Question 1: I have a CF 9.0.1 installation that is missing a number of security hotfixes (based on a vulnerability scan). The list of missing security hotfixes is below. Must I start at the beginning and apply each hotfix one by one? If I apply the newest one (July 2013) will that automatically include the updates for all previous hotfixes? The information online is rather vague. It states that newer updates "may" contain some of the older ones. It does not state definitely whether or not all previous hotfixes are included in the newly released ones.
Missing Security Hotfixes:
APSB13-19 July 2013 - Not Installed
APSB13-13 May 2013 - Not Installed
APSB13-10 Apr 2013 - Not Installed
APSB13-03 Jan 2013 - Not Installed
APSB12-26 Dec 2012 - Not Installed
APSB12-21 Sept 2012 - Not Installed
APSB12-15 June 2012 - Not Installed
APSB12-06 March 2012 - Not Installed
APSB11-29 December 2011 - Not Installed
APSB11-14 June 2011 - Not Installed
APSB11-04 February 2011 - Not Installed
APSB10-18 August 2010 - Not Installed
Question 2: What is the difference between Security Hotfixes and Cumulative Hotfixes? Is there any overlap between the two?
Thanks for the help!
Hotfix = Update --> in which bugs are fixed
Cumulative Hotfix --> Which contains all the previous hotfixes
For ColdFusion 9.0.1 there are 2 cumulative hotfix avaliable, hotfix 1 and hotfix 2. If you directly install cumulative hotfix 2 then it means this hotfix/update include the previous hotfix which is hotfix 1
Link for hotfix 1 of ColdFusion 9.0.1
Link for hotfix 2 of ColdFusion 9.0.1
Security Hotfix --> which takes care of security vulnerabilities.
Till Security Hotfix 13-03
Security Hotfix 13-13
Security Hotfix 13-19
Hope it helps