Hey I know this has been discussed to death but I got an official request to find something from Adobe that says they are working on a log4j solution for the 1.x version that still remains. I haven't found anything that says this will be addressed in Update 14. Is there such a thing that is from Adobe that says they are working on it? I was asked to provide this for a report. Does anyone have anything or has there been such a release?

@Mark Takata (Adobe) can hopefully provide an update. The only official responses I can find talk only about the 2.x vulnerability and fixes (and claim 1.x is "not affected" but, as we now know, it has vulnerabilities of its own that do need to be addressed).

Thanks Sean. I'm trying to provide them with an official update as this will be documented in a report.

@malllory.woods Both @Mark Takata (Adobe) and @priyank_adobe have said as much here in Slack, but I'm not aware of any official Adobe doc which promises when the fix will release.

Agreed. I think we are on the right track from what I have gotten in email. Thanks

Here's one https://cfml.slack.com/archives/C06T99N9G/p1648518744593499?thread_ts=1648513205.093659&cid=C06T99N9G

Hi Everyone, please try this.

@priyank_adobe, While I have you hear, will a complete back up of the cfusion directory be the safest way to try this in case it fails and CF won't start?

Nice, is this documented somewhere publicly as a workaround? If not, you should post it in the Adobe CF forum.

@malllory.woods Sure, always take backup before you replace or delete anything from CF directory.

Thank you Priyank for this. I know you and the team have been working hard getting the official stuff together, appreciate you stepping in here! ❤️

I appreciate the update