Ok, call off the alarm (those of you on 9.0.2). It turns out that the confusion about the new hotfix (regarding 9.0.2) was just a mistake in the technote. All is as it should be, and everyone ought to apply this hotfix ASAP. :-)
BTW, since writing my comment earlier, I have come out with a part 3 entry, on the hotfix and more. http://www.carehart.org/blog/client/index.cfm/2013/1/15/Part3_serious_securi ty_threat Still planning a part 4, with post mortem and more. A bit busy now to commit to when. :-) /charlie From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Charlie Arehart Sent: Tuesday, January 15, 2013 3:44 PM To: discussion@acfug.org Subject: RE: [ACFUG Discuss] New CF Vulnerability - Check your servers Thanks for sharing it here, Cam. Do beware, though: for those on 9.0.2, there's a glitch in the hotfix (a missing web-inf.zip within the cf902.zip). I've added a comment on the blog entry that points to that (http://blogs.coldfusion.com/post.cfm/coldfusion-security-update-for-version -9-and-above), but obviously those who go straight to the technote wouldn't see that. Hopefully Adobe will fix this ASAP. To be clear, this warning is only for those on 9.0.2. Those on 9.0, 9.0.1, or 10 should absolutely proceed with the hotfix as provided. /charlie ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
