Luis Majano

October 19, 2016

Spread the word

Share your thoughts

We are pleased to announce the general availability of ColdBox 4.3.0, WireBox 4.3.0, CacheBox 4.3.0 and LogBox 4.3.0. This is a minor release with some great improvements and lots of bug fixes. So let's look at the major things in this release.


You can easily upgrade by leveraging commandbox and issuing the following command:

update coldbox

Getting Started

You can get started with ColdBox 4.3 by issuing the following CommandBox commands:

coldbox create app
server start


We have completey revamped the documentation for ColdBox. We have split the incoming docs into two paths: beginners and advanced. This way new comers to the framework will be able to remain focus and learn in a guided path, while advanced users can have access to the full documentation.

Module Parent Settings

We have now introduced a standardized approach to defining/overriding module settings in your module and overrides via the parent application. You can now define a moduleSettings structure in your config/ColdBox.cfc which will hold all the override settings for any modules you have installed in your system.

Module developers can then create defaults for those settings in a modules's ModuleConfig.cfc via the settings structure.

// myModule/ModuleConfig.cfc
component {
  function configure() {
    settings = {
      someSetting = "default",
      anotherSetting = "default"

// config/ColdBox.cfc
component {
  function configure() {
    moduleSettings = {
      myModule = {
        someSetting = "overridden" 

// end result
  someSetting = "overridden",
  anotherSetting = "default"

Global invalidHTTPMethodHandler

You can now define a global invalid HTTP method handler in your coldbox configuration structure:

coldbox = {
  invalidHTTPMethodHandler = "main.invalidHTTP"

This will provide your application with error consistency when building RESTFul services.

New allowedMethods annotation for handlers

Your event handler actions can now define their allowed HTTP methods of execution via the allowedMethods annotation:

function index( event, rc, prc) allowedMethods="GET,POST"{

New convention modules_app

With the introduction of CommandBox we can now have tracked modules and un-tracked modules in a ColdBox application. The default convention for modules called modules is now the default location of tracked CommandBox modules. The new convention modules_app is for your own custom un-tracked modules.

What is tracked? Modules that are tracked by CommandBox and usually not added to source control. CommandBox controls their installation, updating, etc.

Interceptors get rc and prc references

All interceptor methods now receive a reference to rc and prc for convenience:

function preProcess( event, rc, prc, interceptData, buffer )

String Builders

Internal concatenation tools and interceptor response buffers have been migrated to Java String Builders for a more awesome performance updates.

Binary HTTP Content

You can now receive and decode binary HTTP content when doing RESTFul services

Models in Modules accept aliases now

Models in Modules can now have name aliases via the alias annotation or binder alias definitions.

HTTP Method Spoofing

Although we have access to all these HTTP verbs, modern browsers still only support GET and POST. With ColdBox and HTTP Method Spoofing, you can take advantage of all the HTTP verbs in your web forms.

By convention, ColdBox will look for an _method field in the form scope. If one exists, the value of this field is used as the HTTP method instead of the method that was made. For instance, the following block of code would execute with the DELETE action instead of the POST action:

You can manually add these _method fields yourselves, or you can take advantage of ColdBox's HTML Helper.

#html.startForm( action = "", method="DELETE" )#
    #html.submitButton( name = "Delete", class = "btn btn-danger" )#

Release Notes


  • [COLDBOX-479] - onInvalidHTTPMethod not firing with SES Interceptor

  • [COLDBOX-512] - ColboxProxy.cfc has reference to method tracer - which no longer exists in that component.

  • [COLDBOX-515] - Exception handling broken for customErrorTemplate when application relative path used

  • [COLDBOX-517] - CF mapping's for modules don't get created for proxy requests

  • [COLDBOX-520] - Only remove the scriptname from the pathinfo if it is the first element in the pathinfo

  • [COLDBOX-521] - afterAspectsLoad was missing from core

  • [COLDBOX-527] - bug report view is not thread safe

  • [COLDBOX-528] - Coldbox Event Cache discards the Content-Type when caching non renderdata results

  • [COLDBOX-529] - Object in RC or PRC causes async interceptors to fail

  • [COLDBOX-534] - getHTMLBaseURL returns with a double slash at the end,

  • [COLDBOX-537] - ColdBox Cache Flash not discovering session/cookie as app has not loaded first

  • [COLDBOX-539] - Private event actions are no longer executable (regression)

New Features

  • [COLDBOX-371] - Convention to override a module's settings in an application or parent module

  • [COLDBOX-505] - New coldbox directive: invalidHTTPMethodHandler that will fire globally if an action is called with an invalid HTTP Method

  • [COLDBOX-511] - New action annotation "allowedMethods" so you can allow inline annoation for allowed HTTP Verbs thanks to Nic Tunney

  • [COLDBOX-522] - Add rc and prc available directly to custom error templates

  • [COLDBOX-525] - HTTP Method Spoofing for Forms

  • [COLDBOX-530] - Add 'modules_app' as a default external location instead of manually adding it.

  • [COLDBOX-540] - Interception points get reference to rc and prc now.

  • [COLDBOX-541] - invokerasync was not passing the buffer


  • [COLDBOX-502] - RequestBuffers now leverage string builders.

  • [COLDBOX-513] - Calling processState from within an interceptor clears buffer

  • [COLDBOX-531] - execute() in BaseTestCase now uses the default event (defined in config/ColdBox.cfc) if / is passed in as the route

  • [COLDBOX-532] - event.getHTTPContent() doesn't work on binary encoding

  • [COLDBOX-536] - Rendered output has ALWAYS a precedent empty line, delete it!

  • [COLDBOX-538] - Alises in module models aren't picked up

Add Your Comment

Recent Entries

October is here, and that means Hacktoberfest!

October is here, and that means Hacktoberfest!

Hacktoberfest is here!

Ortus Solutions is built upon Open source with our flagship products all open source, this event holds a special place in our hearts and it’s a great space to show developers how we are modernizing the CFML language. We invite everyone to get involved and contribute to CFML Community Projects, with documentation, code, and new this year, non-code contributions. 

Maria Jose Herrera
Maria Jose Herrera
October 04, 2022
Using CommandBox Docker Images to Perform Bytecode Source Conversions

Using CommandBox Docker Images to Perform Bytecode Source Conversions

There are times when code needs to be shipped in a compiled state. It might be for obfuscation or source protection, it might just because it runs faster that way, without the CFML server needing to compile templates at runtime. It's an excellent use case for production Docker images and code deploy pipelines.

Jon Clausen
Jon Clausen
October 03, 2022
cbElasticsearch 2.3.3 Released

cbElasticsearch 2.3.3 Released

We are pleased to announce the release of cbElasticsearch version 2.3.3. cbElasticsearch is the Elasticsearch module for the Coldbox platform, and provides a fluent CFML API for interacting with, searching, and serializing to Elasticsearch servers.

This release adds full compatibility for Elasticsearch v8.x as well as maintaining support for Elasticsearch versions 6 and 7.

Jon Clausen
Jon Clausen
October 03, 2022