System information
Adobe documentation - Confidential
Patch Management Procedures
Staying up to date with patches is essential to maintaining security on the server. The system
administrator should monitor the vendors security pages for all software in use. Most vendors have a
security mailing list that will notify you by email when vulnerabilities are discovered.
Signup for the Adobe Security Notification Service:
http://www.adobe.com/cfusion/entitlement/index.cfm?e=szalert
Check the following websites frequently:
Adobe Security Bulletins: http://www.adobe.com/support/security/
Microsoft Security Tech Center: http://technet.microsoft.com/en-us/security/default.aspx
RedHat Security: http://www.redhat.com/security/updates/
Listing of security vulnerabilities in Apache web server: http://httpd.apache.org/security_report.html
Listing of security vulnerabilities in Tomcat: http://tomcat.apache.org/security-7.html
To keep updated with ColdFusion 11 updates you can use the server update feature in ColdFusion
administrator. Consider setting up an instance to email you when new updates are released. You should
also consider following http://blogs.coldfusion.com/
which is published by the ColdFusion engineering
team, Shilpi Khariwal’s blog (the Security Czar on the ColdFusion engineering team)
http://www.shilpikhariwal.com and finally third a third party commercial service http://hackmycf.com
/
Adobe documentation - Confidential