stop-start might be enough)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
