Blog

CommandBox 5.2.0 Released

CommandBox, News, Releases, Security
Brad Wood November 16, 2020

Spread the word

Brad Wood

November 16, 2020

Spread the word

Share your thoughts

Ortus Solutions

Today we are pleased to announce the final release of CommandBox 5.2.0.  This release has been 5 months in the making and covers nearly 50 tickets.  We've already covered the full list of new features and enhancements in our release candidate announcement which you can read here:

https://www.ortussolutions.com/blog/commandbox-520-release-candidate-ready-for-testing

After a month of RC testing, we've made several additional improvements and are ready to release.

Docs and Downloads

Everything has been documented already in the CommandBox docs here:

https://commandbox.ortusbooks.com/

And the final build is available on HomeBrew (for Mac users), our apt/yum repos (for Linux users), and our download page:

https://www.ortussolutions.com/products/commandbox#download

Major Features

We've added a ton of new goodies to this release.  The high level overview is:

  • Library updates
  • Server Security Profiles
  • Server Rules
  • Task Runner Lifecyle events
  • System Setting ${} Namespaces
  • GZip Compression Control
  • Generic Watch Command
  • Control Default Browser
  • Server restart from tray icon
  • Pipe into standard input of native binaries

Read more about the new features and now to use them in our release candidate announcement.

Security Fixes

It is highly recommended that you update to this new version of CommandBox right away for a number of security improvements.  

  • There are security improvements and fixes in the configuration/use of  JBoss Undertow
  • There are security improvements and fixes in the new version of Lucee Server (which powers the CLI and your default servers)
  • There are security improvements and fixes in Runwar, the project that is used to start your servers
  • There are security improvements and fixes in CommandBox server features

I'm not going to give any specifics, but I wouldn't sit on this update.  Read more about the new security additions in our release candidate announcement

Community Contributors

We'd like to recognize all the people in the community who sent pull requests that are a part of this release: Pete FreitagKai KoenigMatthew ClementeBobby HartsfieldScott SteinbeckDaniel Mejia, and Miguel Mathus!  

Read more about the new features of 5.2.0 in this post.

Breaking Changes

We work hard to make every CommandBox upgrade backwards compatible.  There's a couple things that you may notice different in this release.  They're both done to put security first and can be modified to get your original behavior back.

Since the CF Administrator is now blocked for traffic not coming from localhost when in production mode, you may need to explicitly open up the CF admin to make it accessible again if you needed it open to the public on a production server.  Even with the profile set to production, you can activate just the CF admin like so:

server set web.blockCFAdmin=false

The web server built into CommandBox will now only serve static files if their extension is found in a whitelist of acceptable files.  This is to prevent prying eyes from hitting files they shouldn't be able to access on your server. 

If you have a common static file you need to serve, you can add your own custom extensions to the list like so:

server set web.allowedExt=jar,exe,dll

Read more about the breaking changes in our release candidate announcement.

Add Your Comment

Recent Entries

Must-See ITB 2025 Sessions for TestBox Users!

Must-See ITB 2025 Sessions for TestBox Users!

Are you a fan of TestBox or looking to level up your testing game in 2025? Whether you're just getting started with unit testing or you're already building advanced specs for ColdBox and BoxLang apps, Into the Box 2025 has an exciting lineup tailored just for you. Into the Box 2025 has an exciting lineup tailored just for you. With the recent launch of TestBox 6.3.0 we have amazing new tools, features and tips and tricks to get your testing experience to the next level, review our sessions and test like a pro efficiently and easy!

From hands-on testing strategies to BoxLang innovations, here are the sessions you won’t want to miss this May — and why they matter to you as a TestBox user.

Maria Jose Herrera
Maria Jose Herrera
April 17, 2025
The Into the Box 2025 Agenda is LIVE and Done!

The Into the Box 2025 Agenda is LIVE and Done!

The wait is over! The official Into the Box 2025 agenda is now live — and it's packed with high-impact sessions designed for modern CFML and BoxLang developers. Whether you’re building APIs, modernizing legacy apps, diving into serverless, or exploring AI integrations, this is the conference you’ve been waiting for.

Here’s a look at what you can expect — categorized by key topics to help you plan your learning journey, there’s something for everyone covering modern CFML tools and BoxLang:

Maria Jose Herrera
Maria Jose Herrera
April 15, 2025
Only 2 Days Left to Lock In Early Bird Pricing for Into the Box 2025!

Only 2 Days Left to Lock In Early Bird Pricing for Into the Box 2025!

The countdown is on. You have just two days left to secure your Early Bird ticket  for just $199 to Into the Box 2025 before prices increase on April 16.

We are proud to offer an engaging and high-value online experience for developers around the world. With a virtual ticket, you get more than just access — you get ongoing value that supports your growth long after the conference ends.

Maria Jose Herrera
Maria Jose Herrera
April 14, 2025