CommandBox 5.5.1 Released!

Brad Wood May 05, 2022

Spread the word

Brad Wood

May 05, 2022

Spread the word

Share your thoughts

We are pleased to announce the immediate release of CommandBox 5.5.1, the latest version of our CFFML package manager, REPL, and CLI tool.  This release has been 6 months in the making and closed 66 tickets.

As usual, the docs have all been updated to include the latest goodness.   You can read them here:

The release can be downloaded from our product page, installed via HomeBrew (on Mac), or by APT or Yum on your favorite Linux flavor.

New Stuff

This is what you all came here for.  Here's an overview of the new stuff lurking in Commandbox 5.5.

ModCFML Support

ModCFML is a popular standard for running a CF server behind IIS or Apache web server and allowing your virtual hosts configured in the web servers to control the web root of the CF server so you can run more than one site on a single CF instance.  CommandBox has historically only had a single web root per server, but now you can use a single CommandBox instance to power as many Adobe CF or Lucee Server sites as you like.  CommandBox's ModCFML just needs to be enabled and can work with BonCode, mod_cfml or Nginx.



Read more here:

Log4j 1.x is gone!

CommandBox's core is now 100% free of 1.x versions of the Log4j library.  Note, if you start an older Lucee server or any Adobe ColdFusion server, they may still have Log4j 1.x bundled with them.

Library updates

Many of the java libraries have been updated

  • JRE-bundled version ships with Java 11.0.15+10
  • Undertow updated to 2.2.17.Final
  • Lucee updated to
  • JGit updated to
  • JLine updated to 3.21.0
  • Runwar updated to 4.7.4
  • Log4j updated to 2.17.1

Set Java System Props directly in server.json

Does what it says.  Looks like this:


  "jvm" : {
    "properties" : {
       "foo" : "bar baz"
       "java.awt.headless" : "true"

Read More Here:

JVM Args can be an array

JVM args and Runwar args can now be set an array of strings which prevents you from needing to escape or quote anything.

Old way (still works)

  "jvm" : {
    "args" : "-XX:+UseG1GC -XX:-CreateMinidumpOnCrash --add-opens=java.base/"

New way 

  "jvm" : {
    "args" : [

Read More Here:

Request Dumper

There is now a handy little handler you can put in your server rules to view a console dump of all the header data related to your request and response.


  "web" : {
    "rules" : [
      "regex('(.*).cfm') -> dump-request()"

OpenJDK Downloads

The java API has been moved from AdoptOpenJDK to the Eclipse Adoptium project.  This is basically the same project, it just changed names.

assertFalse command

Opposite of assertTrue.  Returns a passing (0) or failing (1) exit code whether falsy parameter passed. Truthy values are "yes", "true" and positive integers. All other values are considered falsy

assertFalse false && echo "The inputs was false"

assertNotEqual command

Opposite of assertEqual.  Returns a passing (0) or failing (1) exit code whether both parameters DO NOT match. Comparison is case insensitive.

assertNotEqual "foo" "bar" && echo "The inputs are not equal"

Better command chaining

You can have more than two chained commands, and the command chain will keep executing so long as the next part is compatible with the previous exit code. Ex:

assertTrue false && echo "it was true!" || echo "back on track";

cfpm improvements

  • We now set the JAVA_HOME for the cfpm command if it doesn't exist
  • An Adobe server no longer needs to be the default server for that web root
  • If cfpm is run as part of a package or server script, it will default to the using the server currently doing something

box.exe finds Java better on Windows

Previous versions of Launch4j only used the Windows registry to find the installed version of java.  The following environment variables are now also checked in this order to attempt to find a JRE to use.

  • PATH

head Command

Does the same basic thing as the tail command, but it reads from the top of the file or input.

cat file.txt | head lines=10

X-Forwarded-For support disabled by default

For better security, CommandBox servers will not automatically obey X-Forwarded-For HTTP headers unless you enable it. 

server set web.useProxyForwardedIP=true

Only enable this setting if your CommandBox server is behind a trusted proxy which always sets this header.  Otherwise, a malicious client could spoof a trusted IP an bypass IP access control.

Relaxed semantic version parsing

Both of these commands will now do the same thing.  The second one used to error with version not found.

# technical correct
server start cfengine=lucee@5.3.9+133

# technical incorrect, but people still always tried it
server start cfengine=lucee@

XML Love

XML formatting is now a first-class citizen of the print helper and the REPL.  You can pass a parsed XML doc and they will be formatted upon display.

❯ repl  'xmlParse(\'<root><user name="brad"/></root>\')'
  <user name="brad"/>

Mac Tray Icon Disabled

Due to lack of Java 9+ support in the Java library that creates tray icons, we've disabled the tray icon by default on MacOS.  If you want to brave the possibility of it not working or spilling errors in the console, you can re-enable it like so:

# for one server
server set trayEnable=true

# for all servers
config set server.defaults.trayEnable=true

Hopefully when the library gets updated, we'll be able to re-enable the tray icon by default.

