Wednesday, August 19, 2009

CF: Adobe publishes hot fixes for ColdFusion

On August 17, 2009 Adobe published a number of security updates to numerous versions of ColdFusion. This has led to some scrambling to test these issues, get them patched etc.
So far the hotfixes did not appear to break anything but the packaging is lacking as many manual steps will have to be completed.
I could not quite understand why these hotfixes could not have been bundled together as one fix that can be applied.
To make our lives easier I have built an installer for ColdFusion 8.0.1 running on Windows systems to do just that. You are free to use it at your own risk.

The installer will update standalone installation of CF not J2EE/JEE installations.

Thus the following hot fixes will be applied:
CVE-2009-1872, CVE-2009-1875, CVE-2009-1876, CVE-2009-1877, CVE-2009-1878

These JRUN only updates will not:
CVE-2009-1873, CVE-2009-1874


Impressions from CFUnited, August 12 through 15, 2009

Many people in the middle of a Golf course. Learned new stuff, rehashed old stuff. The greats of ColdFusion held court, and Flex was the up and comer with attitude.
The good:
  • Open source coldfusion is engaged and attempting to move things forward. Adobe is cooperating for now. Railo was there and willing; OpenBD was there in spirit.
  • ColdFusion builder is here despite the CFEclipse and we can expect more opinions on why one is better than the other. Adobe did not want to play in this open source game.
  • ColdFusion 9 will have some expanded licensing options to make it easier to host things in the cloud.
  • ColdFusion has gained some momentum but still overall a nishe.
  • The food was pretty good.
The Bad:
  • Presenters could focus more on content and less on opinion.
  • Some are born to present; others not so.
  • ColdFusion is still niche and we need to not get so high on ourselves.
  • Flex purist insistance that they do not need to know anything about CF.
  • No CFUnited backpacks for the masses. What is up with that?
  • One hour barely covers anything technical well. More multi-hour tracks digging into topics would be helpfull for people seeking pure technology how to.
There is probably more that I missed but there you have it.