CommandBox 5.9.1 Released!

CommandBox, Releases

Brad Wood August 16, 2023

Spread the word

Brad Wood

August 16, 2023

Spread the word

Share your thoughts

We are pleased to announce the general availability of CommandBox 5.9.1. This is a very small release with two changes.

Update to Lucee 5.4.3.2
Update bundled JRE to 11.0.20+8

Note Lucee 5.4.3.2 contains critical security patches which are outlined here:

https://dev.lucee.org/t/lucee-critical-security-alert-august-15th-2023-cve-2023-38693/12893

The new Lucee version affects the core CLI runtime as well as the default server you get when running "server start" with no cfengine specified. Possible compatibility issues related to the major bump in Lucee version:

This Lucee version does not include Hibernate, so the Ortus Hibernate extension is installed. We will stop doing this in 6.0
This Lucee version has strict XML parsing settings on by default which may affect any servers you start which parse XML containing DTDs.

If you do run into XML errors, this code may help you in your Application.cfc, which allows DTDs, but still disallows XML external entities (XEE).

this.xmlFeatures={
	externalGeneralEntities: false,
	disallowDoctypeDecl: false
};

Release notes

Task

COMMANDBOX-1609 Update bundled JRE to 11.0.20+8
COMMANDBOX-1610 Update to Lucee 5.4.3.2

BoxLang CouchBase Module: Enterprise Caching, Distributed Locking, and AI Vector Memory

We're thrilled to announce the release of bx-couchbase v1.0, bringing enterprise-grade Couchbase integration to the BoxLang ecosystem. This powerful module combines high-performance distributed caching with cutting-edge AI capabilities, enabling developers to build scalable, intelligent applications with ease.

BoxLang v1.8.0 : Revolutionary HTTP Client, SOAP Integration, and Production-Grade Stability

The BoxLang team is excited to announce BoxLang 1.8.0, a massive release that revolutionizes HTTP capabilities, introduces comprehensive SOAP/WSDL integration, and delivers over 100 critical bug fixes for production-grade stability. This release focuses on modern web application development with fluent APIs, streaming support, persistent connection management, and extensive CFML compatibility improvements.

Ortus & BoxLang November Recap 2025

November 2025 was a big month at Ortus. BoxLang 1.7.0 arrived with real-time streaming, distributed caching, and faster compiler internals. ColdBox gained a cleaner debugging experience with full Whoops support, while CBWIRE 5 launched with stronger security, smarter lifecycles, and easier uploads.

Blog