Stop API Manager service.
Last updated on
Dec 17, 2021
ColdFusion API Manager 2021, 2018, and 2016 hotfixes (17 December, 2021) address vulnerabilities that are mentioned in CVE-2021-44228 and CVE-2021-45046.
After applying the update, all log 4j 2.x-related jars will be upgraded to version 2.16.0.
If you had applied the mitigation steps in Log4j vulnerability on ColdFusion, we still strongly recommend that you apply this fix.
Installation
Follow the steps below to replace the jars: