ColdFusion (2018 release) Performance Monitoring Toolset Update 5 (release date, 10 May, 2022) addresses vulnerabilities that are mentioned in APSB22-22.
The Log4j libraries have been upgraded to ver 2.17.2.
Bugs fixed in this update
Bug ID |
Description |
Component |
CF-4212628 |
In Performance Monitoring Toolset 2018, after applying the update, the older log4j jars were not getting removed. |
PMT installer
|
Prerequisites
Note: On 64-bit computers, use 64-bit JRE for 64-bit Performance Monitoring Toolset.
If the Performance Monitoring Toolset server is behind a proxy, specify the proxy settings for the server to get the update notification and download the updates. Specify proxy settings using the system properties below in the jvm.config, or provide the proxy settings in Performance Monitoring Toolset dashboard (Settings > Updates > Settings)
- http.proxyHost
- http.proxyPort
- http.proxyUser
- http.proxyPassword
Installation
Note: In Performance Monitoring Toolset, on Windows, the Datastore must be stopped manually before installing or uninstalling the update and then manually restarted afterwards.
For non-Wondows, the update can be installed through the PMT dashboard or command-line.
If you get the following error when installing the update using the Download or Download and Install option, ensure that the folder {pmt_install_home}/hf-updates has write permission: "Error occurred while installing PMT update. Please try again."
The backup is located at {pmt_install_home}/hf-updates/hf-2018-00005-329998/backup.
Installing the update manually
- Click the link to download the JAR. The MD5 checksum is: 23fe82af338d176a180f60a43442e92e
- Execute the following command on the downloaded JAR. You must have privileges to start or stop Performance Monitoring Toolset and Datastore services.
Windows: <pmt_install_home>/jre/bin/java.exe -jar <jar-file-dir>/hotfix-005-329998.jar
Linux-based platforms: <pmt_install_home>/jre/bin/java -jar <jar-file-dir>/hotfix-005-329998.jar
Ensure that the JRE bundled with Performance Monitoring Toolset is used for executing the downloaded JAR.
Install the update from a user account that has permissions to restart Performance Monitoring Toolset and Datastore services.
Post installation
Note: Windows only.
After installation, update the jvm.config file with the following change. Rename:
Dlog4j.configurationFile="file://C:\pmt_home\config\log4j2.xml" to -Dlog4j.configurationFile=file:///C:\pmt_home\config\log4j2.xml
After applying this update, the ColdFusion Performance Monitoring Toolset build number should be 2018,0,05,329998.
Uninstallation
Before uninstalling on Windows, stop the Datastore service.
To uninstall the update, perform one of the following:
- In Performance Monitoring Toolset Dashboard, click Uninstall in Settings > Updates > Installed Updates.
- Run the uninstaller for the update from the command prompt. For example, java -jar {pmt_install_home}/hf-updates/hf-2018-00005-329998/uninstall/uninstaller.jar