No, a restart shouldn't be required. Dave Watts, CTO, Fig Leaf Software
-----Original Message----- From: David McGuigan <davidmcgui...@gmail.com> Sent: Saturday, 04 July, 2009 00:29 To: cf-talk <cf-talk@houseoffusion.com> Subject: Re: New CF8 vulnerability So do we not need to restart ColdFusion after making this change? On Fri, Jul 3, 2009 at 5:32 PM, Eric Roberts < ow...@threeravensconsulting.com> wrote: > > Dave (or anyone else with information), > > I know the vulnerability was in older versions of FCKEditor...if one were > to > install and use the current version, does it still have the vulnerability > or > has that been fixed? I just got an emergency gig to fix a site that was > hacked because of this and we need to know if it is safe to do this or just > keep FCKEditor disabled inthe meantime. > > Eric > > > On Thu, Jul 2, 2009 at 6:17 PM, Dave Watts <dwa...@figleaf.com> wrote: > > > > > You may want to check for this on any clients/projects you've worked > with: > > http://isc.sans.org/diary.html?storyid=6715 > > > > Remediation steps available here: > > http://www.codfusion.com/blog/post.cfm/cf8-and-fckeditor-security-threat > > > > Dave Watts, CTO, Fig Leaf Software > > http://www.figleaf.com/ > > > > Fig Leaf Software provides the highest caliber vendor-authorized > > instruction at our training centers in Washington DC, Atlanta, > > Chicago, Baltimore, Northern Virginia, or on-site at your location. > > Visit http://training.figleaf.com/ for more information! > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:324216 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4