The Ortus BlogBox

"Ortus: A rise, beginning, coming into being, born, the origin!"

 

 

Category Filtering: 'coldbox-mvc'

 

cbSecurity 2.4 Released

Luis Majano
Apr 02, 2020

 

We are excited to bring you another release for cbSecurity v2.4. This update gives you access to our cross site request forgery module: cbcsrf, which will enhance your securing abilities.

# Install
install cbsecurity

# Update
update cbsecurity

What's New With 2.4.0

This release adds the inclusion of the Cross Site Request Forgery module into cbsecurity: cbcsrf. You can find all the details about this module here: https://github.com/coldbox-modules/cbcsrf. Below are the major features of this module:

Features

  • Ability to generate security tokens based on your session
  • Automatic token rotation when leveraging cbauth login and logout operations
  • Ability to on-demand rotate all security tokens for specific users
  • Leverages cbStorages to store your tokens in CacheBox, which can be easily distributed and clustered
  • Ability to create multiple tokens via unique reference keys
  • Auto-verification interceptor that will verify all non-GET operations to ensure a security token is passed via rc or headers
  • Auto-sensing of integration testing so the verifier can allow testing calls
  • Token automatic rotation on specific time periods for enhance security
  • Helpers to automatically generate hidden fields for the token
  • Automatic generation endpoint that can be used for Ajax applications to request tokens for users
ColdBox MVC, Modules, News, Releases 0

ColdBox Cross Site Request Forgery Module v2 released

Luis Majano
Apr 02, 2020

 

We are incredibly excited to bring you a major version of our cbcsrf module, so you can protect your ColdBox applications from cross-site request forgery vectors. This is a major overhaul of the module and it will also be part of the cbSecurity module as well.

Installation/Update

install cbcsrf
update cbcsrf

Please note that if you are upgrading from the 1.x series, make sure you read the documentation as all method signatures have been updated.

ColdBox MVC, Modules, News, Releases 0

cbSecurity 2.3 Released

Luis Majano
Mar 30, 2020

 

We are excited to bring you another release for cbSecurity packed with security goodness: version 2.3.0. This version focuses on security contexts from ANY layer of a ColdBox application. It will also enhance your functional skills as well, as it introduces some nice semantics for securing your code.

# Install
# install cbsecurity

# Update
update cbsecurity
ColdBox MVC, Modules, News, Releases 0

ContentBox Docker Image 5.0.0 Released

Luis Majano
Mar 12, 2020

 

ContentBox + Docker



We are pleased to announce a major release of the official ContentBox Docker image. It now ships with the latest CommandBox image as well and sports a much more detailed versioning strategy:

{variant}{contentbox_version}_{image_version}

This will allow you to visualize that each ContentBox version can be paired with new image versions. This will also allow for rollbacks and rolling upgrades if necessary; all following semantic versioning. So let's dig in to this release!

ColdBox MVC, ContentBox CMS, Docker, News, Releases 0

TestBox v3.2.0 Released!

Luis Majano
Feb 27, 2020

 


We are excited to announce a new minor release of TestBox version 3.2.0. To install just use CommandBox: install testbox --saveDev or to update your TestBox installation update testbox. So let's explore this release

What's New With 3.2.0

Bugs

  • [TESTBOX-265] - Code coverage doesn't always capture ending parenthesis
  • [TESTBOX-268] - When the key existed notToHaveKey wasn't failing
  • [TESTBOX-269] - missing raw_trace in simple.cfm
  • [TESTBOX-270] - Lowercase cbstreams for case-sensitive file systems

Improvements

  • [TESTBOX-267] - Moved invoke block from bottom of method into if block for "detect negation" instead of stack overflow errors
  • [TESTBOX-272] - Add formatting config and scripts
ColdBox MVC, ColdFusion, Community, News, Releases, TestBox 0

cbSecurity 2.2 Released

Luis Majano
Feb 13, 2020

 

Today we bring you a minor release for cbSecurity packed with features! Version 2.2 brings a complete overhaul of our jwt library and we have now switched over to the jwtcfml (https://forgebox.io/view/jwt-cfml) library which has given us a huge boost in capabilities especially supporting RS and ES algorithms. Check out their ForgeBox entry page to see all the features we inherit by using it.

We have also focused on improving our JWT and API security on this release, so check out the release notes for all the goodness!

# Install
install cbsecurity

# Update
update cbsecurity
ColdBox MVC, Modules, News, Releases 0

cbValidation 2.x Released

Luis Majano
Feb 13, 2020

 

We are so excited to bring you a major release for cbValidation! cbValidation has been around for quite some time and it was about time to give a major boost in development. We have also completely rewritten the documentation to make it more attractive and user-friendly (https://coldbox-validation.ortusbooks.com/). Enjoy!

# Install
install cbvalidation

# Update
update cbvalidation
ColdBox MVC, Modules, News, Releases 0

Mementifier v2.x Released!

Luis Majano
Feb 13, 2020

 

We are so excited to bring a major version release of our Mementifier Module. For those of you who do not know what Mementifier is, here is a small synopsis.

What is Mementifier?

This module will transform your business objects into native ColdFusion (CFML) data structures with :rocket speed. It will inject itself into ORM objects and/or business objects alike and give them a nice getMemento() function to transform their properties and relationships (state) into a consumable structure or array of structures. It can even detect ORM entities and you don't even have to write the default includes manually, it will auto-detect all properties. No more building transformations by hand! No more inconsistencies! No more repeating yourself! Best of all, it is lightning fast!

ColdBox MVC, Modules, News, Releases 0

Build Secure MVC ColdFusion Applications - PRE CFSummit East 2020 Workshop

Luis Majano
Jan 21, 2020

 

We are excited to bring our training Bootcamp series back to the DC area before CFSummit East on April 20th and April 21st. This training series will be led by Box creator Luis Majano at the Regus Franklin Square 5 minute walk from the conference center. Register as soon as possible as space is very limited!

ColdBox MVC, Community, Events, News, Training 0

ColdBox Security v2.0.0 Released!

Luis Majano
Sep 27, 2019

 

We are so excited to release The ColdBox Security Module version 2.0.0. It has been quite a few years since we did a major version of our security module, but it is worth the wait. It is just easier to say we completely rewrote it in modern CFML and introduced modern Security practices, HMVC security to modules, annotation driven security and JWT token services. Never again write API security, we got you covered! We also completelty rewrote the documentation and now we have yet another awesome security book: https://coldbox-security.ortusbooks.com/

install cbsecurity
update cbsecurity

There are just too many things to talk about in this release, so we will just list out the major features and you can visit our docs for the complete rundown of ColdBox Security 2.0.0.

Introduction

The ColdBox cbsecurity module will enhance your ColdBox applications by providing out of the box security in the form of:

  • A security rule engine for incoming requests
  • Annotation driven security for handlers and actions
  • JWT (Json Web Tokens) generator, decoder and authentication services

Features

  • Ability to have global security rules
  • Ability for modules to add their own security rules and action overrides
  • Ability to distinguish between authentication and authorization issues
  • Annotation driven cascading security for handlers and actions
  • Security rules can exist in:
    • XML File
    • JSON File
    • Database
    • Models
  • The rules can be configured to use regular expressions or simple snippets
  • Can use ColdFusion authentication security
  • Can leverage any custom authentication provider
  • Plug any Authentication service or can leverage cbauth by default
  • Capability to distinguish between invalid authentication and invalid authorization and determine an outcome of the process.
  • Ability to load/unload security rules from contributing modules.
  • Ability for each module to define it's own validator
ColdBox MVC, ColdFusion, Interceptors, News, Releases, Security 0