Hi Mark, The CHF does contain security fixes, but not all of them, you need to check out: http://helpx.adobe.com/security/products/coldfusion.html for a list of all the security patches and make sure you have applied them all.
If you keep your server updated it isn't too hard to manage, CF10 has improved this process a great deal with the hotfix installer. CF8 is no longer supported by Adobe, so if you are still on CF8 you might want to upgrade to CF9 or CF10 so you have all the latest security hotfixes.
Finally my company makes a product that helps you see what patches you have applied and which ones you need to apply called HackMyCF.
Funny enough I did try the hackmyCF earlier today, things didn't look TOO bad
I just did the CHF 4, and 1 security fix out of the 3
I guess that these are all I need to do?
I'll take a look at your link when I've done the other two
Applying patches and security fixes is like performing surgery! Every time I wonder.. is the CF going to start back up!
Not the easiest patch up I've had to do .. in fact, the worst!
Upgrading to CF10 will eliminate most of the headaches with patches and security fixes. A couple of clicks inside CF Administrator installs most updates.
I don't want to do anything that might rock the boat with all the existing currently working code, with Adobe you just never know what they might decide to throw in as a change that stops things working
The P.i.t.a. now is that I've done the CHF4 and the 3 hot fixes listed on here
but it's difficult to understand if I've already applied some of the fixes on here, or if I have to place more of them and which ones
Note: Changed Date 12/07/2009. Added more information regarding Security fixes. " suggests that info on the page has been updated but security fixes not added, but it's hardly clear.
Looks like I have to take the server down, and keep cutting and pasting files all over the place, like I'm part of an alpha Q.A. team
Since CF10 Developer Edition is free (which is what the trial version turns into after it expires), why not install it on a spare desktop box and test your application on it? Then, if everything works or only minor fixes are necessary to make it work, upgrade to CF10 and eliminate all of the pain?
Certainly a thought. Pick my poison, spend hours trying to put all these patches in place, or spend time installing a new version, and then MAYBE hours fixing lots of web sites.. urgh
It really sucks, most definately the worst update system ever, the poorly written instructions don't help
I've got that list of installs from 2007 onwards but it's not clear now, if I start installing them am I going to screw up the work I just did. Another one says if I installed the previous one already do xyz.. but do I install the previous one or does the last one overwrite it, it's all highly unclear, and frustrating
I had a quick look through them and didnt see anything that clearly tackled the problem of the admin hack
I feel a break time coming on!