Hello, Like others I have seen the security advisory concerning Cold Fusion versions 2 to 4.5.1 SP2. What concerns me, and, evidently, others on the cold fusion boards, is the lack of details about this vulnerability. Usually, you would see a serious vulnerability like this being discussed on some mailing lists a few hours before a bulletin being issued, yet in this case, nothing. Maybe we are just paranoid, but since Allaire/Macromedia just released vesion 5 which is not vulnerable, is this just a ploy to get people to upgrade? This and the fact that there is a 3-8% performance degredation when you install the patch makes me want to know more about this. Also, if you are using NT4 and IIS, the patch breaks your server if you don't install MSVCRT 6.0 runtime files beforehand, so be careful. Anyone have any further info? Thanks, JF Prieur
This archive was generated by hypermail 2b30 : Thu Jul 12 2001 - 11:53:35 PDT