Release Notes

Here is the complete list of all tickets closed in this release


COMMANDBOX-1458 package init sometimes errors on endpointName not defined

COMMANDBOX-1452 SystemSettings UDF injections in ModuleConfig don't work

COMMANDBOX-1440 If you do a link command in a task, the module is not available until another command is issued

COMMANDBOX-1439 REPL can error while displaying XML

COMMANDBOX-1433 runwar.jar missing mutli-release attribute in manifest

COMMANDBOX-1432 cannot capture output of failing "run" command

COMMANDBOX-1430 Ensure enforces trailing slash on directory

COMMANDBOX-1420 Lockdown rules don't escape periods in file names, can match too much

COMMANDBOX-1418 Contain command output in interactive job when commands nest

COMMANDBOX-1417 Total No. of context-params incorrect for web.xml overrides

COMMANDBOX-1416 web.xml overrides only work for Lucee

COMMANDBOX-1414 Regression in auto-adding system modules

COMMANDBOX-1398 #function cfml shortcut has poor named param detection

COMMANDBOX-1392 CommandDSL mishandles weird quoted strings

COMMANDBOX-1385 adobe@2016.0.17 doesn't start properly

COMMANDBOX-1384 removing web.xml override errors until you forget the server

COMMANDBOX-1383 overriding servlet mapping that already exists errors


COMMANDBOX-1459 Stopgap for Java regression

COMMANDBOX-1457 Concat nested server.json "env" variables with underscore instead of period

COMMANDBOX-1456 JSON append operations aren't recursive

COMMANDBOX-1455 Allow customization of default Log4j pattern

COMMANDBOX-1454 Track all ForgeBox installs

COMMANDBOX-1451 Allow terminal width to be overridden for print.table() in a dumb terminal

COMMANDBOX-1447 Hide major updates in nested dependencies for "outdated" command

COMMANDBOX-1446 Have "coldbox create app" set name in server.json

COMMANDBOX-1443 Improve validation on recipe command

COMMANDBOX-1442 Format XML in Print Helper

COMMANDBOX-1437 Add .handlebars and .hbs extensions to whitelist

COMMANDBOX-1436 Relax x range checks with prerelease ID

COMMANDBOX-1431 Set Lucee "webroot" to drive root

COMMANDBOX-1429 Optimize globber peformance

COMMANDBOX-1428 Refactor server running check to use PID over port check.

COMMANDBOX-1427 Create stop --local argument to stop all servers in your current directory

COMMANDBOX-1426 Don't allow package to be both dev and non-dev dependency

COMMANDBOX-1425 update to Lucee 5.3.9

COMMANDBOX-1424 Disable proxy peer address in servers by default

COMMANDBOX-1423 Allow access to .well-known folder

COMMANDBOX-1422 Add env var lookups to launch4j path

COMMANDBOX-1421 Misleading messaging for system package updates

COMMANDBOX-1415 Update runwar to latest version of Log4j

COMMANDBOX-1413 Allow java debugging CLI args to be case insensitive

COMMANDBOX-1412 White page for low level errors in Runwar

COMMANDBOX-1410 Add announce() method to InterceptorService

COMMANDBOX-1409 Auto-set JAVA_HOME in cfpm command if not already set

COMMANDBOX-1401 Remove short circuit from logical checks on command exit codes

COMMANDBOX-1399 Allow case insensitive env var lookup on *nix

COMMANDBOX-1397 Improve java search command

COMMANDBOX-1396 java command API from Adoptopenjdk is deprecated

COMMANDBOX-1390 Add --hideUpToDate flag out outdated command to reduce output

COMMANDBOX-1335 Sort server name tab completion based on date last started desc

New Feature

COMMANDBOX-1453 Create offlineMode which does not connect to the internet

COMMANDBOX-1449 Developer mode that reloads before every command

COMMANDBOX-1411 Support multiple contexts (mod_cfml)

COMMANDBOX-1407 Create "head" command to do opposite of "tail"

COMMANDBOX-1406 box_server_env aren't passed to server process

COMMANDBOX-1405 Improve cfpm command to better detect correct server

COMMANDBOX-1404 Allow server-related package scripts in server.json

COMMANDBOX-1403 Add assertFalse command

COMMANDBOX-1402 Add assertNotEqual command

COMMANDBOX-1395 Allow jvm.args and runwar.args to be an array in server.json

COMMANDBOX-1394 Allow java system properties as struct in server.json

COMMANDBOX-1265 We need organizations support for FORGEBOX

COMMANDBOX-1082 Request Trace flag to log all headers and Form variables or request body for a request


COMMANDBOX-1444 Disable server tray icon by default on Mac and Linux

COMMANDBOX-1438 Update jGit lib to 5.13.0

Add Your Comment

Recent Entries

Ortus March Newsletter

Ortus March Newsletter

Welcome to Ortus Solutions’ monthly roundup, where we're thrilled to showcase cutting-edge advancements, product updates, and exciting events! Join us as we delve into the latest innovations shaping the future of technology.

Maria Jose Herrera
Maria Jose Herrera
April 01, 2024
Into the Box 2024 Last Early Bird Days!

Into the Box 2024 Last Early Bird Days!

Time is ticking, with less than 60 days remaining until the excitement of Into the Box 2024 unfolds! Don't let this golden opportunity slip away; our exclusive Early Bird Pricing is here for a limited time only, available until March 31st. Why wait? Secure your seat now and take advantage of this steal!

Maria Jose Herrera
Maria Jose Herrera
March 20, 2024
Ortus February Newsletter 2024

Ortus February Newsletter 2024

Welcome to Ortus Solutions’ monthly roundup, where we're thrilled to showcase cutting-edge advancements, product updates, and exciting events! Join us as we delve into the latest innovations shaping the future of technology.

Maria Jose Herrera
Maria Jose Herrera
March 06, 2024