Documentation - V-279101

Title

ColdFusion must have notifications enabled when a server update is available.

Description

<VulnDiscussion>Security flaws with software applications are discovered daily. Vendors are constantly updating and patching their products to address newly discovered security vulnerabilities. To configure the software to discover that a new patch is available is important since administrators may be responsible for multiple servers running different applications and services, making it difficult for the administrator to constantly check for updates. Enabling the automatic check informs the adm...

Fix Text (Documentation Requirement)

If the ColdFusion server has access to a patch repository: 1. From the Admin Console Landing Screen, navigate to Package Manager >> Settings. 2. Enable "Check for updates every" by checking the box. 3. Enter a value greater than 0 in the "Days" field to define the update check interval. 4. Enter at least one valid email address in the "If updates are available, send email notification to" field. 5. Click "Submit Changes" to save the configuration. If the ColdFusion server does NOT have access to a patch repository: 1. Develop and maintain documented procedures describing how update notifications will be received. 2. Enroll all administrators in the Adobe automated patch notification service. 3. Retain a copy of the verification or confirmation email demonstrating enrollment.