Another update to Unoffical Updater 2
I have just updated Unoffical Updater 2 so that it will apply Cumulative Hot Fix 2 for ColdFusion 9.0.1 and it also fixes applying APSB11-14 to ColdFusion 8.0.1 since it was “silently” updated on September 16th.
I say “silently” because there was nothing from Adobe saying they had updated it (blogs, email, tweets). It actually was announced on the ColdFusion Server Team Blog but isn’t all that clear. I found out when a user of UU2 said it was failing. UU2 uses SHA-512 hashes to verify the downloads. There are only two reasons for the hashes to be incorrect, either the file got corrupted during download, or Adobe updated the file.
Adobe has been much better getting security updates out, but the last two, APSB11-04 was revised once and APSB11-14 was revised twice. In both instances bugs were introduced that to me seem like they should have been caught in the QA process before they were released. The updating of the security updates has me a bit concerned particularly when Zeus is released with the automated hotfix mechanism. Hopefully everyone patches properly by applying to development and test before production, or waits a month or two to make sure Adobe does need to revise them. This is why UU2 is just getting updated now instead of when Adobe released CHF2 on September 16th.
I still wish Adobe would just package up ALL the existing hotfixes/cumulative hotfixes/security updates and update the JVM to release proper Update 2 packages for both ColdFusion 8 and 9.