tracker issue : CF-4207569

Problem Description:

java.security.AccessControlException: access denied ("java.io.FilePermission" "C:\ColdFusion2018\instance1\wwwroot\cf_scripts\scripts\ajax\messages\cfmessage_en_US_.js" "read") at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) at java.base/java.security.AccessController.checkPermission(AccessController.java:897) at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322) at java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:661) at java.base/java.io.File.exists(File.java:815) at coldfusion.tagext.html.ajax.AjaxRBFileMap.fileExists(AjaxRBFileMap.java:121)...

This appears to be related to bugs CF-3040718 and CF-4068290

The website is hosted with IIS on Windows 2019. The website directory is in a ColdFusion Sandbox. <CFExecute>, <CreateObject(.NET)>, <CreateObject(COBRA)> are disabled. It has full access to it root and children folders.

The code line it appears to not like is:
<cfajaximport tags="cfwindow, cfform, cftextarea, cffileupload, cfinput-datefield">


Steps to Reproduce:

For unknown reasons, ColdFusion stopped serving the internal CF Admin page on port 8501 and started throwing 500 errors on the IIS website:
Mar 12, 2020 18:37:25 PM Error [ajp-nio-8012-exec-17] - '' The specific sequence of files included or processed is: D:\Websites\mywebsite\www\index.cfm''

I did note that around the time this started happening, an error was found in the coldfusion-out log for what appears to be <cflog> using the wrong default log path. The drive is D: and not C:

Mar 12, 2020 15:08:03 PM Error [ajp-nio-8012-exec-13] - access denied (""java.io.FilePermission"" ""C:\ColdFusion2018\instance1\logs\my.log"" ""read"")

After a service restart and even a reboot we started receiving this error. It worked fine for about 2-3 week prior with no changes.

Attachments:

Comments: