On August 17, 2009 Adobe published a number of security updates to numerous versions of ColdFusion. This has led to some scrambling to test these issues, get them patched etc.
So far the hotfixes did not appear to break anything but the packaging is lacking as many manual steps will have to be completed.
I could not quite understand why these hotfixes could not have been bundled together as one fix that can be applied.
To make our lives easier I have built an installer for ColdFusion 8.0.1 running on Windows systems to do just that. You are free to use it at your own risk.
The installer will update standalone installation of CF not J2EE/JEE installations.
Thus the following hot fixes will be applied:
CVE-2009-1872, CVE-2009-1875, CVE-2009-1876, CVE-2009-1877, CVE-2009-1878
These JRUN only updates will not:
CVE-2009-1873, CVE-2009-1874
Cheers,
No comments:
Post a Comment