Seth, given the issue is cfftp and sftp--and since the failure arose on your update of cf--there was indeed a change in October regarding sftp, in cf2021 update 17 and cf2023 update 11.    You say you were on cf2021 update 11 (which is from Oct 2023, btw) and per the technote for update 17, there was mention in the bug fixes section of a change to sftp which called for some to need to add either or both of a pair of jvm args to the startup of cf, to maintain backward compatibility:   -Dcoldfusion.sftp.fingerprint=md5 -Dcoldfusion.sftp.enable-ssh-rsa=TRUE   I'd recommend you try at least the second. And I realize that your error message might make it seem this is NOT the solution. If you're game to give it a try, let us know how it goes.    Of course, changing the jvm args is something to be very careful about. You can use the cf admin "java and jvm" page and its java args box--but these are to be added to that long list of them (like at the end), but NOT ON A NEW LINE. If you get this wrong, cf won't start.   Indeed, as you may know, that page changes the underlying jvm.config file, in cfusion/bin (or [instancename]/bin. You should make a backup of that first. You can also just edit it directly, and its args line.    Finally, I was thrown by your original note saying you "have a scheduled task that uses certificate file to connect". I didn't see that being about sftp. Perhaps Dave felt the same, thus his suggestion about the cert for a cfhttp or similar calls: as you may know, scheduled tasks run like a cfhttp.   Again, though, since you feel this failed upon updating cf (alone, right?), that suggests this other matter. Let us know how it goes. It's something I've long been wanting to explore more to understand it better, but for now I wanted to propose at least this for you.  ... View more

To be clear, you installed the lockdown TOOL, which is what caused your trouble. The lockdown GUIDE would walk you through doing the process manually.   Sadly, since the introduction of that tool with cf2018, the guide was modified to mostly presume you were also using the tool. Some content was removed as seeming therefore to be redundant. But not everyone wants to (or should) run the tool.   As bkbk noted, the docs for the TOOL may be better for solving problems using it. Honestly, I tell anyone running it to be sure to have a backup or VM snapshot before running the tool. It is so invasive that some even find the locked-down configuration too difficult to work with. (There's always a tension between security and convenience/familiarity.) Ande  while the tool has an uninstall feature, sometimes it fails to revert things entirely.   Have you tried it yet? Or maybe you did such a manual reversion of a backup or snapshot (good for you anticipating that need), and now you just want to do lockdown by hand.   The lockdown guides bkbk pointed to will be your best current resource. You may want to also checkout the cf2016 version of the guide to supplement it. It and other versions are here: https://cfdocs.org/security ... View more

Ah, ok. I understand your need now. You want to be able to dynamically execute the CFML which is held in the database column. Sorry, I didn't connect that dot (since your original post referred to cfsavecontent, and it used a "vdata" variable you'd not defined for us). I gather now that's the name of the variable holding the "cfml" that you obtained from the database record. Is that right?   So first, putting that inside a cfsavecontent and using cfoutput around it was not going to execute that CFML. And some people might propose that the CFML "evaluate" function could be used for this, but no: that doesn't evaluate CFML but rather only CFML expressions. It would fail on trying to render the cfoutput within the a href tag, etc. within your opening code fragment.   As i said originally, many will argue against trying to support such dynamic data--partly because it's hard to execute. But it can be done. One way is to write that CFML (that vdata variable of yours) to a file and then CFINCLUDE that file (and then delete it). I offer here an example that demonstrates it, with comments to address some subtleties about it. (and of course it could be done in cfscript for those who prefer that. I stuck with tags as  Paul shows using them): <!--- - First, simulate a query with a column that holds cfml to be executed later. - Because that column's content is placed here, the pound signs must be escaped. - That would not be needed for a real db record being read in via cfquery, etc. ---> <cfset codeQ=querynew([{vdata:"<cfset name='bob'>This is formatted output: <b><cfoutput>##name##</cfoutput></b>"}])> <cfdump var="#codeQ#"> <!--- create a temp file name and its path (need them separate, for later)---> <cfset tempfilename="savedcode#createuuid()#.cfm"> <cfset tempfile=expandpath(tempfilename)> <!--- write the code from the query column into the temp file, using full path ---> <cffile action="write" output="#codeQ.vdata#" file="#tempfile#" > <!--- include the file just written, noting that it does not allow full path---> This shows the resulting evaluated CFML/HTML to be rendered on-screen:<br> <cfinclude template="#tempfilename#"> <!--- this causes the resulting evaluated CFML/HTML to be sent in an email ---> <cfmail to="whoever" from="whoever" subject="whatever" server="wherever"> <cfinclude template="#tempfilename#"> </cfmail> <!--- delete the temp file after use, after waiting a second for CF to release its hold---> <cfset sleep(1000)> <cffile action="delete" file="#tempfile#" >   Let us know if that might help get you going. Or perhaps my comment may spark ideas from others. ... View more