Ah, ok. Well, the issue is that that document was written when CF 9.0.1 (or
as it called itself there, "ColdFusion 9 update 1") was released.
The information it states was true then, a few years ago. They just did not
think to go back and update it as they created hotfixes after the fact. And
one could argue they could/should have been more clear and says "yes, at
least those that are available as of xxxx date when the 9.0.1 installers
were built."
So we see here how this is a pernicious problem with respect to anything you
read. I see people relying on old blog posts or form threads from years ago,
who assume that they state what is true ("they can't say anything that's not
true on the internet", right?), but they don't consider that it may have
been true then but is no longer. It may be because versions of software
change, it may be because understanding about how things work has changed
(for that writer, or for the community, and so on).
More than anything, I'd argue that this stems from people being rather lazy
in their writing, as above in the technote Ajas mentions. People need to
write more carefully knowing that what they say may stand for years. And if
folks wondered why I wrote so much when I do, that's as much part of the
reason as anything. People generally need the full context to really
understand things. At least, that's how I see it. :-)
/charlie
From: [email protected] [mailto:[email protected]] On Behalf Of Ajas Mohammed
Sent: Thursday, November 07, 2013 11:37 AM
To: [email protected]
Subject: Re: [ACFUG Discuss] wsconfig - CF 9.0.1 Windows 2008 R2 IIS 7
Hi,
I was really misled (or perhaps misread it) by this URL earlier,
http://helpx.adobe.com/coldfusion/kb/faq-coldfusion-9-0-update.html#main_Is_
the_latest_security_hot_fix . I knew I had read this somewhere but didnt
remember where. So looks like all hotfix and CHF are included for 9 and not
9.0.1 which would make sense.
Is the latest security hotfix and cumulative hotfix for ColdFusion 9
included in ColdFusion 9 Update 1?
Yes.
Anyway, for anyone reading this thread, the resource CFMYTHS
<http://www.carehart.org/blog/client/index.cfm/2010/12/11/cfmyths_latest_ins
taller_includes_all_updates%20> is awesome.
http://www.carehart.org/blog/client/index.cfm/2010/12/11/cfmyths_latest_inst
aller_includes_all_updates . I learned a lot from this post.
I would recommend people to start from there and then proceed to other
things. Like Charlie said, you can find the CHFs:
http://helpx.adobe.com/coldfusion/kb/hot-fixes-coldfusion-9.html.
Thanks Charlie, I always learn a great deal from your every single post. I
mean it.
Thanks,
<Ajas Mohammed />
iUseDropbox( <http://db.tt/63Lvone9> http://db.tt/63Lvone9)
http://ajashadi.blogspot.com
We cannot become what we need to be, remaining what we are.
No matter what, find a way. Because thats what winners do.
You can't improve what you don't measure.
Quality is never an accident; it is always the result of high intention,
sincere effort, intelligent direction and skillful execution; it represents
the wise choice of many alternatives.
On Thu, Nov 7, 2013 at 12:10 AM, Ajas Mohammed <[email protected]> wrote:
Thanks again, I kind of knew I was asking for trouble with that question.
:=)
I totally understand what you are referring to, in fact, I would take it as
part complement, when you refer to my posts. I wouldnt take offense to your
email, I have learned a lot from Esp Your emails.
I might have missed obvious but my main concern was if the last hot fix was
cumulative or not. I could not confirm it via adobe site earlier, maybe I
was rushing through it. Your comments make sense.
Thanks again,
On Nov 6, 2013 9:47 PM, "Charlie Arehart" <[email protected]> wrote:
Wow, Ajas, the answer is that it's ABSOLUTELY NOT "the case".
When you get ANY release of CF, it DOES NOT come with "all the updates". And
as for 9.0.1 specifically, there were 4 CHFs and many individual security
fixes since it was released. The same is true for all releases.
FWIW, I addressed this issue you're raising in a 2010 blog entry (with more
detail):
"CFMyths: "When I download CF to install it from scratch, it has the latest
fixes/updaters"
http://www.carehart.org/blog/client/index.cfm/2010/12/11/cfmyths_latest_inst
aller_includes_all_updates
I do mention there where you can find the CHFs:
http://helpx.adobe.com/coldfusion/kb/hot-fixes-coldfusion-9.html.
Of course, do be careful applying them, as things can break. I discuss that
at length here:
"CF911: Are you finding CF (or CF Admin) busted after applying a hotfix? A
few possible reasons"
http://www.carehart.org/blog/client/index.cfm/2011/10/21/why_chfs_may_break
There is some good news for you, though, Ajas: if you do apply CF 9.0.1
CHF4, you will get all the individual, cumulative, AND security hotfixes at
once. That latter point is new in CF 901 CHF4, in that it includes security
updates. Previously, CHFs only included the previous hotfixes, not security
updates. I realize that may sound great, but it can be a blessing and a
curse. For many people, when they apply all security updates, they find that
things do break. I discussed that as part of another entry:
"CF911: New Adobe document about #ColdFusion security hotfixes: required
reading, I'd say"
http://www.carehart.org/blog/client/index.cfm/2013/5/21/new_adobe_summary_of
_security_hotfix_tweaks
I do realize that many folks, especially who don't spend much time in all
this stuff, can easily misunderstand things, which is of course why I write
the things I do, and in the depth I do.
Finally, with all due (and sincere) respect to Ajas, when someone of his
experience, so otherwise knowledgeable in the ways of CF administration
(judging from his emails here and elsewhere) asks such a question, we really
do have to shudder to think what the average developer/admin is assuming :-(
I guess that's partly why I'm so busy in my CF server troubleshooting! But
as you guys here see, I try (and try) to point out resources to help people
avoid such problems and misconceptions.at least for those with the temerity
to read more than a paragraph! :-) Fortunately Ajas has always been up to
the challenge, so I trust both that he will have read to this point, and
that he will take the information to hear (and accept my comment of the last
paragraph in the spirit intended).
More than that, I trust that he will now help others who may ever raise this
same question. Hope others may get a chance to do the same. We're all in
this together. :-)
/charlie
From: [email protected] [mailto:[email protected]] On Behalf Of Ajas Mohammed
Sent: Wednesday, November 06, 2013 3:35 PM
To: [email protected]
Subject: Re: [ACFUG Discuss] wsconfig - CF 9.0.1 Windows 2008 R2 IIS 7
In terms of security, for CF 9.0.1, do I need to install anything like
hotfixes & patches? I thought everything was included in the 9.0.1 updates,
is that not the case?
Can someone point me to link for hotfixes & security patches for CF 9.0.1.
Thanks,
<Ajas Mohammed />
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by FusionLink <http://www.fusionlink.com>
-------------------------------------------------------------
-------------------------------------------------------------
To unsubscribe from this list, manage your profile @
http://www.acfug.org?fa=login.edituserform
For more info, see http://www.acfug.org/mailinglists
Archive @ http://www.mail-archive.com/discussion%40acfug.org/
List hosted by http://www.fusionlink.com
-------------------------------------------------------------
