Today we are pleased to announce the final release of CommandBox 5.2.0.  This release has been 5 months in the making and covers nearly 50 tickets.  We've already covered the full list of new features and enhancements in our release candidate announcement which you can read here:

https://www.ortussolutions.com/blog/commandbox-520-release-candidate-ready-for-testing

After a month of RC testing, we've made several additional improvements and are ready to release.

Docs and Downloads

Everything has been documented already in the CommandBox docs here:

https://commandbox.ortusbooks.com/

And the final build is available on HomeBrew (for Mac users), our apt/yum repos (for Linux users), and our download page:

https://www.ortussolutions.com/products/commandbox#download

Major Features

We've added a ton of new goodies to this release.  The high level overview is:

  • Library updates
  • Server Security Profiles
  • Server Rules
  • Task Runner Lifecyle events
  • System Setting ${} Namespaces
  • GZip Compression Control
  • Generic Watch Command
  • Control Default Browser
  • Server restart from tray icon
  • Pipe into standard input of native binaries

Read more about the new features and now to use them in our release candidate announcement.

Security Fixes

It is highly recommended that you update to this new version of CommandBox right away for a number of security improvements.  

  • There are security improvements and fixes in the configuration/use of  JBoss Undertow
  • There are security improvements and fixes in the new version of Lucee Server (which powers the CLI and your default servers)
  • There are security improvements and fixes in Runwar, the project that is used to start your servers
  • There are security improvements and fixes in CommandBox server features

I'm not going to give any specifics, but I wouldn't sit on this update.  Read more about the new security additions in our release candidate announcement

Community Contributors

We'd like to recognize all the people in the community who sent pull requests that are a part of this release: Pete FreitagKai KoenigMatthew ClementeBobby HartsfieldScott SteinbeckDaniel Mejia, and Miguel Mathus!  

Read more about the new features of 5.2.0 in this post.

Breaking Changes

We work hard to make every CommandBox upgrade backwards compatible.  There's a couple things that you may notice different in this release.  They're both done to put security first and can be modified to get your original behavior back.

Since the CF Administrator is now blocked for traffic not coming from localhost when in production mode, you may need to explicitly open up the CF admin to make it accessible again if you needed it open to the public on a production server.  Even with the profile set to production, you can activate just the CF admin like so:

server set web.blockCFAdmin=false

The web server built into CommandBox will now only serve static files if their extension is found in a whitelist of acceptable files.  This is to prevent prying eyes from hitting files they shouldn't be able to access on your server. 

If you have a common static file you need to serve, you can add your own custom extensions to the list like so:

server set web.allowedExt=jar,exe,dll

Read more about the breaking changes in our release candidate announcement.