Skip to main content
C
carl type3
Legend
June 16, 2011
Question

to apply CHF1 for CF9.0.1 or not

  • June 16, 2011
  • 3 replies
  • 2284 views

Hello,

Has anyone else applied CF9.0.1 latest security patch? See:

http://www.adobe.com/support/security/bulletins/apsb11-14.html

http://kb2.adobe.com/cps/907/cpsid_90784.html


Post upgrade I end up with a new log file \ColdFusion9\runtime\logs\esapiconfig.log.

CFadmin UI (http://.../cfide/administrator/index.cfm)  - System Information post upgrade reports:


System Information 
Server Details 
Server Product  ColdFusion 
Version  9,0,1,274733   
Update Level  /C:/ColdFusion9/lib/updates/hf901-00002.jar   
Adobe Driver Version  4.0 (Build 0005)  

What is the esapiconfig.log file for?


Does CHF1 for CF9.0.1 (http://kb2.adobe.com/cps/862/cpsid_86263.html) need to be installed on a fresh installation since appears to me this new update deletes it? If so I guess fresh install process would be CF9 + updater1 + zips with JAR and files in cpsid_90784.html.

Thanks in advance, Carl.

    This topic has been closed for replies.

    3 replies

    A
    Anonymous
    October 4, 2011

    This patch was recently updated.  You'll want to update your update if you installed this update.

    C
    carl type3Author
    Legend
    October 4, 2011

    @ke4pym

    Yes I noted the CHF2 release in recent post. CHF2 in part is a fixed rollup of earlier security releases plus other fixes.

    Interesting CF updates page does not show CF9.0.1 CHF2 availability:

    http://www.adobe.com/support/coldfusion/downloads_updates.html

    However is listed on CF9 hot fix page:

    http://kb2.adobe.com/cps/529/cpsid_52967.html

    Regards, Carl.

    C
    carl type3Author
    Legend
    October 11, 2011

    For interested readers.

    Had opportunity to setup a new CF9 server. In brief this one I built as follows on Windows + IIS:
    -CF9 install 9.0
    -run updater 1 (so now version CF9.0.1)
    -apply CHF2 (so now Update Level  /ColdFusion9/lib/updates/chf9010002.jar)

    Omitted the CHF1 steps. So far so good.

    So I guess that correctly answers to original post. Hope that is helpful for others.

    Cheers, Carl.

    D
    DaveWNewton
    Participant
    September 8, 2011

    Applied the patch per the very ambiguous instructions, and it broke the administrator page.  Many hours later, and although restoring from backup directories placed me in pre-patch state (except the admin shows the patch was applied because the jar file is still in place), I am wondering how to proceed. If it's not a mandate, I'd advise waiting for the next version. This single patch is going to require MONTHS of patching and regression testing on our part.

    I have a strong desire to kick someone in the shins for this HORRID update. Did they outsource the updates as well as their help system?

    Dave Newton

    NASA - MSFC

    Huntsville, AL

    C
    carl type3Author
    Legend
    September 20, 2011

    Hi dave,

    I see CHF2 for Cf9 has been released:

    http://kb2.adobe.com/cps/918/cpsid_91836.html

    Cheers, Carl.

    C
    carl type3Author
    Legend
    June 18, 2011

    Hi,

    Has anyone tried to apply this update with CF9 Server Manager? I find while the JAR file part of the process works (step 3 and 4) there is no ability to perform than manual file save and copy steps (step 6 thru 12) or indeed restart CF instance (step 13).

    Cheers, Carl.

    A
    Anonymous
    June 18, 2011

    Hotfix 1 doesn't require a fresh install.  Simply put it into your /cfusion/lib/updates folder and restart.

    C
    carl type3Author
    Legend
    June 20, 2011

    Hello,

    To provide more details. When building up a new CF server normally is the case that I like to prepare it with updates, cumulative hotfixes, security, JVM update and lock down  that are supported by the end user applications.

    It seems to me this patch release supersedes CF9.0.1 CHF1 since the process of install it replaced chf1 changes? So when I build a new CF9 server I would CF9 + updater1 + (http://kb2.adobe.com/cps/907/cpsid_90784.html#main_ColdFusion 9.0.1)
    which perhaps could loosely be called CF9 CHF2?

    The rest of the CF build process would also be to apply JVM changes to for example 1.6.0_24 (or _26 depending, Adobe officially support up to _24

    see:
    http://blogs.adobe.com/coldfusion/2011/03/15/jdk-1-6-0_24-is-now-officially-supported/

    and:
    http://kb2.adobe.com/cps/894/cpsid_89440.html )

    As well as alter some JVM configuration settings and apply lock down - as suitable for environment.

    As for patching existing development or production servers, then I would simply have to follow the rollup process to move from it's existing patch level to current.

    Thanks again, Carl.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices