<@U01EY27APNH> <@U0BJHDX1Q> After applying CF2018 ...
# adober
rstewart
05/10/2022, 9:00 PM@Mark Takata (Adobe) @priyank_adobe After applying CF2018 Update 14 to the first of our dev servers, I still have one older Log4j v1.x file in place (
./cfusion/jetty/lib/ext/log4j-1.2.17.jar➕ 1
rstewart
05/10/2022, 9:02 PM… or @saghosh?
rstewart
05/10/2022, 9:42 PMBox A: CF 2018 update 13:
rstewart
05/10/2022, 9:43 PMBox B: CF 2018 update 14:
rstewart
05/10/2022, 9:45 PMAt least on the surface, it looks like the update did not remove the old versions of the files in that folder. I checked the update log and see the new files being added but no entries related to removal of the old.
FWIW, a co-worker with a CF2021 dev system applied update 4 and does not see this on his. It appears to have cleaned up the old files and he sees the entries in the update log related to the cleanup.
b
bdw429s
05/11/2022, 11:02 PM@rstewart I've noticed the same issue with 2018, except the jar was in the cfusion/lib folder (possibly due to being based on the WAR).
bdw429s
05/11/2022, 11:02 PMNot only did 2018 still have Log4j 1.x, but when I manually deleted those jars, CF refused to start, so it does seem to still be using them
bdw429s
05/11/2022, 11:03 PM Copy code
Error [main] - Unable to initialise Security service: java.lang.NoClassDefFoundError: org/apache/log4j/Logger
Information [main] - Unable to initialise CFStartupServlet:org/apache/log4j/Logger
[ERROR] coldfusion.server.ServiceFactory$ServiceNotAvailableException: The Runtime service is not available.bdw429s
05/11/2022, 11:03 PM@Mark Takata (Adobe) Is this expected?
bdw429s
05/11/2022, 11:03 PMcc/ @priyank_adobe
m
Mark Takata (Adobe)
05/11/2022, 11:56 PMEscalated this. I'm unsure of what is the deal here.
b
bdw429s
05/12/2022, 12:06 AMCool, thanks.
p
priyank_adobe
05/12/2022, 7:36 AM@rstewart Is jetty installed along with CF or have you installed it in a different folder and pointing it to CF Admin?
priyank_adobe
05/12/2022, 7:37 AMI have verified it multiple machines and it is getting updated.
r
rstewart
05/12/2022, 12:40 PMJetty is installed alongside CF. I have not installed it anywhere else or moved it.
rstewart
05/12/2022, 12:42 PMI am glad to provide copies of the logs from applying the update, if that helps, @priyank_adobe?
p
priyank_adobe
05/12/2022, 12:43 PMCan you please send me the logs, DM me and I will share my email with you.
r
rstewart
05/12/2022, 12:59 PM@bdw429s Interesting. Mine is also deployed via WAR against Tomcat. Here are all of the Log4j JAR files in the `cfusion/`directory structure on this box. That sounds like it is different than what you are seeing?
p
priyank_adobe
05/12/2022, 1:00 PMMine is not deployed in Tomcat, it is standalone installation. I will try this and get back to you.
👍🏻 1
b
bdw429s
05/12/2022, 1:02 PMMy jars were in cfusuon/lib directly
bdw429s
05/12/2022, 1:02 PMUsing the war on commandbox/undertow
11 Views