Looking at it, the hotfix doesn't force you to lock down getPageContext(), so what happens if you do apply the hotfix, does it break anything?
Mark On Wed, Sep 12, 2012 at 2:35 PM, Dave <davidame...@gmail.com> wrote: > I noticed that Adobe has released a hotfix ( > http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb12-21.html > ) > that: > > "This Hot fix allows you to add getPageContext method in SandBox. For > securing your applications, you should update ColdFusion sandbox to include > this method to the list of disabled functions." > > I notice that TransferORM uses getPageContext in the Javaloader in > "arguments.parentClassLoader = > getPageContext().getClass().getClassLoader();" > > So my questions are: > 1. Does anyone know what this hot-fix actually addresses, and if we really > need to apply it? > 2. Can the Javaloader be re-factored to not need getPageContext(). > > Dave > > -- > Before posting questions to the group please read: > > http://groups.google.com/group/transfer-dev/web/how-to-ask-support-questions-on-transfer > > Try out the new Transfer ORM Custom Google Search: > http://www.google.com/cse/home?cx=002375903941309441958:2s7wbd5ocb8 > > You received this message because you are subscribed to the Google Groups > "transfer-dev" group. > To post to this group, send email to transfer-dev@googlegroups.com > To unsubscribe from this group, send email to > transfer-dev+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/transfer-dev?hl=en > -- E: mark.man...@gmail.com T: http://www.twitter.com/neurotic W: www.compoundtheory.com 2 Devs from Down Under Podcast http://www.2ddu.com/ -- Before posting questions to the group please read: http://groups.google.com/group/transfer-dev/web/how-to-ask-support-questions-on-transfer Try out the new Transfer ORM Custom Google Search: http://www.google.com/cse/home?cx=002375903941309441958:2s7wbd5ocb8 You received this message because you are subscribed to the Google Groups "transfer-dev" group. To post to this group, send email to transfer-dev@googlegroups.com To unsubscribe from this group, send email to transfer-dev+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/transfer-dev?hl=en
