Blog

ColdBox 4.0 Error Handling

ColdBox MVC, Tutorials
Brad Wood January 29, 2015

Spread the word

Brad Wood

January 29, 2015

Spread the word

Share your thoughts

Ortus Solutions

ColdBox has always provided nice, automatic error handling for your code.  Errors in your application are caught for you, and you can respond to them via convention-based methods, event handlers, or even interception points as you see fit.  (Read more on ColdBox error handling here)

If you do nothing, ColdBox will render a nicely formatted page with all the original exception information plus extra details about the ColdBox request which can be handy for debugging.  Due to our focus on security-by-default in ColdBox 4, we found that a large  number of people never change the default error template and their production servers give out way too much information!  Even though having a 'detailed' template by default was convenient, it wasn't secure.  

Therefore, we now ship ColdBox with two error templates.  (Of course you are still encouraged to make your own custom ones.)

  • BugReport.cfm
  • BugReport-Public.cfm

Get Your Info Back

BugReport-Public is what is enabled by default.  It outputs very little information so the baddies can't use your default error template as an attack vector to gather information about your server.  Don't worry though, the original error template (BugReport) is still there and can easily be enabled at any time. 

To get your old error template back, simply add the customErrorTemplate setting in your /config/ColdBox.cfc like so:

coldbox = {
	customErrorTemplate = "/coldbox/system/includes/BugReport.cfm"
};

Note: you can point to any valid .cfm file with this setting.  Feel free to create your own themed error template that matches your site's layout.  Just remember, this is not a view-- just a stand-alone .cfm file that can only access the variables.exception object.

An Even Better Way

We don't recommend just changing the setting like that because you're likely to forget and put yourself back at square 1 again when you push your code to production.  What's best is to leave the production error template to a 'secure' one and add a development override that only uses the public template on your development servers.  

coldbox = {
	customErrorTemplate = "/includes/myCustomPrettyErrorPage.cfm"
};

environments = {
	development = "localhost"
};

function development(){
	coldbox.customErrorTemplate = "/coldbox/system/includes/BugReport.cfm";
};

Now, your default production setting is your custom pretty error page, but on your dev server you get the juicy details.  Make sure you've also configured some LogBox logging on production so you have some way to get your error messages!

Read more about ColdBox 4 compatibility here:

http://wiki.coldbox.org/wiki/Compatibility:4.0.0.cfm

Install ColdBox 4.0 with CommandBox today with this simple command:

CommandBox> install coldbox

Add Your Comment

Recent Entries

Discover the tools, tricks, and techniques every modern CFML and BoxLang developer needs!

Discover the tools, tricks, and techniques every modern CFML and BoxLang developer needs!

Into the Box 2026 is officially on the horizon, and it’s shaping up to be our most impactful conference yet.

Our mission this year is simple: **Make modernization approachable for everyone.** Whether you’re a seasoned ColdFusion veteran or a developer just starting your BoxLang journey, we’ve priced this event to ensure the entire community can join us in person.

Victor Campos
Victor Campos
March 05, 2026
From Lucee to Modern JVM Architectures for German Enterprises

From Lucee to Modern JVM Architectures for German Enterprises

How German companies running Lucee and CFML can evolve toward cloud-native JVM platforms

Across Germany, many enterprises rely on Lucee and CFML-based applications to run critical internal systems, customer portals, and business workflows.

Germany has one of the most active Lucee communities in Europe, supported by long-standing adoption of CFML across industries such as:

  • Manufacturing
  • Logistics
    • <...

Cristobal Escobar
Cristobal Escobar
March 04, 2026
BoxLang 1.11.0 Release

BoxLang 1.11.0 Release

We're proud to announce BoxLang 1.11.0, a highly focused performance and stability release that delivers measurable speed improvements across every BoxLang application, with zero code changes required. The team invested deeply in bytecode generation, class loading, lock management, and type casting to produce one of the most impactful runtime optimization releases to date. Alongside the performance wave, this release resolves critical concurrency bugs, hardens DateTime handling, and ships powerful new developer tooling.

Luis Majano
Luis Majano
March 04, 2026