Update: the Log4J patch has been uploaded (12/17/2021). More information here: https://coldfusion.adobe.com/2021/12/update-coldfusion-security-updates-log4j-vulnerability/

As most of you are aware, the Log4J (aka “Log4Shell”) vulnerability is currently the hot topic of discussion amongst… well, basically everyone.

Adobe engineering & security have been hard at work determining which versions of ColdFusion might be affected and what, if any, workaround/mitigation steps are available.

Please head over here: Log4j vulnerability on ColdFusion (adobe.com) and bookmark the page, as it will be updated if/as things change. This article contains information related to ColdFusion 2021, ColdFusion 2018 as well as ColdFusion 2016. There are also sections concerning the Performance Monitoring Toolset for 2021/2018 and API Manager.

NOTE: As stated in the helpx document, Adobe’s current plan is to release a patch for ACF2021 & ACF2018 on 12/17/2021. In the meantime, please read and utilize the information in the helpx document to help mitigate and/or workaround the vulnerability in your installs.