Add Testbox runner to sensitive paths in production profile

Description

When CommandBox is in production profile and has web.blockSensitivePaths enabled, also block these

/tests/runner.cfm
/testbox/system/runners/HTMLRunner.cfm

as those paths can be exploitable in older versions of TestBox and should not be visible on a server installation. The web.blockSensitivePaths setting is on by default even for development profile, but these paths will only be blocked if blockSensitivePaths is enabled AND the profile is production.

Activity

Show:

Fixed

Pinned fields

Click on the next to a field label to start pinning.

Details
Assignee
Brad Wood
Reporter
Brad Wood
Fix versions
5.2.1
Priority
Major

Sentry

Created November 30, 2020 at 8:30 PM

Updated December 16, 2020 at 6:06 AM

Resolved November 30, 2020 at 8:31 PM

Add Testbox runner to sensitive paths in production profile

Description

Activity

Details
Assignee
Brad Wood
Reporter
Brad Wood
Fix versions
5.2.1
Priority
Major

Details

Assignee

Reporter

Fix versions

Priority

Sentry

Sentry

Flag notifications

Something's gone wrong

Something's gone wrong

Add Testbox runner to sensitive paths in production profile

Description

Activity

DetailsAssigneeBrad WoodBrad WoodReporterBrad WoodBrad WoodFix versions5.2.1PriorityMajor

Details

Assignee

Reporter

Fix versions

Priority

Sentry Linked Issues

Sentry

Flag notifications

Something's gone wrong

Something's gone wrong

Details
Assignee
Brad Wood
Reporter
Brad Wood
Fix versions
5.2.1
Priority
Major

Sentry