Blog

CBSecurity 3.1 Released

ColdBox MVC, Modules, News, Releases, Security
Luis Majano February 20, 2023

Spread the word

Luis Majano

February 20, 2023

Spread the word

Share your thoughts

Ortus Solutions

We are happy to announce our first minor release for CBSecurity v3.1.0, with some nice updates and a new password generator.

What is CBSecurity

The ColdBox CBSecurity module is a collection of modules to help secure your ColdBox applications. The significant areas of concern are:

  • A security authentication/authorization firewall which can secure your application based on the following:
    • Security rules and a rule engine for validation of incoming events or URL patterns
    • Handler and method annotations
  • A security service can be used to provide user authentication and authorization contexts via a fluent language approach.
  • A JWT generator, decoder, and authentication services
  • Cross-Site Request Forgery (CSRF) Protection
  • An authentication manager which can be plug-and-play with your authentication service or third-party services
  • HTTP Basic-Authentication services that provide basic user credential storage and browser challenges
  • A graphical user interface for visualizing the firewall and operational settings we lovingly call the CBSecurity Visualizer
  • Industry-standard response headers to protect against XSS, clickjacking, frame busting, and much more

Getting Started

You can easily add security to your ColdBox applications by installing the module via CommandBox. Out of the box, it will secure your application using several industry standards headers and approaches. However, you will have to configure which authentication and authorization system it will use. Check out our new security overview guide: https://coldbox-security.ortusbooks.com/getting-started/overview


# Install
install cbsecurity

# Update
update cbsecurity

What's New

This release includes a major upgrade of our cbcsrf library, but more importantly a way to generate secure and random passwords using our new createPassword() method in our CBSecurity object. Check out our release notes: https://coldbox-security.ortusbooks.com/intro/release-history/whats-new-with-3.1.0

Generating Passwords

Generate secure and random passwords with our createPassword() method.


You can use the createPassword( length:32, letters:true, numbers:true, symbols:true ) 
// Generate a random password 32 characters in length
cbsecure().createPassword()

// Generate with no symbols and 16 characters
cbsecure().createPassword( length: 16, symbols: false )

// Generate with no numbers and 12 characters
cbsecure().createPassword( length: 12, numbers: false )

Add Your Comment

Recent Entries

Introducing the BoxLang Spring Boot Starter: Dynamic JVM Templating for Spring

Introducing the BoxLang Spring Boot Starter: Dynamic JVM Templating for Spring

Spring Boot developers know the pain of evaluating view technologies. Thymeleaf is great — until you need more expressiveness. FreeMarker is powerful — until the syntax fights you. What if you could write templates in a dynamic JVM language that gives you the full power of the platform, feels natural, and requires zero setup to integrate?

Meet the BoxLang Spring Boot Starter.

Luis Majano
Luis Majano
March 13, 2026
Why Swiss Banks Are Modernizing CFML Platforms Without Rewrites

Why Swiss Banks Are Modernizing CFML Platforms Without Rewrites

The growing need to evolve legacy financial platforms safely

Many Swiss banks and financial institutions still operate important systems built on ColdFusion and CFML platforms.

These systems manage a wide range of functions, including:

  • internal banking workflows
  • reporting systems
  • client portals
  • data integration platforms
  • compliance and risk management tools

In many cases, thes...

Cristobal Escobar
Cristobal Escobar
March 13, 2026
Reactive vs Proactive ColdFusion Support: Why Waiting for an Outage Is the Most Expensive Strategy

Reactive vs Proactive ColdFusion Support: Why Waiting for an Outage Is the Most Expensive Strategy

Many ColdFusion environments operate in a reactive mode without realizing it.

Everything seems fine… until something breaks.

A server crashes.

Performance drops suddenly.

An integration stops working.

A security audit reveals missing patches.

At that point the response is urgent:

“Can someone help us fix this now?”

Emergency support is sometimes unavoidable. But when reactive intervention becomes the norm, it usually means something deep...

Cristobal Escobar
Cristobal Escobar
March 12, 2026