This has been one of the faster turn around times to get an updated Unofficial Updater 2 out. One of the items that stuck out was that one of the acknowledgments was to Alex Holden who co-discovered the Adobe password and software breach.
Well, I kind of missed blogging the last update to Unofficial Updater 2 back in May while I was at cf.Objective(). The latest update APSB13-19 dropped while I was on vacation at the beach, but still got it done two days after it was released by Adobe.
Unofficial Updater 2 has been updated (April 11th) to now apply the latest ColdFusion security hotfix APSB13-10 that was released on April 9th.
Stay on top of the patching since on April 10th a Metasploit exploit was released that exploits the previous security hotfix APSB13-03. It is only a matter of time until there is an exploit that goes after the latest security hotfix or the next unknown one.
So if you have been following things, Adobe released cumulative hotfixes to allow for Java 7 support and to update <cfmap> to use Google Maps API v3 instead of v2. Only problem is along the way they have had to update them a few times. It is exactly this situation which drove me to create Unofficial Updater 2 originally.
Frankly, the entire past 2 weeks should not have occurred. This really shines a light on how poorly thought out the Adobe ColdFusion update product teams’s release process is. And this is not the first time they have had to do multiple re-releases of hot fixes. APSB11-04 once, APSB11-14 twice, APSB12-06 once for CF801 only and pulled Update 3 for CF10. That track record does not inspire confidence.
I had intended to get this posting out earlier when I updated Unofficial Updater 2 on the 16th. Here are the changes that were made with the latest release UU2.