New ColdFusion 8 vulnerability

No, a restart shouldn't be required. Dave Watts, CTO, Fig Leaf Software So do we not need to restart ColdFusion after making this change? On Fri, Jul 3, 2009 at 5:32 PM, Eric Roberts < owner@threeravensconsulting.com> wrote: > > Dave (or anyone else with information), > > I know the vulnerability was in older versions of FCKEditor...if one were > to > install and use the current version, does it still have the vulnerability > or > has that been fixed?  I just got an emergency gig to fix a site that was > hacked because of this and we need to know if it is safe to do this or just > keep FCKEditor disabled inthe meantime. > > Eric > > > On Thu, Jul 2, 2009 at 6:17 PM, Dave Watts <dwatts@figleaf.com> wrote: > > > > > You may want to check for this on any clients/projects you've worked > with: > > http://isc.sans.org/diary.html?storyid=6715 > > > > Remediation steps available here: > > http://www.codfusion.com/blog/post.cfm/cf8-and-fckeditor-security-threat > > > > Dave Watts, CTO, Fig Leaf Software > > http://www.figleaf.com/ > > > > Fig Leaf Software provides the highest caliber vendor-authorized > > instruction at our training centers in Washington DC, Atlanta, > > Chicago, Baltimore, Northern Virginia, or on-site at your location. > > Visit http://training.figleaf.com/ for more information! > > > > > >