I noticed that Adobe has released a hotfix (
http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb12-21.html ) that:
"This Hot fix allows you to add getPageContext method in SandBox. For securing your applications, you should update ColdFusion sandbox to include this method to the list of disabled functions."
I notice that TransferORM uses getPageContext in the Javaloader in "arguments.parentClassLoader = getPageContext().getClass().getClassLoader();"
So my questions are:
1. Does anyone know what this hot-fix actually addresses, and if we really need to apply it?
2. Can the Javaloader be re-factored to not need getPageContext().
Dave