Ajas, if you look closely, you'll see that they generally show 2 sets of steps: one for if you have or one for if you have not applied the previous security hotfix. So assuming you've not applied those that precede it, and those before that, and so on, then no you don't need do any but the latest. That's the general situation, at least. You (or someone interested) would want to look closely to be sure. (I did that for the 801 fixes. For CF 9, I now just apply 9.0.2, which also does already have them all applied.)
Finally, use Pete's hackmycf.com (and his paid version, which can check things "from the inside" of the server) to best know how you're doing on your success with fixes. As for keeping up on which are released, check out John Mason's cfUpdater: http://www.codfusion.com/blog/page.cfm/projects/cfUpdater /charlie From: [email protected] [mailto:[email protected]] On Behalf Of Ajas Mohammed Sent: Thursday, July 26, 2012 9:45 AM To: [email protected] Subject: [ACFUG Discuss] CF 9 security hotfixes Hello all, I had a quick question about CF 9 Security hotfixes. We recently applied the Directory Traversal hot fix which is <http://www.adobe.com/support/security/bulletins/apsb10-18.html> APSB10-18. If the server is not patched up with these fixes, then is it safe to assume that start from the bottom of the list and go upwards for these hotfixes? Also, can you share your experience of how you did this and also how you monitored or came to know of a hotfix released by Adobe? Also, is it OK to apply all these HOTFIXES in one shot? COLDFUSIONVersion 9 Brief Originally Posted Last Updated <http://www.adobe.com/support/security/bulletins/apsb12-15.html> APSB12-15 <http://www.adobe.com/support/security/bulletins/apsb12-15.html> Security update: Hotfix available for ColdFusion 9.0.1 and earlier 6/12/2012 6/12/2012 <http://www.adobe.com/support/security/bulletins/apsb12-06.html> APSB12-06 <http://www.adobe.com/support/security/bulletins/apsb12-06.html> Security update: Hotfix available for ColdFusion 3/13/2012 3/13/2012 <http://www.adobe.com/support/security/bulletins/apsb11-29.html> APSB11-29 <http://www.adobe.com/support/security/bulletins/apsb11-29.html> Security update: Hotfix available for ColdFusion 12/13/2011 12/13/2011 <http://www.adobe.com/support/security/bulletins/apsb11-14.html> APSB11-14 <http://www.adobe.com/support/security/bulletins/apsb11-14.html> Security update: Hotfix available for ColdFusion 6/14/2011 6/14/2011 <http://www.adobe.com/support/security/bulletins/apsb11-04.html> APSB11-04 <http://www.adobe.com/support/security/bulletins/apsb11-04.html> Security update: Hotfix available for ColdFusion 2/8/2011 3/7/2011 <http://www.adobe.com/support/security/bulletins/apsb10-18.html> APSB10-18 <http://www.adobe.com/support/security/bulletins/apsb10-18.html> Security update: Hotfix available for ColdFusion 8/10/2010 8/11/2010 <http://www.adobe.com/support/security/bulletins/apsb10-11.html> APSB10-11 <http://www.adobe.com/support/security/bulletins/apsb10-11.html> Security update: Hotfixes available for ColdFusion 5/11/2010 5/11/2010 <http://www.adobe.com/support/security/bulletins/apsb10-05.html> APSB10-05 <http://www.adobe.com/support/security/bulletins/apsb10-05.html> Security update available for BlazeDS 2/11/2010 3/5/2010 <http://www.adobe.com/support/security/bulletins/apsb10-04.html> APSB10-04 <http://www.adobe.com/support/security/bulletins/apsb10-04.html> Solution available for potential ColdFusion information disclosure issue 1/29/2010 1/29/2010 Thanks, <Ajas Mohammed /> iUseDropbox( <http://db.tt/63Lvone9> http://db.tt/63Lvone9) http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
