New CF Security bulletin, update to Unofficial Updater 2

  • December 14, 2011
  • David Epler

I just updated Unofficial Updater 2 to install the latest security bulletin APSB11-29 that Adobe released yesterday. This is pretty much the fastest turn around I have done when Adobe has released a hot fix, due to the fact it was a single file change and hopefully they won’t updated it like they have done to the last several. Also I have updated the wiki with instructions on how to run it command line and to force text only mode.

Read More

Another update to Unoffical Updater 2

  • November 4, 2011
  • David Epler

I have just updated Unoffical Updater 2 so that it will apply Cumulative Hot Fix 2 for ColdFusion 9.0.1 and it also fixes applying APSB11-14 to ColdFusion 8.0.1 since it was “silently” updated on September 16th. I say “silently” because there was nothing from Adobe saying they had updated it (blogs, email, tweets). It actually was announced on the ColdFusion Server Team Blog but isn’t all that clear. I found out when a user of UU2 said it was failing. UU2 uses SHA-512 hashes to verify the downloads. There are only two reasons for the hashes to be incorrect, either the file got corrupted during download, or Adobe updated the file.

Read More

Update to Unofficial Updater 2

  • August 3, 2011
  • David Epler

I have updated Unofficial Updater 2 so it now applies APSB11-14 since it has been out (and subsequently updated) for several weeks. The other change to UU2 is that it will now apply patches to ColdFusion 9.0.1 based upon the matrix of hotfixes.

Read More

Unofficial Updater 2 for ColdFusion 8

  • April 18, 2011
  • David Epler

So earlier this month, I wrote What does a fully patched ColdFusion 8.0.1 Server look like? which outlined my frustration and problems with the way Adobe currently releases hot fix and security updates for ColdFusion. Ultimately, my conclusion was that Adobe needs to release Update 2 for ColdFusion 8. While it felt good to write it all up, it didn’t solve the basic problem of getting a fully patched ColdFusion 8.0.1 Server. I still have to update multiple servers and applying all the published hot fix and security updates in order by hand just isn’t an option. It is too time consuming and error prone.

Read More

What does a fully patched ColdFusion 8.0.1 Server look like?

  • April 5, 2011
  • David Epler
Seems like that should be an easy question to answer but it isn’t. It really depends upon how ColdFusion was installed (standalone, multi-server JRun4, or J2EE EAR/WAR), what web server it is connected to, the underlying operating system, and if you need the hot fix that resolves a specific problem. At work I need to patch the ColdFusion 8.0.1 servers. Luckily (or unluckily) they have had nothing applied to them. Read More