Category Selected:

news

Blog

Luis Majano

September 02, 2021

Spread the word


Share your thoughts

We are incredibly excited to release cbSecurity version 2.13.0 today. This release packs a big punch in terms of features for our JWT support for RESTFul APIs. We are excited to announce full refresh token support and much more.

# Install
install cbsecurity

# Update
update cbsecurity

Refresh Tokens

ColdBox Security supports the concept of refresh tokens alongside the normal JWT access tokens.

What Is a Refresh Token?

A refresh token is a credential artifact that lets a client application get new access tokens without having to ask the user to log in again. Access tokens may be valid for a short amount of time. Once they expire, client applications can use a refresh token to "refresh" the access token.

The client application can get a new access token as long as the refresh token is valid and unexpired. Consequently, a refresh token that has a very long lifespan could theoretically give infinite power to the token bearer to get a new access token to access protected resources anytime. The bearer of the refresh token could be a legitimate user or a malicious user.

You can read all about how we implemented refresh tokens for ColdBox security here: https://coldbox-security.ortusbooks.com/jwt/refresh-tokens

What's New With 2.13.0

Added

  • Adobe 2021 Support
  • Migration to GitHub Actions from Travis CI
  • Refresh tokens support
  • Refresh token endpoint /cbsecurity/refreshToken for secure refresh token generation
  • Manual refresh token method on the JwtService : refreshToken( token )
  • Auto refresh token header interceptions for JWT validators
  • Detect on authenticate() if the payload is empty and throw the appropriate exceptions
  • Added ability for the authenticate( payload ) to receive a payload to authenticate
  • Added ability to recreate the token storage using a force argument getTokenStorage( force = false )
  • Ability for the parseToken() to choose to store and authenticate or just parse

Fixed

  • Unique jti could have collisions if tokens created at the same time, add randomness to it
  • TokenExpirationException not relayed from the base jwt library
  • If variables.settings.jwt.tokenStorage.enabled is disabled all invalidations failed, make sure if the storage is disabled to not throw storage exceptions.

CommandBox-CFConfig 1.6.0 Released!

Brad Wood |  August 05, 2021

Hot on the heels of our previous announcement of big new CFConfig features, we've got another release to let you know about!  This release should all be completely backwards compatible, but we’ve added a bunch of new behaviors so please report any issues you may have.  This release was all about relieving the pain of Lucee developers dealing with the duality of their server and web context.  Some config has to go in the server admin and some config has to go in the web admin.  CFConfig previously would only automatically import config into the server context which left you with a manual task to get your web config imported.  

Read More

CFConfig 1.4.0 released!

Brad Wood |  July 13, 2021

Today we've released a new version of CFConfig-- your friendly neighborhood CLI for configuring Adobe and Lucee servers.  CFConfig sees a lot of little releases that we don't announce, but they are usually very small little releases adding a single setting here or there.  Today's release has a nice collection of brand new features that seemed worth talking about.

Read More

ColdBox 6.5.0 Released

Luis Majano |  July 09, 2021

Today we are excited to release ColdBox v6.5.0 and its standalone companion libraries: CacheBox, LogBox and WireBox. This release has focused on stability and making sure all bugs are addressed especially when using our schedulers and asynchronous processes.

Read More

TestBox v4.4 Released!

Luis Majano |  June 16, 2021

We are excited to announce a major version release of TestBox version 4.4.0. To install just use CommandBox: install testbox --saveDev or to update your TestBox installation update testbox. So let's explore this release!

Read More

TestBox v4.3 Released!

Luis Majano |  May 24, 2021

We are excited to announce a major version release of [TestBox](/products/testbox) version 4.0.0. To install just use CommandBox: `install testbox --saveDev` or to update your TestBox installation `update testbox`. So let's explore this release!
Read More

CommandBox 5.3.1 Released

Brad Wood |  May 18, 2021

We've released a small update to our recent CommandBox 5.3.0 release.  This contains fixes for a handful of regressions as well as a couple new features.  You can access the new version on our Download page, our deb/rpm repos, or Homebrew.  

And of course, you can find the latest docs  and release notes here:

https://commandbox.ortusbooks.com/

Read More

Brad Wood

May 13, 2021

Spread the word


Share your thoughts

Our friends at TeraTech help put together a comprehensive survey of the entire CFML community to get a feel for how it's evolving, what new technologies are getting picked up, and what the current pain points are.  We use this data at Ortus to help us decide what CF engines to support and how to help the community.

Here's an example question from the survey that tracks the most popular versions of Adobe ColdFusion and Lucee Server:

https://teratech.com/state-of-the-cf-union-2021-survey

If you haven't taken the State of the CF Union 2021 Survey yet, please do so and pass it on to all your coworkers and friends who may not be on social media themselves.  The more responses we get, the better data we have.  And make sure you remember to check all the Ortus products you are using while you're taking it!

New Object-Oriented Programming Series to Debut on CFCasts

Paulina Lainez |  April 29, 2021

This week we debuted our first-ever Object-Oriented Programming Series in our CFML learning platform, CFCasts.

Read More

CommandBox 5.3.0 Released

Brad Wood |  April 28, 2021

We are pleased to announce the general availability of our latest CommandBox CLI release. This is a minor release that's full of bug fixes and enhancements.  It should be backwards compatible (with one caveat below) and you can upgrade any previous version of CommandBox in-place to the latest release.

Read More