Thanks Charlie. Congratulations on getting acknowledged by the security advisory.
<Ajas Mohammed /> iUseDropbox(http://db.tt/63Lvone9) http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. On Tue, Jan 22, 2013 at 8:02 PM, Charlie Arehart <char...@carehart.org>wrote: > For CF7, there are no new security hotfixes since 2008, but for CF8, there > were new ones as late as Sep ‘12. > > See: http://www.adobe.com/support/security/#coldfusion**** > > ** ** > > /charlie**** > > ** ** > > *From:* ad...@acfug.org [mailto:ad...@acfug.org] *On Behalf Of *Ajas > Mohammed > *Sent:* Tuesday, January 22, 2013 7:49 PM > > *To:* discussion@acfug.org > *Subject:* Re: [ACFUG Discuss] New CF Vulnerability - Check your servers** > ** > > ** ** > > I was wondering about people who are on CF 7/8. One of our server is still > on CF 7. So apart from restricting public access to CFIDE admin folders, is > there anything else that needs to be done for CF 7/8? I do know that this > security fix by adobe tech note addresses versions CF 9.0, 9.0.1, 9.0.2 and > CF 10. > > Thanks, > > **** > > <Ajas Mohammed /> **** > > iUseDropbox(http://db.tt/63Lvone9) > http://ajashadi.blogspot.com > We cannot become what we need to be, remaining what we are. > No matter what, find a way. Because thats what winners do. > You can't improve what you don't measure. > Quality is never an accident; it is always the result of high intention, > sincere effort, intelligent direction and skillful execution; it represents > the wise choice of many alternatives.**** > > ** ** > > On Tue, Jan 22, 2013 at 7:31 PM, Charlie Arehart <char...@carehart.org> > wrote:**** > > Yes, there are various issues like that which will now bite people who had > not done any of the security fixes until this one. I’ve been meaning to do > a blog entry to highlight them, but have just been too busy. > > /charlie**** > > *From:* ad...@acfug.org [mailto:ad...@acfug.org] *On Behalf Of *Ajas > Mohammed > *Sent:* Monday, January 21, 2013 5:12 PM > *To:* discussion@acfug.org**** > > > *Subject:* Re: [ACFUG Discuss] New CF Vulnerability - Check your servers** > ** > > **** > > Frank,**** > > > > I know PostParametersLimit is a different issue than the security fix, if > thats what you were trying to imply. I meant that since the security fix is > CUMULATIVE fix, we saw it for the first time after applying security > fix(because we had not patched up our servers with earlier > hotfixes/patches). > > So PostParametersLimit = No. of form fields, where as postSizeLimit = size > in MB of how big the post Size (form) can get. > > Thanks,**** > > <Ajas Mohammed /> **** > > **** > > ** ** > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by FusionLink <http://www.fusionlink.com> > ------------------------------------------------------------- **** > > ** ** > > ------------------------------------------------------------- > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by FusionLink <http://www.fusionlink.com> > ------------------------------------------------------------- >
