Access Denied to cfmessage_en_US_.js| View in Tracker
Problem Description: java.security.AccessControlException: access denied ("java.io.FilePermission" "C:\ColdFusion2018\instance1\wwwroot\cf_scripts\scripts\ajax\messages\cfmessage_en_US_.js" "read") at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) at java.base/java.security.AccessController.checkPermission(AccessController.java:897) at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322) at java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:661) at java.base/java.io.File.exists(File.java:815) at coldfusion.tagext.html.ajax.AjaxRBFileMap.fileExists(AjaxRBFileMap.java:121)... This appears to be related to bugs CF-3040718 and CF-4068290 The website is hosted with IIS on Windows 2019. The website directory is in a ColdFusion Sandbox. <CFExecute>, <CreateObject(.NET)>, <CreateObject(COBRA)> are disabled. It has full access to it root and children folders. The code line it appears to not like is: <cfajaximport tags="cfwindow, cfform, cftextarea, cffileupload, cfinput-datefield"> Steps to Reproduce: For unknown reasons, ColdFusion stopped serving the internal CF Admin page on port 8501 and started throwing 500 errors on the IIS website: Mar 12, 2020 18:37:25 PM Error [ajp-nio-8012-exec-17] - '' The specific sequence of files included or processed is: D:\Websites\mywebsite\www\index.cfm'' I did note that around the time this started happening, an error was found in the coldfusion-out log for what appears to be <cflog> using the wrong default log path. The drive is D: and not C: Mar 12, 2020 15:08:03 PM Error [ajp-nio-8012-exec-13] - access denied (""java.io.FilePermission"" ""C:\ColdFusion2018\instance1\logs\my.log"" ""read"") After a service restart and even a reboot we started receiving this error. It worked fine for about 2-3 week prior with no changes.