Hey all, I just installed update 14 on ACF 2018 (l...
# adobem
malllory.woods
05/13/2022, 10:33 PMHey all, I just installed update 14 on ACF 2018 (linux) and when trying to get to the admin page I'm getting an error that the Monitoring server is not avlabile its giving me an error on line 114 of the /CFIDE/administrator/index,cfm page
malllory.woods
05/13/2022, 10:37 PMOddly, CF service is up running and serving pages but the admin is not up and running
malllory.woods
05/13/2022, 11:01 PMLogs : May 13, 2022 182526 PM Information [main] - Starting Monitoring...
May 13, 2022 182527 PM Error [main] - Unable to initialise Monitoring service:
java.lang.NoSuchMethodError: org.apache.log4j.helpers.OptionConverter.convertLe
vel(Ljava/lang/String;Lorg/apache/logging/log4j/Level;)Lorg/apache/logging/log4j
/Level;
May 13, 2022 182527 PM Information [main] - Starting PDFG...
May 13, 2022 182527 PM Information [main] - Starting WebSocket...
May 13, 2022 182528 PM Information [main] - WebSocket server listens on port:
8581
May 13, 2022 182528 PM Information [main] - ColdFusion started
May 13, 2022 182528 PM Information [main] - ColdFusion: application services a
re now available
05/13 182528 INFO Macromedia Flex Build: 87315.134646
May 13, 2022 182531 PM Error [Thread-15] - Registration error for service mana
ger : .http://127.0.0.1:8991/PDFgServlet/.Reason: NOT FOUND
May 13, 2022 182628 PM Error [http-nio-8500-exec-1] - The Monitoring service i
s not available.This exception is usually caused by service startup failure. Che
ck your server configuration. The specific sequence of files included or process
ed is: /data/coldfusion2018/cfusion/wwwroot/CFIDE/administrator/index.cfm, line:
114
May 13, 2022 182755 PM Error [http-nio-8500-exec-4] - The Monitoring service i
malllory.woods
05/13/2022, 11:02 PMAgain, its serving pages but I can't get into the Admin pages. I did install this from the command line not from within the GUI -- Any Suggestions are welcome
b
bdw429s
05/14/2022, 3:52 AMLooks like a log4j bug. I'd put in a ticket with the full details.
d
Dave Merrill
05/14/2022, 11:39 AM@malllory.woods Is this a new-from-scratch install, or did you just install 14 on an existing and previously working 2018 instance?
m
malllory.woods
05/14/2022, 2:39 PMThis is an existing install. Update 13 had been applied before this. I also have opened a case with support. I'm going to include the log of the update which has two failures in the install
d
Dave Merrill
05/16/2022, 1:21 PMHas anyone else installed update 14 for cf 2018?
Any issues?
m
malllory.woods
05/17/2022, 12:34 PMUpdating this thread - So I have noted my email about the issues however, the security team as notified me that the issue with log4j is still there. They mention that " Nessus is still detecting the 1.x version in the following locations:
_*Path : /data/coldfusion2018/cfusion/lib/cf-logging.jar Version : 1.2.15 Path : /data/coldfusion2018/cfusion/wwwroot/WEB-INF/lib/log4j-1.2.15.jar Version : 1.2.15*_" is anyone else experiencing this?
b
bdw429s
05/17/2022, 6:04 PM@Mark Takata (Adobe) has raised a couple of similar issues. Mark, can you confirm if this particular Log4j 1.x jar is a known issue?
😱 1
m
Mark Takata (Adobe)
05/17/2022, 7:41 PMI believe @priyank_adobe has a couple of these tickets active. It seems like it is still appearing in some places? There seem to be two issues here, the admin not coming up + log4j still being detected. Mallory have you emailed support regarding this yet?
m
malllory.woods
05/17/2022, 7:48 PMYes I have. I am currently talking to support about this issue. They asked for a copy of the scans which I provided. I was told that this has been escalated to the devs to look at.
m
Mark Takata (Adobe)
05/17/2022, 9:08 PMOK, good. Hopefully they get you an answer soon.
t
Tyler Clendenin
05/30/2022, 6:25 PMany word on this, I am also getting these files showing on scans
m
malllory.woods
05/30/2022, 6:27 PMNothing as of last week. I asked for an update on my ticket and was told nothing has been updated yet
t
Tyler Clendenin
05/31/2022, 3:07 PMlink to your ticket so i can vote on it?
p
priyank_adobe
05/31/2022, 3:08 PM@malllory.woods Let's connect today, let me take a look into your issue.
m
malllory.woods
05/31/2022, 3:10 PM@Tyler Clendenin - https://tracker.adobe.com/#/view/CF-4213446 Thanks
malllory.woods
05/31/2022, 3:10 PM@priyank_adobe Thanks, I have a few holes in my schedule at 12pm est if that's good for you
t
Tyler Clendenin
05/31/2022, 3:11 PMoh, my issue is the nesus scan finding log4j as cf-logging.jar
m
malllory.woods
05/31/2022, 3:13 PM@Tyler Clendenin - Ah, I have send a one on one email to CF support on this. I didn't create a tracker issue. Sorry about that. If you have one open I'll happily vote for that. I will also report back here to you if I get some insight on this too
t
Tyler Clendenin
05/31/2022, 3:14 PMp
priyank_adobe
05/31/2022, 3:15 PM@Tyler Clendenin I understand that it is flagging the issue in your scanner however, it is not vulnerable and we have removed all the vulnerable classes from there. The reason, we couldn't remove it because it was breaking a lot of backward compatibility.
m
malllory.woods
05/31/2022, 3:15 PMThanks done and done! I'll also watch these to see if anything comes up.
p
priyank_adobe
05/31/2022, 3:16 PMI think, I can do it
t
Tyler Clendenin
05/31/2022, 3:16 PM@priyank_adobe ok, is there an official place you can point to that says as such so I can show it to the powers that be?
p
priyank_adobe
05/31/2022, 3:16 PMI will share the Teams link, pls check the DM.
t
Tyler Clendenin
06/01/2022, 2:44 PM@priyank_adobe? is there some official place, even adobe blog/tweet with your explanation above re: cf-logging.jar
p
priyank_adobe
06/01/2022, 3:01 PMIt is not there in any official document.
2 Views