ColdFusion Security Hotfix APSB12-21 and Transfer ORM/Javaloader

[Dave]

I noticed that Adobe has released a hotfix ( http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb12-21.html ) that:

"This Hot fix allows you to add getPageContext method in SandBox. For securing your applications, you should update ColdFusion sandbox to include this method to the list of disabled functions."

I notice that TransferORM uses getPageContext in the Javaloader in  "arguments.parentClassLoader = getPageContext().getClass().getClassLoader();"

So my questions are:

1. Does anyone know what this hot-fix actually addresses, and if we really need to apply it?

2. Can the Javaloader be re-factored to not need getPageContext().

Dave

[Mark Mandel]

Looking at it, the hotfix doesn't force you to lock down getPageContext(), so what happens if you do apply the hotfix, does it break anything?

Mark

Dave

--
Before posting questions to the group please read:
http://groups.google.com/group/transfer-dev/web/how-to-ask-support-questions-on-transfer
 
Try out the new Transfer ORM Custom Google Search:
http://www.google.com/cse/home?cx=002375903941309441958:2s7wbd5ocb8
 
You received this message because you are subscribed to the Google Groups "transfer-dev" group.
To post to this group, send email to transf...@googlegroups.com
To unsubscribe from this group, send email to transfer-dev...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/transfer-dev?hl=en

--
E: mark....@gmail.com
T: http://www.twitter.com/neurotic
W: www.compoundtheory.com

2 Devs from Down Under Podcast

http://www.2ddu.com/