ColdFusion API Manager updates

ColdFusion API Manager 2021, 2018, and 2016 hotfixes (17 December, 2021) address vulnerabilities that are mentioned in CVE-2021-44228 and CVE-2021-45046.

After applying the update, all log 4j 2.x-related jars will be upgraded to version 2.16.0.

If you had applied the mitigation steps in Log4j vulnerability on ColdFusion, we still strongly recommend that you apply this fix.

Installation

Follow the steps below to replace the jars:

  1. Stop API Manager service.

  2. Move the following jars from <apim_root>/lib to any backup location outside the API Manager home. Download the jars from the location below:
    Checksum: a15eb5f22c5e9347bd25eb0903d35930
    • log4j-api-2.3.jar
    • log4j-core-2.3.jar
    • log4j-jul-2.3.jar
    • log4j-nosql-2.2.jar
    • log4j-slf4j-impl-2.3.jar
  3. Copy the jars from the links below into the directory apim_root/lib.

    Nota:

    This step is applicable to API Manager core installed on Windows only.

  4. Back up jvm.config in apim_root/bin.

  5. Change:

    -Dlog4j.configurationFile=file://{apim_home}/conf/log4j2.xml

    to 

    -Dlog4j.configurationFile=file:///{apim_home}/conf/log4j2.xml.

  6. Restart API Manager.

 Adobe

Ottieni supporto in modo più facile e veloce

Nuovo utente?

Adobe MAX 2024

Adobe MAX
La conferenza sulla creatività

14-16 ottobre Miami Beach e online

Adobe MAX

La conferenza sulla creatività

14-16 ottobre Miami Beach e online

Adobe MAX 2024

Adobe MAX
La conferenza sulla creatività

14-16 ottobre Miami Beach e online

Adobe MAX

La conferenza sulla creatività

14-16 ottobre Miami Beach e online