First things first, this is my position (and the one I believe anyone who's not a lunatic should have): "bloody hell no, are you insane?"
But I polled the community yesterday, via Twitter:
Quick #ColdFusion poll: do you ever apply these fixes Adobe releases directly to your production servers without first testing them?
— Adam Cameron (@DAC_dev) October 23, 2014
Here is some feedback that I got:
(Apologies that it's listed in reversed-from-common-sense order: Twitter seems to think we all start reading from the last page of the book and work towards the front, and gives me no control over that).
Pleasingly, most people seem to be of the same opinion as me.
You should never apply a ColdFusion patch (or any other sort of patch, for that matter) to a production server before testing it. Especially in the case of Adobe whose QA is known to be a bit flaky: basically they treat their early adopters as their testers.
If you are in a professional situation, you should have a test environment, or at least an environment you can - when needs must - co-opt for testing. This should - as best as possible - mirror your live environment. If you do not: you are not conducting yourself professionally, IMO.
If for whatever reason you cannot test a patch before applying it, pay careful attention to the community and observe any issues they have reported. As well as observing, also actively asked the community if anyone's had any issues with a given fix. Under no circumstances should you be an "early adopter" in this situation. That would be irresponsible of you.
If it's your own site (your own personal site, not just the company you work for), then do what you want, obviously. But I'd still err on the side of caution when installing updates.
In case you're wondering: my position on Railo updates would be exactly the same.
Anyone else got an opinion to offer, or a case to make?