Blog

CommandBox 5.2.0 Released

Brad Wood November 16, 2020

Spread the word

Brad Wood

November 16, 2020

Spread the word


Share your thoughts

Today we are pleased to announce the final release of CommandBox 5.2.0.  This release has been 5 months in the making and covers nearly 50 tickets.  We've already covered the full list of new features and enhancements in our release candidate announcement which you can read here:

https://www.ortussolutions.com/blog/commandbox-520-release-candidate-ready-for-testing

After a month of RC testing, we've made several additional improvements and are ready to release.

Docs and Downloads

Everything has been documented already in the CommandBox docs here:

https://commandbox.ortusbooks.com/

And the final build is available on HomeBrew (for Mac users), our apt/yum repos (for Linux users), and our download page:

https://www.ortussolutions.com/products/commandbox#download

Major Features

We've added a ton of new goodies to this release.  The high level overview is:

  • Library updates
  • Server Security Profiles
  • Server Rules
  • Task Runner Lifecyle events
  • System Setting ${} Namespaces
  • GZip Compression Control
  • Generic Watch Command
  • Control Default Browser
  • Server restart from tray icon
  • Pipe into standard input of native binaries

Read more about the new features and now to use them in our release candidate announcement.

Security Fixes

It is highly recommended that you update to this new version of CommandBox right away for a number of security improvements.  

  • There are security improvements and fixes in the configuration/use of  JBoss Undertow
  • There are security improvements and fixes in the new version of Lucee Server (which powers the CLI and your default servers)
  • There are security improvements and fixes in Runwar, the project that is used to start your servers
  • There are security improvements and fixes in CommandBox server features

I'm not going to give any specifics, but I wouldn't sit on this update.  Read more about the new security additions in our release candidate announcement

Community Contributors

We'd like to recognize all the people in the community who sent pull requests that are a part of this release: Pete FreitagKai KoenigMatthew ClementeBobby HartsfieldScott SteinbeckDaniel Mejia, and Miguel Mathus!  

Read more about the new features of 5.2.0 in this post.

Breaking Changes

We work hard to make every CommandBox upgrade backwards compatible.  There's a couple things that you may notice different in this release.  They're both done to put security first and can be modified to get your original behavior back.

Since the CF Administrator is now blocked for traffic not coming from localhost when in production mode, you may need to explicitly open up the CF admin to make it accessible again if you needed it open to the public on a production server.  Even with the profile set to production, you can activate just the CF admin like so:

server set web.blockCFAdmin=false

The web server built into CommandBox will now only serve static files if their extension is found in a whitelist of acceptable files.  This is to prevent prying eyes from hitting files they shouldn't be able to access on your server. 

If you have a common static file you need to serve, you can add your own custom extensions to the list like so:

server set web.allowedExt=jar,exe,dll

Read more about the breaking changes in our release candidate announcement.

Add Your Comment

Recent Entries

CBSecurity 3.1 Released

CBSecurity 3.1 Released

We are happy to announce our first minor release for CBSecurity v3.1.0, with some nice updates and a new password generator.

Luis Majano
Luis Majano
February 20, 2023
ColdFusion Summit East 2023 MVC Training Workshop

ColdFusion Summit East 2023 MVC Training Workshop

We are excited to announce a training workshop before the ColdFusion Summit East in Washington, D.C., on April 4th, 2023. Luis Majano, the creator of The ColdBox Platform, will be leading this workshop, bringing you a deep dive 1-day workshop: ColdFusion MVC for Dummies.

The workshop will combine a variety of theories, hands-on coding, and best practices to give you all the tools needed to leave the workshop ready to build MVC-powered apps when you return to your office.

Luis Majano
Luis Majano
February 16, 2023