OK, so to be clear you're on basically a totally unpatched server. 9.0 (not either of the free updaters, 9.0.1 or 9.0.2), without any hotfixes, cumulative hotfixes, or security hotfixes.
(And no, Ajas, the list you offer is just the "security hotfixes". The updaters and hotfixes are instead at http://www.adobe.com/support/coldfusion/downloads_updates.html#cf9. (And though Adobe said they would no longer post 9.0.1 on their site, I see the updater there, on that page. There is also 9.0.2, the updater that removes Verity, and adds all hotfixes and security hotfixes for 9.0.1, as well as updates the JVM. 9.0.2 is the "most updated CF9 you can get", but do beware that in applying all the security hotfixes, there are some changes that can affect current functionality. See the security hotfix technotes for more.) Anyway, I'd propose that anytime you have "weird" problems, before going any further you ought to implement at least the CHFs for the version you're on (9.0), if not move up to a later updater and ITS CHFs, and then any HFs beyond the CHFs. I appreciate that you some may say, "well, we don't want to apply updates unless we have to". Ok, then I'd propose one should then review each of the technotes for the latest CHFs and any HFs beyond that, for whatever version of CF one is on, to see if it may offer any reference to the problem you're experiencing. But even then, the wording of these technotes (like many "change logs" for all kinds of apps) are fairly terse, so you may think "nothing there seems to apply", but it could be just misleading wording. So really, I'd propose that in a cause like yours Ajas, the next step is to apply fixes, if not updaters, and see of the "weird problem" doesn't just go away. Even if it doesn't, you a) can at least say you have applied all possibly related hotfixes and b) you get all the other benefits that would come with such hotfixes or updaters. But certainly, it's wise to do testing when applying any CHFs or updaters, and I know that some are reluctant to do these for that reason. I'm just saying, if you have a "weird problem", it may only go away by applying a needed patch. Hope that's helpful. /charlie From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Ajas Mohammed Sent: Monday, August 20, 2012 12:53 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] CFC path - bind autosuggest issue Server Product ColdFusion Version 9,0,0,251028 Edition Enterprise Operating System Windows 2003 OS Version 5.2 Adobe Driver Version 4.0 (Build 0005) JVM Details Java Version 1.6.0_14 Java Vendor Sun Microsystems Inc. Java Vendor URL http://java.sun.com/ Java Home C:\ColdFusion9\runtime\jre C:\ColdFusion9\lib\updates has 0 updates. I remember, I applied the directory traversal vulnerability update http://www.adobe.com/support/security/bulletins/apsb10-18.html . Vulnerability identifier: APSB10-18 CVE number: CVE-2010-2861 You were referring to these CF hotfixes right? COLDFUSION Version 9 Brief Originally Posted Last Updated <http://www.adobe.com/support/security/bulletins/apsb12-15.html> APSB12-15 <http://www.adobe.com/support/security/bulletins/apsb12-15.html> Security update: Hotfix available for ColdFusion 9.0.1 and earlier 6/12/2012 6/12/2012 <http://www.adobe.com/support/security/bulletins/apsb12-06.html> APSB12-06 <http://www.adobe.com/support/security/bulletins/apsb12-06.html> Security update: Hotfix available for ColdFusion 3/13/2012 3/13/2012 <http://www.adobe.com/support/security/bulletins/apsb11-29.html> APSB11-29 <http://www.adobe.com/support/security/bulletins/apsb11-29.html> Security update: Hotfix available for ColdFusion 12/13/2011 12/13/2011 <http://www.adobe.com/support/security/bulletins/apsb11-14.html> APSB11-14 <http://www.adobe.com/support/security/bulletins/apsb11-14.html> Security update: Hotfix available for ColdFusion 6/14/2011 6/14/2011 <http://www.adobe.com/support/security/bulletins/apsb11-04.html> APSB11-04 <http://www.adobe.com/support/security/bulletins/apsb11-04.html> Security update: Hotfix available for ColdFusion 2/8/2011 3/7/2011 <http://www.adobe.com/support/security/bulletins/apsb10-18.html> APSB10-18 <http://www.adobe.com/support/security/bulletins/apsb10-18.html> Security update: Hotfix available for ColdFusion 8/10/2010 8/11/2010 <http://www.adobe.com/support/security/bulletins/apsb10-11.html> APSB10-11 <http://www.adobe.com/support/security/bulletins/apsb10-11.html> Security update: Hotfixes available for ColdFusion 5/11/2010 5/11/2010 <http://www.adobe.com/support/security/bulletins/apsb10-05.html> APSB10-05 <http://www.adobe.com/support/security/bulletins/apsb10-05.html> Security update available for BlazeDS 2/11/2010 3/5/2010 <http://www.adobe.com/support/security/bulletins/apsb10-04.html> APSB10-04 <http://www.adobe.com/support/security/bulletins/apsb10-04.html> Solution available for potential ColdFusion information disclosure issue 1/29/2010 1/29/2010 <Ajas Mohammed /> iUseDropbox( <http://db.tt/63Lvone9> http://db.tt/63Lvone9) http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. On Mon, Aug 20, 2012 at 12:39 PM, Charlie Arehart <char...@carehart.org> wrote: Odd, indeed. I can't recall: what version of CF was this (including point release)? And would you say you have all CF hotfixes? (Not judged just by the CF Admin system info page, but by looking at what's in the lib\updates dir.) /charlie ------------------------------------------------------------- To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -------------------------------------------------------------
