Welcome to Adobe® ColdFusion® 9.0 Update 2 Release Notes. This Updater release is a follow-up of ColdFusion 9 Update 1 release. However, note that, unlike ColdFusion 9.0 Update 1, ColdFusion 9.0 Update 2 is a full installer. Hence, do not install ColdFusion 9.0.2 alongside an existing ColdFusion 9.0 or ColdFusion 9.0.1 installation.
ColdFusion 9.0.2 update is a summation of ColdFusion 9.0.1, ColdFusion 9.0.1 Cumulative HotFixes 1 & 2, all ColdFusion 9.0.1 Security HotFixes, but without Verity.
The following table provides details of the Updater installation files:
This update implements a new setting in ColdFusion, Post Parameter Limit. This setting curtails the number of parameters in a post request. The default value is 100. If the number of parameters in a Post Request exceeds the specified limit, ColdFusion will not process the request and throws an exception. This ensures protectition against Denial of Service attack using Hash Collision.
This setting is different from Post Size Limit (ColdFusion Administrator > Settings > Maximum size of post data). The setting is not exposed in the ColdFusion Administrator console, but it can be modified in the neo-runtime.xml file.
If you wish to change the Post Parameter Limit setting, go to <ColdFusion_Home>/lib for built-in web server ColdFusion installation or <ColdFusion_Home>/WEB-INF/cfusion/lib for multiserver or J2EE installation. Open file neo-runtime.xml, and add the following line (you can change the default value of 100 to a suitable number):
after, <var name='postSizeLimit'><number>100.0</number></var> line.
Verity has been excluded from ColdFusion 9.0.2 and it is recommended that you use SOLR search engine as a replacement instead. To know more about migrating Verity to SOLR, refer to this blog.