Blog

cbSecurity 2.2 Released

Luis Majano February 13, 2020

Spread the word

Luis Majano

February 13, 2020

Spread the word


Share your thoughts

Today we bring you a minor release for cbSecurity packed with features! Version 2.2 brings a complete overhaul of our jwt library and we have now switched over to the jwtcfml (https://forgebox.io/view/jwt-cfml) library which has given us a huge boost in capabilities especially supporting RS and ES algorithms. Check out their ForgeBox entry page to see all the features we inherit by using it.

We have also focused on improving our JWT and API security on this release, so check out the release notes for all the goodness!

# Install
install cbsecurity

# Update
update cbsecurity

Release Notes

  • Feature : Migrated from the jwt to the jwtcfml (https://forgebox.io/view/jwt-cfml) library to expand encoding/decoding capabilities to support RS and ES algorithms:
    • HS256
    • HS384
    • HS512
    • RS256
    • RS384
    • RS512
    • ES256
    • ES384
    • ES512
  • Feature : Added a new convenience method on the JWT Service: isTokenInStorage( token ) to verify if a token still exists in the token storage
  • Feature : If no jwt secret is given in the settings, we will dynamically generate one that will last for the duration of the application scope.
  • Feature : New setting for jwt struct: issuer, you can now set the issuer of tokens string or if not set, then cbSecurity will use the home page URI as the issuer of authority string.
  • Feature : All tokens will be validated that the same iss (Issuer) has granted the token
  • Improve : Ability to have defaults for all JWT settings instead of always typing them in the configs
  • Improve : More cfformating goodness!
  • Bug : Invalidation of tokens was not happening due to not using the actual key for the storage

Add Your Comment

Recent Entries

October is here, and that means Hacktoberfest!

October is here, and that means Hacktoberfest!

Hacktoberfest is here!

Ortus Solutions is built upon Open source with our flagship products all open source, this event holds a special place in our hearts and it’s a great space to show developers how we are modernizing the CFML language. We invite everyone to get involved and contribute to CFML Community Projects, with documentation, code, and new this year, non-code contributions. 

Maria Jose Herrera
Maria Jose Herrera
October 04, 2022
Using CommandBox Docker Images to Perform Bytecode Source Conversions

Using CommandBox Docker Images to Perform Bytecode Source Conversions

There are times when code needs to be shipped in a compiled state. It might be for obfuscation or source protection, it might just because it runs faster that way, without the CFML server needing to compile templates at runtime. It's an excellent use case for production Docker images and code deploy pipelines.

Jon Clausen
Jon Clausen
October 03, 2022
cbElasticsearch 2.3.3 Released

cbElasticsearch 2.3.3 Released

We are pleased to announce the release of cbElasticsearch version 2.3.3. cbElasticsearch is the Elasticsearch module for the Coldbox platform, and provides a fluent CFML API for interacting with, searching, and serializing to Elasticsearch servers.

This release adds full compatibility for Elasticsearch v8.x as well as maintaining support for Elasticsearch versions 6 and 7.

Jon Clausen
Jon Clausen
October 03, 2022