Last night I gave a presentation Ant Ain't Hard to the Capital Area ColdFusion User Group. It was the first presentation I have done in years for a user group and really enjoyed doing it. I also would like to thank Phill and Sandy for having me present and everyone that was able to attend.
I just updated Unofficial Updater 2 to install the latest security bulletin APSB11-29 that Adobe released yesterday. This is pretty much the fastest turn around I have done when Adobe has released a hot fix, due to the fact it was a single file change and hopefully they won’t updated it like they have done to the last several. Also I have updated the wiki with instructions on how to run it command line and to force text only mode.
I have just updated Unoffical Updater 2 so that it will apply Cumulative Hot Fix 2 for ColdFusion 9.0.1 and it also fixes applying APSB11-14 to ColdFusion 8.0.1 since it was “silently” updated on September 16th. I say “silently” because there was nothing from Adobe saying they had updated it (blogs, email, tweets). It actually was announced on the ColdFusion Server Team Blog but isn’t all that clear. I found out when a user of UU2 said it was failing. UU2 uses SHA-512 hashes to verify the downloads. There are only two reasons for the hashes to be incorrect, either the file got corrupted during download, or Adobe updated the file.
So earlier this month, I wrote What does a fully patched ColdFusion 8.0.1 Server look like? which outlined my frustration and problems with the way Adobe currently releases hot fix and security updates for ColdFusion. Ultimately, my conclusion was that Adobe needs to release Update 2 for ColdFusion 8. While it felt good to write it all up, it didn’t solve the basic problem of getting a fully patched ColdFusion 8.0.1 Server. I still have to update multiple servers and applying all the published hot fix and security updates in order by hand just isn’t an option. It is too time consuming and error prone.
Seems like that should be an easy question to answer but it isn’t. It really depends upon how ColdFusion was installed (standalone, multi-server JRun4, or J2EE EAR/WAR), what web server it is connected to, the underlying operating system, and if you need the hot fix that resolves a specific problem.
At work I need to patch the ColdFusion 8.0.1 servers. Luckily (or unluckily) they have had nothing applied to them. They are installed as multi-server JRun4 using the stock Java runtime 1.