1 Sep 2009

8x ColdFusion Hot Fixes in just 2 weeks!

First there were 7 hot fixes rolled out on the same day on 17th August – all to do with security vulnerabilities. Adobe’s documentation was sparse causing problems and lots of questions to be raised by early adaptors of the hot fixes.

Today, 1st Sep, Cumulative Hot Fix 3 has been released for CF 8.01 that fixes 21 new bugs as well as the fixes contained in the previous 2 cumulative hot fixes. This does not include fixes for the aforementioned 7 security vulnerabilities.

I can’t say I’ve encountered any of the bugs listed for Hot Fix 3 and they’re not security related so we’ll put some thought into whether to deploy it or not as I’m a great believer in “if it ain’t broke, don’t fix it”. Do read through the list of fixes to see if any issues are relevant to you. Maybe some of the descriptions will explain some strange errors you’ve encountered with your apps?

I notice there’s no fix for the mail spool bug I reported over a year ago.

Now, back to the 7 security hot fixes. The original documentation was, let’s face it, terrible. But on 28th Aug Adobe updated the text to make it clear that hot fix 1876 must only be applied if you’re running Apache. Do not apply it if you’re running IIS which is what I did on a test box. Luckily I held back on applying it to the prd servers before receiving confirmation that it’s not for IIS. The test box happily accepted the hot fix anyway and doesn’t seem any the worse for it.

Hot fix 1875 and 1878 are byte for byte absolutely identical which is really weird. Why didn’t Adobe roll them into the same hot fix instead of listing them separately and making people install two hot fix files which are the same in all but file name?

No comments:

Post a Comment