New Security Update Available for ColdFusion 9.0, 9.0.1, 9.0.2 and 10

New security update is available for coldfusion versions 9.0, 9.0.1, 9.0.2 and 10.0. This hotfix addresses the security issues specified in the technote here. Here is the link to the security bulletin for this hotfix. It also includes few important bug fixes for coldfusion 10 as specified here.

We recommend locking down your server by following the lock down guide and disable unused features in the production environments. 

10 Responses

  1. The instructions on the technote are incorrect for Section 2. The, and under section 2 *DO NOT* contain the CF9, CF901, and CF902 directories as listed (like previous ones APSB13-13). All three of the zips start with /lib inside the given zip.

    The Section 1 zips do contain the files with the CF9, CF901, or CF902 directory in the given zips.

  2. Is it necessary to reconfigure/rebuild the connector for all sites, or is upgrading them (Upgrade_all_connectors.bat) enough?

    The problem with reconfigure them is that the CFIDE virtualfolder is created in all sites, and I must manually delete this folder for all my sites.

  3. ps) this blog does not have a background colour set in the css. So if your browser is set to a default background colour other than white, that colour is displayed. It’s better to change the background colour of the html/body to white I think.

  4. @Pavankumar: Thanks for your response! Maybe the technote can be specific about that.
    For future updates: is upgrading the connectors with Upgrade_all_connectors.bat always enough? Or does that depend on the update?

  5. +1 for clearer connector instructions in update docs.

    When the update doc states, “reconfigure the connectors using wsconfig tool”, I understood that to mean, remove and recreate the connector, as there is no option to reconfigure in the wsconfig tool. Having a couple dozen servers with custom config files, it’s a pain to recreate them.

    I did take a snapshot of my test server and did the install twice, once recreating the connector and another with no changes to the connector. I have seen no difference, as @Pavankumar validated in saying ” if you are on coldfusion version 10 update 11 you do not need to re-configure the connectors.”

  6. […] If you get the following error when installing the update using the Download and Install option, ensure that the folder {cf_install_home}/{instance_name}/hf_updates has write permission […]

    The correct path is {cf_install_home}/{instance_name}/hf-updates

Leave a reply