Just want to bitch a second. I just set up two new CF2021 servers, our first, will be the next gen of the public and dev servers for one of our major apps. Basic install and IIS setup done, I went to update CF to the latest. For some unknown reason, in spite of my horrible history doing it this way, I tried to do the update through the cf admin UI. It failed to be able to stop the service, but somehow still left it throwing a null pointer exception when I restarted in manually and hit cfadmin. I had our devops guys restore the ColdFusion2021 directory from last night's backup, and now cfadmin gives a blank white page. I'll dig around the logs, see if I see anything actionable, maybe restore that whole VM if I don't figure anything else out. Argh. I do not appreciate this, have other stuff to do.

Verify you don't have 2 diff versions of log4j in the lib folder of CF. I ran into this issue after previously updating the JARs from the log4shell troubles manually, and then running the latest update. The manually added files stayed with the latest ones being added and created a conflict.

I know the pain. It absolutely sucks.

@tonyjunkes Bingo! Thank you! There were some 2.13.3 jars and some from 2.17.2. I removed all the 2.13.3 ones, including ones that didn't have a 2.17.2 match, figuring there should just be the full set for one version, and cf admin works again. Now to install this update for real, on the cmd line this time, like I've done for a while because sh!t like this keeps happening doing it in the UI. It's possible more of the update than this got installed, likely even, but the UI says it's back at update 2, where I started this morning, so I think I should probably do the thing. Any other theories?

@priyank_adobe @sandip_halder

The part of updating through the UI that I think is unreliable is stopping and starting the cf service, which in turn may lead to other problems. I'm not 100% certain that's what caused the problem with multiple log4j versions, but I my bet is that the older version's files couldn't be removed by the installer because it ran while the cf service was still running. Installing update 4 worked perfectly from the cmd line, as it always has for me since I started doing updates that way. I did this update on a second 2021 server, on the cmd line, and it too worked perfectly, without the log4j sideshow. Here's the process I use, FWIW: 1. Download the update jar through the UI. It will probably end up in <cfinstallrootdir>\bundles\updateinstallers\. If not, move it there, or adjust these instructions accordingly. 2. Stop all cf services. 3. Copy the cfusion directory somewhere as a backup (optional). 4. Open an admin cmd prompt. ADJUST THE NEXT STEPS TO YOUR ACTUAL PATHS AND HOTFIX FILENAME 5. Type or paste this into that cmd prompt and press enter to run it: <cfinstallrootdir>/jre/bin/java.exe -jar <cfinstallrootdir>\bundles\updateinstallers\hotfix-004-330004.jar 6. When it finishes, you can check the site and cf admin. HOWEVER, the installer will probably have started a new process under your own account, you don't want that, so: 7. In that admin cmd prompt, cd to <cfinstallrootdir>\cfusion\bin, type cfstop, and press enter. 8. Wait for that cmd to complete, then start the Windows Service normally. 9. Test the site and cf admin.

Are you still seeing the blank page?

@sandip_halder Thanks for jumping in, and sorry not to respond, I was away. No blank page after removing the old log4j version files, so this server is all set. It really seems like the updater wasn't able to stop the cf service, for whatever reason, but worse, it continued with the install anyway, making a mess. Installing the update on the cmd line worked perfectly, like it always has for me. I've been doing updates that way for a while, and will continue that way. I tried the UI this time hoping its reliability had improved, but I'm done with that experiment now ;)

Glad to know that it is working now. CF update doesnt remove the log4j files that were manually added. It sometimes also gives a runtime service not available error.