tracker issue : CF-4198855

select a category, or use search below
(searches all categories and all time range)

cfquery sandbox security issue after CF2016 update 4

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/Fixed

Reporter/Name(from Bugbase): Cody W / Cody W ()

Created: 06/13/2017

Components: Database

Versions: 2016

Failure Type: Non Functioning

Found In Build/Fixed In Build: 2016,0,04,302561 / HF5

Priority/Frequency: Major / Most users will encounter

Locale/System: ALL / Win 2012 Server x64

Vote Count: 1

Listed in the version 2016.0.05.303689 Issues Fixed doc
Problem Description:
After applying update 4 to ColdFusion 2016, cfquery requests result in the following.

Access denied ("" "C:\ColdFusion2016\cfusion\wwwroot\WEB-INF\classes\macromedia\sqlserverutil\" "read")

Steps to Reproduce:
Apply sandbox security to site
Update to ColdFusion 2016 update 4
try a cfquery or cfstoredproc

Actual Result:

Access denied ("" "C:\ColdFusion2016\cfusion\wwwroot\WEB-INF\classes\macromedia\sqlserverutil\" "read")

Expected Result:

successful query

Any Workarounds:
add "C:\ColdFusion2016\cfusion\wwwroot\WEB-INF\classes\macromedia\sqlserverutil\" to sandbox



The fix is verified and will be available in the upcoming ColdFusion update.
Comment by S P.
580 | August 29, 2017 09:17:20 AM GMT
Is this issue actually fixed in HF5? I'm encountering a similar issue with CF2016 HF5 while using MySQL and Oracle datasources, see post at:
Comment by Chris D.
581 | December 15, 2017 07:34:05 PM GMT
Vote by Chris D.
583 | December 15, 2017 07:34:16 PM GMT
Hi Chris, The fix that was part of this bug was specific for a MS SQL DB. We have logged another bug which will be fixing the issues for other DBs as well. Please track the issue as a part of the following ticket: #CF-4201015. Thanks!
Comment by S P.
582 | February 05, 2018 05:48:46 AM GMT