tracker issue : CF-4126454

select a category, or use search below
(searches all categories and all time range)
Title:

Allowed file extensions for CFInclude tag should be in Secure Profile

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/HaveNewInfo

Reporter/Name(from Bugbase): Peter Freitag / Peter Freitag (Peter Freitag)

Created: 03/09/2016

Components: Security, Secure profile

Versions: 2016

Failure Type: Unspecified

Found In Build/Fixed In Build: Beta2_v12 / 308825

Priority/Frequency: Normal / Unknown

Locale/System: English / Win All

Vote Count: 1

Problem Description: The setting Allowed file extensions for CFInclude tag is not part of the secure profile -- so the default "*" is used. It should be set to cfm when secure profile is enabled.

Steps to Reproduce: Install / enable secure profile

Actual Result: Allowed file extensions for CFInclude tag = *

Expected Result: Allowed file extensions for CFInclude tag = cfm

Any Workarounds: You can manually do it.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	4126454

External Customer Info:
External Company: Foundeo Inc.
External Customer Name: Peter Freitag
External Customer Email: PETE@FOUNDEO.COM
External Test Config:

Attachments:

Comments:

Adding BUG AUDIT TRAIL ********action: updated fieldName: Priority newValue: 2 oldValue: 0 oprid: preethi recordName: RQ_DEFECT timpestamp: 2016-01-18 12:04:06.0 action: updated fieldName: Status newValue: ToFix oldValue: Unverified oprid: preethi recordName: RQ_DEFECT timpestamp: 2016-01-18 12:03:57.0 action: updated fieldName: Reason newValue: Blank oldValue: Blank oprid: preethi recordName: RQ_DEFECT timpestamp: 2016-01-18 12:03:57.0 action: updated fieldName: Owner newValue: sanniset oldValue: preethi oprid: preethi recordName: RQ_DEFECT timpestamp: 2016-01-18 12:03:57.0 action: updated fieldName: Fix By Milestone newValue: Alpha oldValue: Blank oprid: preethi recordName: RQ_DEFECT timpestamp: 2016-01-18 12:03:57.0 action: updated fieldName: Fix By Product Milestone newValue: Alpha oldValue: Blank oprid: preethi recordName: RQ_DEFECT timpestamp: 2016-01-18 12:03:57.0
Comment by CFwatson U.
4077 | March 09, 2016 02:09:21 AM GMT
Added By: PreRelease User User Name:Peter Freitag Note Added: Entered Bug. Date Added :2016-01-14 18:16:18.0
Comment by CFwatson U.
4078 | March 09, 2016 02:09:23 AM GMT
+1 - And ".cfml" too?
Vote by External U.
4080 | May 11, 2016 02:12:09 AM GMT
Hi Adobe, I see the Status/ReasonCode is currently "To Test/Fixed". Will Secure Profile allow only .cfm? Or both .cfm and .cfml? It should allow both? Thanks!, -Aaron
Comment by Aaron N.
4079 | August 04, 2017 07:39:04 AM GMT