I wanted to highlight a recent project I help a client out with, where we used CFConfig to help automate the process of applying government STIGs to ColdFusion servers.  A STIG, or Security Technical Implementation Guide, is meant to standardize the process of setting up and auditing secure servers.  If you manage servers in a government or corporate setting, you may be familiar with this.  If not, you should still be automating your locks downs anyway, so keep reading.  

We are so excited to release The ColdBox Security Module version 2.0.0. It has been quite a few years since we did a major version of our security module, but it is worth the wait. It is just easier to say we completely rewrote it in modern CFML and introduced modern Security practices, HMVC security to modules, annotation driven security and JWT token services. Never again write API security, we got you covered! We also completelty rewrote the documentation and now we have yet another awesome security book: https://coldbox-security.ortusbooks.com/

install cbsecurity
update cbsecurity

There are just too many things to talk about in this release, so we will just list out the major features and you can visit our docs for the complete rundown of ColdBox Security 2.0.0.

Introduction

The ColdBox cbsecurity module will enhance your ColdBox applications by providing out of the box security in the form of:

• A security rule engine for incoming requests
• Annotation driven security for handlers and actions
• JWT (Json Web Tokens) generator, decoder and authentication services

Features

• Ability to have global security rules
• Ability for modules to add their own security rules and action overrides
• Ability to distinguish between authentication and authorization issues
• Annotation driven cascading security for handlers and actions
• Security rules can exist in:
  • XML File
  • JSON File
  • Database
  • Models
• The rules can be configured to use regular expressions or simple snippets
• Can use ColdFusion authentication security
• Can leverage any custom authentication provider
• Plug any Authentication service or can leverage cbauth by default
• Capability to distinguish between invalid authentication and invalid authorization and determine an outcome of the process.
• Ability to load/unload security rules from contributing modules.
• Ability for each module to define it's own validator

We are very excited to finally update our swagger modules to version 2: swagger-sdk, cbSwagger. This major version has tons of new features and improvements when documenting ColdBox APIs. However, the biggest features are that we now support the latest Open API Spec => v3.0.2 and we can export your documentation in either JSON or YAML. Check out the release notes below to see all the great new improvements.

Read More

ColdBox MVC, ColdFusion, Releases, REST

We are very excited to announce the release of ColdBox version 5.6.0 alongside all the companion standalone libraries: WireBox, LogBox and CacheBox.

What's New With 5.6.0

ColdBox 5.6.0 is a minor version update with lots of fixes, improvements, ...

What's New With v5.5.0

We are very excited to bring you ColdBox Platform v5.5.0! This is a minor release packed with a punch of improvements and some cool new features. The major libraries upgraded are ColdBox MVC and WireBox in this release.

At Ortus Solutions we are known for building open source projects for the ColdFusion (CFML) community such as ColdBox, CommandBox, ContentBox Modular CMS, ForgeBox and many more. All of those products are licensed under the Apache 2 license and are completely FREE to use and extend.

We are pleased to announce the general availability of Quick 2.0.0. It's been a long road with 14 betas(!) and months of testing from dedicated users. The end result is a more refined and performant product. Come check out the headline features.

We are excited to announce the release of TestBox version 3.0.0. To install just use CommandBox: install testbox --saveDev or to update your TestBox installation update testbox. So let's explore this release

What's New With v5.4.0

We are very excited to bring you ColdBox v5.4.0! This should have been a major release on it's own but since we kept compatibility we are labeling it as a minor release. Below are the major areas of improvement and the full release notes. To update your installations just issue the commands below with CommandBox:

• update coldbox - Update ColdBox Platform
• update logbox - Update standalone LogBox
• update wirebox - Update standalone WireBox
• update cachebox - Update standalone CacheBox

Major Areas Of Improvement

Keep reading!

Today we are very excited to bring you the release of our latest Docker container for ContentBox v4.2.1. This is a major re-work of our container images as we now support over 5 different variations of our images, from warmed up servers to alpine versions of ContentBox. We have also added tons of new optimizations and environment variables to control container deployments. Ultimately, we have also updated our images to leverage the latest CommandBox 4.5.0 image!

Learn more about ContentBox at https://www.ortussolutions.com/products/contentbox and more about Docker deployment here: https://contentbox.ortusbooks.com/getting-started/installation/docker

Release Notes

v4.0.0

• Disabled directory browsing for security
• Added docker hostname to Application name in Application.cfc
• Added a rolling file appender for all app logs to go to > /var/log/contentbox.log
• Upgrade to latest CommandBox v4.5.0
• Updated healthchecks to permit load up times and consistency
• No runtime flags where ever being used, revamped it to warmup the server correctly and leverage environment variables for execution
• Removed support for lucee 4.5
• BE env variable was never working so you can test bleeding edge versions of ContentBox