to apply CHF1 for CF9.0.1 or not

Report · Jun 15, 2011

Hello,

Has anyone else applied CF9.0.1 latest security patch? See:

http://www.adobe.com/support/security/bulletins/apsb11-14.html

http://kb2.adobe.com/cps/907/cpsid_90784.html

Post upgrade I end up with a new log file \ColdFusion9\runtime\logs\esapiconfig.log.

CFadmin UI (http://.../cfide/administrator/index.cfm) - System Information post upgrade reports:

System Information
Server Details
Server Product ColdFusion
Version 9,0,1,274733
Update Level /C:/ColdFusion9/lib/updates/hf901-00002.jar
Adobe Driver Version 4.0 (Build 0005)

What is the esapiconfig.log file for?

Does CHF1 for CF9.0.1 (http://kb2.adobe.com/cps/862/cpsid_86263.html) need to be installed on a fresh installation since appears to me this new update deletes it? If so I guess fresh install process would be CF9 + updater1 + zips with JAR and files in cpsid_90784.html.

Thanks in advance, Carl.

Report · Jun 18, 2011

Hi,

Has anyone tried to apply this update with CF9 Server Manager? I find while the JAR file part of the process works (step 3 and 4) there is no ability to perform than manual file save and copy steps (step 6 thru 12) or indeed restart CF instance (step 13).

Cheers, Carl.

Report · Jun 18, 2011

Hotfix 1 doesn't require a fresh install. Simply put it into your /cfusion/lib/updates folder and restart.

Report · Jun 19, 2011

Hello,

To provide more details. When building up a new CF server normally is the case that I like to prepare it with updates, cumulative hotfixes, security, JVM update and lock down that are supported by the end user applications.

It seems to me this patch release supersedes CF9.0.1 CHF1 since the process of install it replaced chf1 changes? So when I build a new CF9 server I would CF9 + updater1 + (http://kb2.adobe.com/cps/907/cpsid_90784.html#main_ColdFusion 9.0.1)
which perhaps could loosely be called CF9 CHF2?

The rest of the CF build process would also be to apply JVM changes to for example 1.6.0_24 (or _26 depending, Adobe officially support up to _24

see:
http://blogs.adobe.com/coldfusion/2011/03/15/jdk-1-6-0_24-is-now-officially-supported/

and:
http://kb2.adobe.com/cps/894/cpsid_89440.html )

As well as alter some JVM configuration settings and apply lock down - as suitable for environment.

As for patching existing development or production servers, then I would simply have to follow the rollup process to move from it's existing patch level to current.

Thanks again, Carl.

Report · Sep 08, 2011

Applied the patch per the very ambiguous instructions, and it broke the administrator page. Many hours later, and although restoring from backup directories placed me in pre-patch state (except the admin shows the patch was applied because the jar file is still in place), I am wondering how to proceed. If it's not a mandate, I'd advise waiting for the next version. This single patch is going to require MONTHS of patching and regression testing on our part.

I have a strong desire to kick someone in the shins for this HORRID update. Did they outsource the updates as well as their help system?

Dave Newton

NASA - MSFC

Huntsville, AL

Report · Sep 19, 2011

Hi dave,

I see CHF2 for Cf9 has been released:

http://kb2.adobe.com/cps/918/cpsid_91836.html

Cheers, Carl.

Report · Oct 04, 2011

This patch was recently updated. You'll want to update your update if you installed this update.

Report · Oct 04, 2011

@ke4pym

Yes I noted the CHF2 release in recent post. CHF2 in part is a fixed rollup of earlier security releases plus other fixes.

Interesting CF updates page does not show CF9.0.1 CHF2 availability:

http://www.adobe.com/support/coldfusion/downloads_updates.html

However is listed on CF9 hot fix page:

http://kb2.adobe.com/cps/529/cpsid_52967.html

Regards, Carl.

Report · Oct 10, 2011

For interested readers.

Had opportunity to setup a new CF9 server. In brief this one I built as follows on Windows + IIS:
-CF9 install 9.0
-run updater 1 (so now version CF9.0.1)
-apply CHF2 (so now Update Level /ColdFusion9/lib/updates/chf9010002.jar)

Omitted the CHF1 steps. So far so good.

So I guess that correctly answers to original post. Hope that is helpful for others.

Cheers, Carl.