ColdFusion 9.0.1 vs 9.0.2 from security standpoint - Is an upgrade required?

Question

Hello,I have ColdFusion 9.0.1 (Enterprise edition) installed, with Cumulative Hotfix 4 and Security Patch APSB13 & 27 applied on it. The current version details look as below:Version: 9,0,1,274733Update Level: hf901-00010.jar  My question is, is an update from 9.0.1 to 9.0.2 really required from a security standpoint? "Verity" is not a concern for me, since I do not think I use it, and the presence of Verity is not a problem either. Are 9.0.1 with the above security updates, and 9.0.2 with security updates the same from a security standpoint, or do I gain any more security if I update to 9.0.2?Thanks,Arun

vishu_13 · Accepted Answer

Hi Arun,There is no such mandate that you have to go to CF 9.0.2. As ColdFusion 9.0.2 update is a summation of ColdFusion 9.0.1, ColdFusion 9.0.1 Cumulative HotFixes 1 & 2, all ColdFusion 9.0.1 Security HotFixes,without verity so you are getting the same security updates in 9.0.2 which are there in 9.0.1 but without verity however there is an updated JVMYou can check the changes mentioned in the CF 9.0.2 release notes : http://helpx.adobe.com/coldfusion/release-note/coldfusion-9-0-update-2.htmlThere was a hotfix release for CF 9.0.2 which you cna check here : http://helpx.adobe.com/coldfusion/kb/cumulative-hotfix-1-coldfusion-902.htmlThe latest update for CF 9.0.1 is http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-27.htmlCheck this article as well : http://www.carehart.org/blog/client/index.cfm/2013/8/19/understanding_ColdFusion_9.0.2_a_FAQ You will find this article much helpful HTH ThanksVJ

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded