Re: New CF security bulletin
On Wednesday 12 May 2010 19:21:35 you wrote: http://forta.com/blog/index.cfm/2010/5/11/ColdFusion-Security-Hotfix-Releas ed#comments Oh my. That's fairly impressive. -- Tom Chiverton Helping to interactively deploy total back-end strategic B2B synergies as part of the IT team of the year 2010, '09 and '08 This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office together with a list of those non members who are referred to as partners. We use the word “partner” to refer to a member of the LLP, or an employee or consultant with equivalent standing and qualifications. Regulated by the Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.co ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:333643 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: New CF security bulletin
Just a note to let people know that several of us have had trouble with this hot fix. http://forta.com/blog/index.cfm/2010/5/11/ColdFusion-Security-Hotfix-Released#comments ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:333613 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: New CF security bulletin
Just a note to let people know that several of us have had trouble with this hot fix. Problems how? I am just about to patch my dev box. Curious, G? On Wed, May 12, 2010 at 2:21 PM, Jason Fisher ja...@wanax.com wrote: Just a note to let people know that several of us have had trouble with this hot fix. http://forta.com/blog/index.cfm/2010/5/11/ColdFusion-Security-Hotfix-Released#comments ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:333615 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: New CF security bulletin
Just a note to let people know that several of us have had trouble with this hot fix. Problems how? I am just about to patch my dev box. Jason included this link, which describes problems with datasources: http://forta.com/blog/index.cfm/2010/5/11/ColdFusion-Security-Hotfix-Released#comments Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:333616 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: New CF security bulletin
The majority of users who applied the hotfix did not run into issues, but several have. So please make backups BEFORE applying the hotfix. The CF team is looking into this one. --- Ben -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Wednesday, May 12, 2010 2:57 PM To: cf-talk Subject: Re: New CF security bulletin Just a note to let people know that several of us have had trouble with this hot fix. Problems how? I am just about to patch my dev box. Jason included this link, which describes problems with datasources: http://forta.com/blog/index.cfm/2010/5/11/ColdFusion-Security-Hotfix-Release d#comments Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:333617 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: New CF security bulletin
Me = Slaps forehead. Running on autopilot today. Thanx G! On Wed, May 12, 2010 at 2:56 PM, Dave Watts dwa...@figleaf.com wrote: Just a note to let people know that several of us have had trouble with this hot fix. Problems how? I am just about to patch my dev box. Jason included this link, which describes problems with datasources: http://forta.com/blog/index.cfm/2010/5/11/ColdFusion-Security-Hotfix-Released#comments Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:333618 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: New CF security bulletin
Looks like there is an issue with CF8.0.1 64-bit with Hotfix 4 applied, where it doesn't like the filename convention of the security update. It appears that only CF8.0.1 64-bit with Hotfix 4 is impacted, so if you're using that version don't apply the update yet. --- Ben -Original Message- From: Ben Forta [mailto:b...@forta.com] Sent: Wednesday, May 12, 2010 3:01 PM To: cf-talk Subject: RE: New CF security bulletin The majority of users who applied the hotfix did not run into issues, but several have. So please make backups BEFORE applying the hotfix. The CF team is looking into this one. --- Ben -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Wednesday, May 12, 2010 2:57 PM To: cf-talk Subject: Re: New CF security bulletin Just a note to let people know that several of us have had trouble with this hot fix. Problems how? I am just about to patch my dev box. Jason included this link, which describes problems with datasources: http://forta.com/blog/index.cfm/2010/5/11/ColdFusion-Security-Hotfix-Release d#comments Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:333619 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: New CF security bulletin
Ugh. Engineering team was able to recreate the issue on 64bit CF, but some are seeing it on 32bit CF, too. They are working on a fix right now. If you have yet to apply the patch, I'd suggest waiting a little longer. --- Ben -Original Message- From: Ben Forta [mailto:b...@forta.com] Sent: Wednesday, May 12, 2010 3:32 PM To: cf-talk Subject: RE: New CF security bulletin Looks like there is an issue with CF8.0.1 64-bit with Hotfix 4 applied, where it doesn't like the filename convention of the security update. It appears that only CF8.0.1 64-bit with Hotfix 4 is impacted, so if you're using that version don't apply the update yet. --- Ben -Original Message- From: Ben Forta [mailto:b...@forta.com] Sent: Wednesday, May 12, 2010 3:01 PM To: cf-talk Subject: RE: New CF security bulletin The majority of users who applied the hotfix did not run into issues, but several have. So please make backups BEFORE applying the hotfix. The CF team is looking into this one. --- Ben -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Wednesday, May 12, 2010 2:57 PM To: cf-talk Subject: Re: New CF security bulletin Just a note to let people know that several of us have had trouble with this hot fix. Problems how? I am just about to patch my dev box. Jason included this link, which describes problems with datasources: http://forta.com/blog/index.cfm/2010/5/11/ColdFusion-Security-Hotfix-Release d#comments Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:333621 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: New CF security bulletin
Cross-posted from the comments on Ben's blog, but I saw it on my development machine at work, Windows XP, still 32-bit, so don't count on it being only 64-bit ... ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:333622 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: New CF security bulletin
Ben, thanks for the updates and glad to hear they're working on it. - Jason On 5/12/2010 4:01 PM, Ben Forta wrote: Ugh. Engineering team was able to recreate the issue on 64bit CF, but some are seeing it on 32bit CF, too. They are working on a fix right now. If you have yet to apply the patch, I'd suggest waiting a little longer. --- Ben -Original Message- From: Ben Forta [mailto:b...@forta.com] Sent: Wednesday, May 12, 2010 3:32 PM To: cf-talk Subject: RE: New CF security bulletin Looks like there is an issue with CF8.0.1 64-bit with Hotfix 4 applied, where it doesn't like the filename convention of the security update. It appears that only CF8.0.1 64-bit with Hotfix 4 is impacted, so if you're using that version don't apply the update yet. --- Ben -Original Message- From: Ben Forta [mailto:b...@forta.com] Sent: Wednesday, May 12, 2010 3:01 PM To: cf-talk Subject: RE: New CF security bulletin The majority of users who applied the hotfix did not run into issues, but several have. So please make backups BEFORE applying the hotfix. The CF team is looking into this one. --- Ben -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Wednesday, May 12, 2010 2:57 PM To: cf-talk Subject: Re: New CF security bulletin Just a note to let people know that several of us have had trouble with this hot fix. Problems how? I am just about to patch my dev box. Jason included this link, which describes problems with datasources: http://forta.com/blog/index.cfm/2010/5/11/ColdFusion-Security-Hotfix-Release d#comments Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:333623 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
New CF security bulletin
http://www.adobe.com/support/security/bulletins/apsb10-11.html Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:333588 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: New CF security bulletin
Man it would've been nice if the ER to make this all automatic had gone through right now. On Tue, May 11, 2010 at 1:47 PM, Dave Watts dwa...@figleaf.com wrote: http://www.adobe.com/support/security/bulletins/apsb10-11.html Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:333589 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
