Copy link to clipboard
Copied
Is there a tool or a script to use that system admin can utilize to identify security advisories on a ColdFusion server that might need addressing? Looking for something like Windows Update or Shavlik Netchk that can scan a server and report back issues that need addressing.
Copy link to clipboard
Copied
I don't know of a system, but there is a web page.
http://www.adobe.com/support/security/#coldfusion
Copy link to clipboard
Copied
. I know I can go through the CFAdmin > “System Information” and look at the jar files loaded but it's cumbersome to then cross-reference the jar files with Adobe’s site.
Copy link to clipboard
Copied
Yes, there is a solution for this (security advisories and hotfixes), and it's free!
http://www.merlinmanager.com/
/charlie
Copy link to clipboard
Copied
Got Merlin Manager installed and this looks like a great tool...thx. When I look at updates and patches it indicates nothing. So am I to assume that not security patches or updates or needed? I installed v8.0.1 on one of my servers that I am about to put into production and I would like to make sure.
Copy link to clipboard
Copied
I can't tell if by "updated and patches indicates nothing" whether you mean (it means) to say you have applied none, or have none to be applied. I will note that if you download 8.0.1 today and install it, it DOES NOT include the hotfixes or cumulative hotfixes (Adobe does NOT rebuild the installer with each hf or chf set), so you need to do that.
As for your wondering, I would just double-check to be sure. The list of CF hotfixes for 8 and 8.0.1 are available at http://kb2.adobe.com/cps/402/kb402604.html. The list of hotfixes you've applied are shown in your CF Admin in the "system information" page (click the blue I icon in the top right of the CF Admin) and find the "update level" info near the top of the page displayed. Compare the two to determine.
Hope that helps.
Copy link to clipboard
Copied
I was really concerned about security updates. I think that the reason Merlin is not reporting anything is because feeds.feedburner.com is filtered, so I cannot resolve the url. I was just trying to find a more "simpler" way of identifying security patches that are needed by our ColdFusion servers.