tracker issue : CF-4205334

select a category, or use search below
(searches all categories and all time range)

Adobe should consider following the Java model for handling CF security fixes

| View in Tracker

Status/Resolution/Reason: Open//

Reporter/Name(from Bugbase): Charlie A. / ()

Created: 09/27/2019

Components: Installation/Config

Versions: 2018

Failure Type:

Found In Build/Fixed In Build: /

Priority/Frequency: Normal /

Locale/System: / Windows 10 64 bit

Vote Count: 15

I would like to publicly propose a new model that Adobe should consider following for handling CF updates, specifically allowing for one to implement security fixes as soon as possible, without being ill-effected by possible problems introduced by other bug fixes/new features.

There is precedent for the proposal I am making, in the way Oracle has in the past handled this problem with Java updates.

Bottom line, the idea is to have two updates each time:

-  one would have JUST the latest security fixes (AND it had any bug fixes/new features from the PREVIOUS update). This variant of the update would be used by those who "just wanted the latest security updates and NOT the latest bug fixes/new features".
- the other would have  both the latest security fixes AND the latest bug fixes/new features. This would be used by people who prefer simply to "get the latest update", trusting that all should go well.

I have a blog post I did with more detail:



This would be WIN - WIN
Vote by Peter F.
31427 | September 27, 2019 05:33:27 PM GMT
I like this idea a lot!
Vote by Dave C.
31435 | September 27, 2019 07:20:07 PM GMT
Vote by Don W.
31436 | September 27, 2019 07:54:56 PM GMT
Vote by Emanuele C.
31510 | October 01, 2019 02:49:34 PM GMT
I would very much like to be able to get security fixes promptly without the language and features of the product changing as well.
Vote by Colby A.
31549 | October 04, 2019 05:40:40 PM GMT
Just a minor grammatical revision to the above. The first bullet item should have read (slight change in wording in parentheses): - one would have JUST the latest security fixes (AND it it would have any bug fixes/new features from the PREVIOUS update)....
Comment by Charlie A.
31548 | October 04, 2019 05:53:47 PM GMT
Totally agreed.
Vote by Leon O.
31579 | October 10, 2019 01:47:13 AM GMT
Charlie - we are discussing this internally (again) and will keep you guys posted . BTW - All the issues reported as of this week on update  has  been fixed , tested in some cases by customers . We shall be releasing a patch very soon , just FYI . 
Comment by Suresh J.
31591 | October 11, 2019 06:59:17 PM GMT
Great to hear, ob both points. As for that other patch, I do hope then you will do a post on it, like Saurav did on the connector update. It was very helpful to have that one, authoritative post (and its download links) to point to, rather than telling people "email to ask for the patch for the bug report xxx".
Comment by Charlie A.
31592 | October 11, 2019 07:56:47 PM GMT
This has my vote.
Vote by Michael C.
31728 | October 28, 2019 04:10:13 PM GMT
Suresh (or anyone at Adobe), might you have any news on the broader issue brought up here? I do realize that the bugs that prompted it were fixed in the Nov update. But what about the idea to offer a way to split off the security updates from the rest, in the way I proposed above (that keeps people still getting both security updates and the rest, though in a staggered flow if desired).
Comment by Charlie A.
32056 | January 14, 2020 11:40:45 PM GMT