CommandBox 5.2.0 Released

Brad Wood November 16, 2020

Spread the word

Brad Wood

November 16, 2020

Spread the word

Share your thoughts

Today we are pleased to announce the final release of CommandBox 5.2.0.  This release has been 5 months in the making and covers nearly 50 tickets.  We've already covered the full list of new features and enhancements in our release candidate announcement which you can read here:

After a month of RC testing, we've made several additional improvements and are ready to release.

Docs and Downloads

Everything has been documented already in the CommandBox docs here:

And the final build is available on HomeBrew (for Mac users), our apt/yum repos (for Linux users), and our download page:

Major Features

We've added a ton of new goodies to this release.  The high level overview is:

  • Library updates
  • Server Security Profiles
  • Server Rules
  • Task Runner Lifecyle events
  • System Setting ${} Namespaces
  • GZip Compression Control
  • Generic Watch Command
  • Control Default Browser
  • Server restart from tray icon
  • Pipe into standard input of native binaries

Read more about the new features and now to use them in our release candidate announcement.

Security Fixes

It is highly recommended that you update to this new version of CommandBox right away for a number of security improvements.  

  • There are security improvements and fixes in the configuration/use of  JBoss Undertow
  • There are security improvements and fixes in the new version of Lucee Server (which powers the CLI and your default servers)
  • There are security improvements and fixes in Runwar, the project that is used to start your servers
  • There are security improvements and fixes in CommandBox server features

I'm not going to give any specifics, but I wouldn't sit on this update.  Read more about the new security additions in our release candidate announcement

Community Contributors

We'd like to recognize all the people in the community who sent pull requests that are a part of this release: Pete FreitagKai KoenigMatthew ClementeBobby HartsfieldScott SteinbeckDaniel Mejia, and Miguel Mathus!  

Read more about the new features of 5.2.0 in this post.

Breaking Changes

We work hard to make every CommandBox upgrade backwards compatible.  There's a couple things that you may notice different in this release.  They're both done to put security first and can be modified to get your original behavior back.

Since the CF Administrator is now blocked for traffic not coming from localhost when in production mode, you may need to explicitly open up the CF admin to make it accessible again if you needed it open to the public on a production server.  Even with the profile set to production, you can activate just the CF admin like so:

server set web.blockCFAdmin=false

The web server built into CommandBox will now only serve static files if their extension is found in a whitelist of acceptable files.  This is to prevent prying eyes from hitting files they shouldn't be able to access on your server. 

If you have a common static file you need to serve, you can add your own custom extensions to the list like so:

server set web.allowedExt=jar,exe,dll

Read more about the breaking changes in our release candidate announcement.

Add Your Comment

Recent Entries

ColdBox Mail Services 2.0 - Fluent Mail For All

ColdBox Mail Services 2.0 - Fluent Mail For All

We are so excited to bring you a major release of our cbmailservices module. This module has been around since our initial versions of ColdBox and it has now matured into a modern and fluent library for sending mail.

Luis Majano
Luis Majano
November 08, 2021
FORGEBOX 6 has landed!

FORGEBOX 6 has landed!

After several months of work, we are proud to announce the release of FORGEBOX 6. This has been a major undertaking spawning several months worth of work, a complete UI revamp for registered users, many bug fixes, multi-key API, and much more. We have also introduced our new Business Accounts with the ability for organizations to have a simple and human way of managing their final package releases and their teams.

Javier Quintero
Javier Quintero
October 26, 2021
CommandBox 5.4.2 Released!

CommandBox 5.4.2 Released!

There is a new update for CommandBox CLI available.  Version 5.4.2 is a patch update that contains a few bug fixes including two important ones. 

  • There is a fix for a regression introduced in 5.4.0 where updating the version of a CF engine doesn't work without forgetting the server first. 
  • There is also an important security impro...

Brad Wood
Brad Wood
October 07, 2021