Thanks Charlie. Appreciate your input. <Ajas Mohammed /> iUseDropbox(http://db.tt/63Lvone9) http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives.
On Sat, Aug 4, 2012 at 4:50 PM, Charlie Arehart <[email protected]>wrote: > Ajas, if you look closely, you’ll see that they generally show 2 sets of > steps: one for if you have or one for if you have not applied the previous > security hotfix. So assuming you’ve not applied those that precede it, and > those before that, and so on, then no you don’t need do any but the latest. > That’s the general situation, at least. You (or someone interested) would > want to look closely to be sure. (I did that for the 801 fixes. For CF 9, I > now just apply 9.0.2, which also does already have them all applied.) > > Finally, use Pete’s hackmycf.com (and his paid version, which can check > things “from the inside” of the server) to best know how you’re doing on > your success with fixes. > > As for keeping up on which are released, check out John Mason’s cfUpdater: > http://www.codfusion.com/blog/page.cfm/projects/cfUpdater**** > > ** ** > > /charlie**** > > ** ** > > *From:* [email protected] [mailto:[email protected]] *On Behalf Of *Ajas > Mohammed > *Sent:* Thursday, July 26, 2012 9:45 AM > *To:* [email protected] > *Subject:* [ACFUG Discuss] CF 9 security hotfixes**** > > ** ** > > Hello all, > > I had a quick question about CF 9 Security hotfixes. We recently applied > the Directory Traversal hot fix which is > *APSB10-18<http://www.adobe.com/support/security/bulletins/apsb10-18.html> > *. If the server is not patched up with these fixes, then is it safe to > assume that start from the bottom of the list and go upwards for these > hotfixes? > > Also, can you share your experience of how you did this and also how you > monitored or came to know of a hotfix released by Adobe? > > Also, is it OK to apply all these HOTFIXES in one shot? > > > **** > > COLDFUSIONVersion 9**** > > *Brief* > > *Originally Posted* > > *Last Updated* > > *APSB12-15<http://www.adobe.com/support/security/bulletins/apsb12-15.html> > * Security update: Hotfix available for ColdFusion 9.0.1 and > earlier<http://www.adobe.com/support/security/bulletins/apsb12-15.html> > **** > > 6/12/2012**** > > 6/12/2012**** > > *APSB12-06<http://www.adobe.com/support/security/bulletins/apsb12-06.html> > * Security update: Hotfix available for > ColdFusion<http://www.adobe.com/support/security/bulletins/apsb12-06.html> > **** > > 3/13/2012**** > > 3/13/2012**** > > *APSB11-29<http://www.adobe.com/support/security/bulletins/apsb11-29.html> > * Security update: Hotfix available for > ColdFusion<http://www.adobe.com/support/security/bulletins/apsb11-29.html> > **** > > 12/13/2011**** > > 12/13/2011**** > > *APSB11-14<http://www.adobe.com/support/security/bulletins/apsb11-14.html> > * Security update: Hotfix available for > ColdFusion<http://www.adobe.com/support/security/bulletins/apsb11-14.html> > **** > > 6/14/2011**** > > 6/14/2011**** > > *APSB11-04 <http://www.adobe.com/support/security/bulletins/apsb11-04.html> > *Security update: Hotfix available for > ColdFusion<http://www.adobe.com/support/security/bulletins/apsb11-04.html> > **** > > 2/8/2011**** > > 3/7/2011**** > > *APSB10-18<http://www.adobe.com/support/security/bulletins/apsb10-18.html> > * Security update: Hotfix available for > ColdFusion<http://www.adobe.com/support/security/bulletins/apsb10-18.html> > **** > > 8/10/2010**** > > 8/11/2010**** > > *APSB10-11<http://www.adobe.com/support/security/bulletins/apsb10-11.html> > * Security update: Hotfixes available for > ColdFusion<http://www.adobe.com/support/security/bulletins/apsb10-11.html> > **** > > 5/11/2010**** > > 5/11/2010**** > > *APSB10-05<http://www.adobe.com/support/security/bulletins/apsb10-05.html> > * Security update available for > BlazeDS<http://www.adobe.com/support/security/bulletins/apsb10-05.html> > **** > > 2/11/2010**** > > 3/5/2010**** > > *APSB10-04<http://www.adobe.com/support/security/bulletins/apsb10-04.html> > * Solution available for potential ColdFusion information disclosure > issue<http://www.adobe.com/support/security/bulletins/apsb10-04.html> > **** > > 1/29/2010**** > > 1/29/2010**** > > > Thanks, > > <Ajas Mohammed /> **** > > iUseDropbox(http://db.tt/63Lvone9) > http://ajashadi.blogspot.com > We cannot become what we need to be, remaining what we are. > No matter what, find a way. Because thats what winners do. > You can't improve what you don't measure. > Quality is never an accident; it is always the result of high intention, > sincere effort, intelligent direction and skillful execution; it represents > the wise choice of many alternatives.**** > > ** ** > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by FusionLink <http://www.fusionlink.com> > -------------------------------------------------------------
