CBSecurity 3.1 Released

ColdBox MVC, Modules, News, Releases, Security

Luis Majano February 20, 2023

Spread the word

Luis Majano

February 20, 2023

Spread the word

Share your thoughts

We are happy to announce our first minor release for CBSecurity v3.1.0, with some nice updates and a new password generator.

What is CBSecurity

The ColdBox CBSecurity module is a collection of modules to help secure your ColdBox applications. The significant areas of concern are:

A security authentication/authorization firewall which can secure your application based on the following:
- Security rules and a rule engine for validation of incoming events or URL patterns
- Handler and method annotations
A security service can be used to provide user authentication and authorization contexts via a fluent language approach.
A JWT generator, decoder, and authentication services
Cross-Site Request Forgery (CSRF) Protection
An authentication manager which can be plug-and-play with your authentication service or third-party services
HTTP Basic-Authentication services that provide basic user credential storage and browser challenges
A graphical user interface for visualizing the firewall and operational settings we lovingly call the CBSecurity Visualizer
Industry-standard response headers to protect against XSS, clickjacking, frame busting, and much more

Getting Started

You can easily add security to your ColdBox applications by installing the module via CommandBox. Out of the box, it will secure your application using several industry standards headers and approaches. However, you will have to configure which authentication and authorization system it will use. Check out our new security overview guide: https://coldbox-security.ortusbooks.com/getting-started/overview

# Install
install cbsecurity

# Update
update cbsecurity

What's New

This release includes a major upgrade of our cbcsrf library, but more importantly a way to generate secure and random passwords using our new createPassword() method in our CBSecurity object. Check out our release notes: https://coldbox-security.ortusbooks.com/intro/release-history/whats-new-with-3.1.0

Generating Passwords

Generate secure and random passwords with our createPassword() method.

You can use the createPassword( length:32, letters:true, numbers:true, symbols:true ) 
// Generate a random password 32 characters in length
cbsecure().createPassword()

// Generate with no symbols and 16 characters
cbsecure().createPassword( length: 16, symbols: false )

// Generate with no numbers and 12 characters
cbsecure().createPassword( length: 12, numbers: false )

12 Days of BoxLang - Day 4: TestBox

Today we’re celebrating one of the most exciting new additions to the BoxLang ecosystem:

the TestBox BoxLang CLI Runner — a fast, native way to run your TestBox tests directly through the BoxLang Runtime. ⚡

No server required. No CommandBox needed. Just pure, ultra-fast BoxLang-powered testing from the command lineon Windows, Mac, and Linux.

If you’re building modern applications with BoxLang — web apps, CLIs, serverless functions, Android apps, or OS-level utilities — this new feature gives you a unified, flexible testing workflow you can run anywhere.

12 days of BoxLang - Day 3: SocketBox!

As BoxLang continues evolving into a modern, high-performance, JVM-based runtime, real-time communication becomes essential for the applications we all want to build: dashboards, collaboration tools, notifications, live feeds, multiplayer features, and more.

That’s where SocketBox steps in — the WebSocket upgrade listener built to work seamlessly with CommandBox and the BoxLang MiniServer. ⚡

Today, for Day 3, we’re highlighting how SocketBox supercharges BoxLang development by giving you fast, flexible, and framework-agnostic WebSocket capabilities.

12 Days of BoxLang - Day 2: CommandBox

BoxLang + CommandBox: The Enterprise Engine Behind Your Deployments

For Day 2 of our 12 Days of Christmas series, we’re diving into one of the most powerful parts of the BoxLang ecosystem: CommandBox the defacto enterprise servlet deployment platform for BoxLang.

If BoxLang is the language powering your applications, CommandBox is the engine room behind it all. ⚙️

Blog