I have ColdFusion 9.0.1 (Enterprise edition) installed, with Cumulative Hotfix 4 and Security Patch APSB13 & 27 applied on it. The current version details look as below:
Update Level: hf901-00010.jar
My question is, is an update from 9.0.1 to 9.0.2 really required from a security standpoint? "Verity" is not a concern for me, since I do not think I use it, and the presence of Verity is not a problem either.
Are 9.0.1 with the above security updates, and 9.0.2 with security updates the same from a security standpoint, or do I gain any more security if I update to 9.0.2?
There is no such mandate that you have to go to CF 9.0.2. As ColdFusion 9.0.2 update is a summation of ColdFusion 9.0.1, ColdFusion 9.0.1 Cumulative HotFixes 1 & 2, all ColdFusion 9.0.1 Security HotFixes,without verity so you are getting the same security updates in 9.0.2 which are there in 9.0.1 but without verity however there is an updated JVM
You can check the changes mentioned in the CF 9.0.2 release notes : http://helpx.adobe.com/coldfusion/release-note/coldfusion-9-0-update-2.html
There was a hotfix release for CF 9.0.2 which you cna check here : http://helpx.adobe.com/coldfusion/kb/cumulative-hotfix-1-coldfusion-902.html
The latest update for CF 9.0.1 is http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-27.html
Check this article as well : http://www.carehart.org/blog/client/index.cfm/2013/8/19/understanding_ColdFusion_9.0.2_a_F AQ You will find this article much helpful