Wow, Ajas, the answer is that it's ABSOLUTELY NOT "the case". When you get ANY release of CF, it DOES NOT come with "all the updates". And as for 9.0.1 specifically, there were 4 CHFs and many individual security fixes since it was released. The same is true for all releases.
FWIW, I addressed this issue you're raising in a 2010 blog entry (with more detail): "CFMyths: "When I download CF to install it from scratch, it has the latest fixes/updaters" http://www.carehart.org/blog/client/index.cfm/2010/12/11/cfmyths_latest_inst aller_includes_all_updates I do mention there where you can find the CHFs: http://helpx.adobe.com/coldfusion/kb/hot-fixes-coldfusion-9.html. Of course, do be careful applying them, as things can break. I discuss that at length here: "CF911: Are you finding CF (or CF Admin) busted after applying a hotfix? A few possible reasons" http://www.carehart.org/blog/client/index.cfm/2011/10/21/why_chfs_may_break There is some good news for you, though, Ajas: if you do apply CF 9.0.1 CHF4, you will get all the individual, cumulative, AND security hotfixes at once. That latter point is new in CF 901 CHF4, in that it includes security updates. Previously, CHFs only included the previous hotfixes, not security updates. I realize that may sound great, but it can be a blessing and a curse. For many people, when they apply all security updates, they find that things do break. I discussed that as part of another entry: "CF911: New Adobe document about #ColdFusion security hotfixes: required reading, I'd say" http://www.carehart.org/blog/client/index.cfm/2013/5/21/new_adobe_summary_of _security_hotfix_tweaks I do realize that many folks, especially who don't spend much time in all this stuff, can easily misunderstand things, which is of course why I write the things I do, and in the depth I do. Finally, with all due (and sincere) respect to Ajas, when someone of his experience, so otherwise knowledgeable in the ways of CF administration (judging from his emails here and elsewhere) asks such a question, we really do have to shudder to think what the average developer/admin is assuming :-( I guess that's partly why I'm so busy in my CF server troubleshooting! But as you guys here see, I try (and try) to point out resources to help people avoid such problems and misconceptions.at least for those with the temerity to read more than a paragraph! :-) Fortunately Ajas has always been up to the challenge, so I trust both that he will have read to this point, and that he will take the information to hear (and accept my comment of the last paragraph in the spirit intended). More than that, I trust that he will now help others who may ever raise this same question. Hope others may get a chance to do the same. We're all in this together. :-) /charlie From: [email protected] [mailto:[email protected]] On Behalf Of Ajas Mohammed Sent: Wednesday, November 06, 2013 3:35 PM To: [email protected] Subject: Re: [ACFUG Discuss] wsconfig - CF 9.0.1 Windows 2008 R2 IIS 7 In terms of security, for CF 9.0.1, do I need to install anything like hotfixes & patches? I thought everything was included in the 9.0.1 updates, is that not the case? Can someone point me to link for hotfixes & security patches for CF 9.0.1. Thanks, <Ajas Mohammed /> ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
