The Ortus BlogBox
It's been 4 months since we've had a CommandBox release, but we've actually been quite busy on a number of large improvements that took a while to settle down. Today we are pleased to announce a Release Candidate 5.2.0-RC.1 for you to help test. There's not usually a release candidate for "minor" CommandBox releases, but we've updated a lot of libraries and introduced some pretty big new features so we wanted to have a round of testing and feedback before we cut the final release. There are 46 completed tickets for the 5.2.0 release.
We have pushed a patch release of CommandBox 5.1.1 which is a small addition to the recent 5.1.0 release. This release was primarily to address a regression in 5.1.0 affecting Mac OS users who tried to start Lucee servers. If you see an error similar to this on a Lucee server and you're running a Mac and CommandBox 5.1.0, then this release will fix it for you.
lucee.runtime.exp.NativeException: mac os x is not a supported OS platform.
If you are upgrading from CommandBox 5.1.0, there are only a handful of tickets which are listed below. If you are updating from an earlier version of CommandBox, please check out our 5.0.0 and 5.1.0 release blogs.
We are pleased to announce the release of CommandBox 5.1.0. This is a minor release of your favoriate CLI and package manager and contains 37 completed tickets including many bug fixes and some sweet new features.
You can download the latest release from our download page:
And you can check out the latest version of the docs here:
We are excited to announce a major version release of [TestBox](/products/testbox) version 4.0.0. To install just use CommandBox: `install testbox --saveDev` or to update your TestBox installation `update testbox`. So let's explore this release!
We are so excited to bring you the first public beta of the next generation of ColdBox HMVC , version 6.0. This version has been in development for quite some time now and it is introducing some revolutionary new programming techniques for ColdFusion (CFML) developers. This major bump is a huge leap into modern programming and breaksthrough to the next generation of apps we are building at Ortus. Enjoy!
We are excited to bring you another release for cbSecurity v2.4. This update gives you access to our cross site request forgery module:
cbcsrf, which will enhance your securing abilities.
# Install install cbsecurity # Update update cbsecurity
This release adds the inclusion of the Cross Site Request Forgery module into cbsecurity: cbcsrf. You can find all the details about this module here: https://github.com/coldbox-modules/cbcsrf. Below are the major features of this module:
- Ability to generate security tokens based on your session
- Automatic token rotation when leveraging cbauth login and logout operations
- Ability to on-demand rotate all security tokens for specific users
- Leverages cbStorages to store your tokens in CacheBox, which can be easily distributed and clustered
- Ability to create multiple tokens via unique reference keys
- Auto-verification interceptor that will verify all non-GET operations to ensure a security token is passed via rc or headers
- Auto-sensing of integration testing so the verifier can allow testing calls
- Token automatic rotation on specific time periods for enhance security
- Helpers to automatically generate hidden fields for the token
- Automatic generation endpoint that can be used for Ajax applications to request tokens for users
We are incredibly excited to bring you a major version of our
cbcsrf module, so you can protect your ColdBox applications from cross-site request forgery vectors. This is a major overhaul of the module and it will also be part of the
cbSecurity module as well.
install cbcsrf update cbcsrf
Please note that if you are upgrading from the 1.x series, make sure you read the documentation as all method signatures have been updated.