By the way, what is the best way to confirm that the security patch has been applied successfully?
Personally, I could only tell based of 1) The CF Admin information page says Update Level /C:/ColdFusion9/lib/updates/hf900-00009.jar 2) On my local CF install Windows 7, the timestamps on folders changed as I followed the steps. I noticed though on our QA servers( Windows 2003) the folder timestamps were weird as in they didn't show modification datetime as the changes were being applied which raised my curiosity. So other than these 2 things, is there another way to verify that the patching process was successful? <Ajas Mohammed /> iUseDropbox(http://db.tt/63Lvone9) http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. On Wed, Jan 16, 2013 at 9:39 AM, Ajas Mohammed <[email protected]> wrote: > Thanks Charlie, Cameron for keeping us updated with the latest. > > Charlie, thanks for those blog entries. Really appreciate all your help. > > <Ajas Mohammed /> > iUseDropbox(http://db.tt/63Lvone9) > http://ajashadi.blogspot.com > We cannot become what we need to be, remaining what we are. > No matter what, find a way. Because thats what winners do. > You can't improve what you don't measure. > Quality is never an accident; it is always the result of high intention, > sincere effort, intelligent direction and skillful execution; it represents > the wise choice of many alternatives. > > > On Wed, Jan 16, 2013 at 12:56 AM, Charlie Arehart <[email protected]>wrote: > >> Ok, call off the alarm (those of you on 9.0.2). It turns out that the >> confusion about the new hotfix (regarding 9.0.2) was just a mistake in the >> technote. All is as it should be, and everyone ought to apply this hotfix >> ASAP. :-) >> >> BTW, since writing my comment earlier, I have come out with a part 3 >> entry, on the hotfix and more. >> >> >> http://www.carehart.org/blog/client/index.cfm/2013/1/15/Part3_serious_security_threat >> >> Still planning a part 4, with post mortem and more. A bit busy now to >> commit to when. :-) >> >> /charlie**** >> >> ** ** >> >> *From:* [email protected] [mailto:[email protected]] *On Behalf Of *Charlie >> Arehart >> *Sent:* Tuesday, January 15, 2013 3:44 PM >> *To:* [email protected] >> *Subject:* RE: [ACFUG Discuss] New CF Vulnerability - Check your servers* >> *** >> >> ** ** >> >> Thanks for sharing it here, Cam. >> >> Do beware, though: for those on 9.0.2, there’s a glitch in the hotfix (a >> missing web-inf.zip within the cf902.zip). >> >> I’ve added a comment on the blog entry that points to that ( >> http://blogs.coldfusion.com/post.cfm/coldfusion-security-update-for-version-9-and-above), >> but obviously those who go straight to the technote wouldn’t see that. >> Hopefully Adobe will fix this ASAP. >> >> To be clear, this warning is only for those on 9.0.2. Those on 9.0, >> 9.0.1, or 10 should absolutely proceed with the hotfix as provided.**** >> >> ** ** >> >> /charlie**** >> >> **** >> >> ------------------------------------------------------------- >> To unsubscribe from this list, manage your profile @ >> http://www.acfug.org?fa=login.edituserform >> >> For more info, see http://www.acfug.org/mailinglists >> Archive @ http://www.mail-archive.com/discussion%40acfug.org/ >> List hosted by FusionLink <http://www.fusionlink.com> >> ------------------------------------------------------------- >> > >
