I was wondering about people who are on CF 7/8. One of our server is still on CF 7. So apart from restricting public access to CFIDE admin folders, is there anything else that needs to be done for CF 7/8? I do know that this security fix by adobe tech note addresses versions CF 9.0, 9.0.1, 9.0.2 and CF 10.
Thanks, <Ajas Mohammed /> iUseDropbox(http://db.tt/63Lvone9) http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. On Tue, Jan 22, 2013 at 7:31 PM, Charlie Arehart <char...@carehart.org>wrote: > Yes, there are various issues like that which will now bite people who had > not done any of the security fixes until this one. I’ve been meaning to do > a blog entry to highlight them, but have just been too busy. > > /charlie > > **** > > *From:* ad...@acfug.org [mailto:ad...@acfug.org] *On Behalf Of *Ajas > Mohammed > *Sent:* Monday, January 21, 2013 5:12 PM > *To:* discussion@acfug.org > > *Subject:* Re: [ACFUG Discuss] New CF Vulnerability - Check your servers** > ** > > ** ** > > Frank, > > > I know PostParametersLimit is a different issue than the security fix, if > thats what you were trying to imply. I meant that since the security fix is > CUMULATIVE fix, we saw it for the first time after applying security > fix(because we had not patched up our servers with earlier > hotfixes/patches). > > So PostParametersLimit = No. of form fields, where as postSizeLimit = size > in MB of how big the post Size (form) can get. > > Thanks, > **** > > <Ajas Mohammed /> **** > > ** ** > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by FusionLink <http://www.fusionlink.com> > ------------------------------------------------------------- >
