• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Log4j vulnerability on CF 2016

New Here ,
Dec 26, 2021 Dec 26, 2021

Copy link to clipboard

Copied

we are using CF2016 which uses log4j 1.2.15 and 1.2.17 versions.  I would like to confirm whether the upgrade of Log4j jar to 2.17 version is still required. Also if we upgrade the jar file to 2.17 will that be compatible with CF2016. 

Views

194

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Dec 27, 2021 Dec 27, 2021

Copy link to clipboard

Copied

No, I don't think you have to upgrade from log4j 1.2.x to log4j 2.17. The upgrade to log4j 2.17 is intended for log4j versions 2.x, where x ranges from 9 to 16.

 

But you don't have to take my word for it. To set your mind at ease, go to the following page and scroll to the section on ColdFusion 2016: https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html. There you will read, "ColdFusion (2016 release) ships with Log4j 1.2, which is not impacted." 🙂

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Dec 29, 2021 Dec 29, 2021

Copy link to clipboard

Copied

This is fine and good, but network scanners are now detecting Log4j 1.x as vulnerable, requiring an update to Log4j 2.17 or newer. Is there anything that can be done with ColdFusion 2016?....

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Dec 29, 2021 Dec 29, 2021

Copy link to clipboard

Copied

Mail your question to Adobe: cfinstal|at|adobe.com

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Dec 30, 2021 Dec 30, 2021

Copy link to clipboard

Copied

Yeah....I did and was told that there is no longer support for ColdFusion 2016. While I understand, at the same time, it's greatly frustrating....

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Dec 31, 2021 Dec 31, 2021

Copy link to clipboard

Copied

quote

Yeah....I did and was told that there is no longer support for ColdFusion 2016. While I understand, at the same time, it's greatly frustrating....


By @neowire

I can understand your frustration. 

Anyway, there is a point to be made here. As you're concerned about security, you should upgrade to a supported ColdFusion version. If you continue using an unsupported version (CF2016), you will be responsible for any security problems that emerge.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Explorer ,
Jan 04, 2022 Jan 04, 2022

Copy link to clipboard

Copied

LATEST

I am doing what I can to move on to a supported version....I am not in charge of funds and there are numerous roadblocks in approval processes for installing software in the environment that I am in....Otherwise, we already would be there....

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation