Blog

CommandBox 5.9.1 Released!

CommandBox, Releases
Brad Wood August 16, 2023

Spread the word

Brad Wood

August 16, 2023

Spread the word

Share your thoughts

Ortus Solutions

We are pleased to announce the general availability of CommandBox 5.9.1. This is a very small release with two changes.

  • Update to Lucee 5.4.3.2
  • Update bundled JRE to 11.0.20+8

Note Lucee 5.4.3.2 contains critical security patches which are outlined here:

https://dev.lucee.org/t/lucee-critical-security-alert-august-15th-2023-cve-2023-38693/12893

The new Lucee version affects the core CLI runtime as well as the default server you get when running "server start" with no cfengine specified.  Possible compatibility issues related to the major bump in Lucee version:

  • This Lucee version does not include Hibernate, so the Ortus Hibernate extension is installed.  We will stop doing this in 6.0
  • This Lucee version has strict XML parsing settings on by default which may affect any servers you start which parse XML containing DTDs.

If you do run into XML errors, this code may help you in your Application.cfc, which allows DTDs, but still disallows XML external entities (XEE).

this.xmlFeatures={
	externalGeneralEntities: false,
	disallowDoctypeDecl: false
};

Release notes

Task

Add Your Comment

Recent Entries

πŸš€ ColdBox CLI 8.11: The Era of AI Skills Comes to Every ColdBox & BoxLang App

πŸš€ ColdBox CLI 8.11: The Era of AI Skills Comes to Every ColdBox & BoxLang App

ColdBox CLI 8.11 is here, and it's one of the most significant releases we've shipped for AI-assisted development. This release wires the CLI directly into our brand new public skills directory at skills.boxlang.io, brings our AI tooling in line with industry-wide agent conventions, and introduces a wave of quality-of-life improvements that make AI integration feel less like setup and more like infrastructure.

Luis Majano
Luis Majano
April 30, 2026
πŸ›°οΈ Introducing cbMCP β€” Your ColdBox App, Live to Every AI Agent

πŸ›°οΈ Introducing cbMCP β€” Your ColdBox App, Live to Every AI Agent

Today we're releasing cbMCP, the official ColdBox MCP Server β€” a BoxLang-only module that turns your running ColdBox application into a fully-compliant Model Context Protocol (MCP) server. Plug in any MCP-capable AI client β€” Claude Desktop, VS Code Copilot, Cursor, Codex, Gemini CLI, OpenCode β€” and your AI assistant gets live, read-only introspection across the entire ColdBox platform: routing, handlers, modules, WireBox, CacheBox, LogBox, schedulers, interceptors, and async executors. 🎯

Luis Majano
Luis Majano
April 30, 2026