In this section you will find the release notes for the 5.x version of CommandBox.

• Version 5.4.2 - October 2021

• Version 5.4.1 - September 2021

• - August 2021

• - May 2021

• - Dec 2020

• - Nov 2020

• - June 2020

• - May 2020

• - Mar 2020

This release was primarily to address a regression in 5.1.0 affecting Mac OS users who tried to start Lucee servers. If you see an error similar to this on a Lucee server and you're running a Mac and CommandBox 5.1.0, then this release will fix it for you.

If you are upgrading from CommandBox 5.1.0, there are only a handful of tickets which are listed below. If you are updating from an earlier version of CommandBox, please check out our and release blogs.

Release notes

Release Notes

Bug

COMMANDBOX-1374 Some installs unnecessarily write to the box.json

COMMANDBOX-1370 ConfigService::settingExists() fails in race conditions due to non-varscoped variables in JSONService

Improvement

Support excludePaths in watcher DSL and watch command

Ensure Adobe wars have a seeds.properties file

Add tab complete for "env clear" command

Ignore empty startScript on server start

Updated bundled Java libraries

• JLine - 3.19.0

There is now a new "forgebox logout" command you can use for testing or just to remove your API token from the local CLI.

You can change CommandBox's default tab completion to be an inline list that follows your cursor. This setting requires you to close and re-open the shell to take affect.

Read more here:

https://commandbox.ortusbooks.com/config-settings/misc-settings#tabcompleteinline

We've added better debugging information for Server Profiles. If you add the --verbose flag to your server start, you'll be able to see what profile was detected for your server, and what baked-in rules have been turned on as a result.

We've added a new Single Server Mode you can enable in the CLI to make using CommandBox in Docker images easier.

Read more here:

Release Notes

Here are the release notes for the 5.2.1 release.

Bug

• [] - Installing via lex endpoint uses incorrect file extension

• [] - Location of predicate file is in a folder that the Docker finalization script deletes

• [] - Command alas for run command doesn't expand properly

New Feature

• [] - Add config setting to activate JLine's AUTO_MENU_LIST

• [] - forgebox logout command

Improvement

• [] - verbose server start output for profile and security settings

• [] - Extend ${} scopes to apply to any getSetting() call or "env show" command

• [] - Modules aren't unloaded on reload or shutdown

Java 14 support

Java 14 is now supported in CommandBox 5.1.0. In order to support Java 14, we had to stop using Pack200 which means the binary sizes have grown a little. The good news is CommandBox will start up a little faster on its first run since there's less to unpack now.

Start pure HTML Server

You can start up a lightweight server that only serves static files now with CommandBox.

New CommandBox Light and CommandBox Thin Binaries

In pursuit of the smallest possible Docker images, we have CommandBox light which is built on Lucee Light. We also have a box "thin" binary you can swap out with the full self-extracting binary when using CommandBox in custom docker images. Check out Pete Freitag's to see both of these in use in a super tiny 78 Meg docker image. More docs here:

Force working directory when starting

If you're using box in an integration where you want it to start up in a specific working directory, there is a new bootstrap CLI arg for that.

Server tray menu item custom commands

You've always been able to specify custom menu items in your server.json or global config settings, but we've kicked it up a notch. Not only can you contribute to existing sub menus now, you can execute arbitrary native commands synchronously or async.

Release Notes

Here's the full list of tickets closed down in the 5.1.0 release.

Bug

• [] - Runwar deadlocks when using Lucee server warmup flag

• [] - Server start console output isn't always formatted correctly

• [] - Boolean env var causes error on server start

New Feature

• [] - Allow arbitrary actions for menu items

• [] - Allow to start a pure HTML server

• [] - Update ColdBox Templates to new standards

Task

• [] - Add Java version as info log

Improvement

• [] - Provide way to disable server instance icon in MacOS dock

• [] - Add --full flag to dir command to output full path

• [] - Rework the server list command so it is more performant

web.xml Overrides

When you start an Adobe or Lucee CF Engine, the WAR CommandBox uses has a stock web.xml baked into it. Sometimes you may want to add custom servlets, servlet mappings, etc into your server. You can override the stock web.xml in part or in total with a file of your own which you specify in the server.json like so:

More info here:

Funky Parameters

In addition to quoting parameter values, parameter names can also be quoted. This is useful when setting keys into settings or JSON files that have spaces, hyphens or special characters. Each of these examples are now supported:

More info here:

Library updates

Lucee Server has been updated to 5.3.8.201 and JBoss Undertow has been updated to 2.2.10.Final. The Lucee update, as usual, applies to the CLI as well as the default server you get when you run server start.

Smarter Jar Endpoint

When you install a Jar via HTTP URL and the version number is baked into the URL, the jar endpoint now makes more assumptions about what the version of the package is that allows it to optimize the update checks and eliminate unnecessary downloads.

More info here:

ask and confirm commands

Here are some fun commands for user interactivity in the shell. You can use these as part of a recipe or a nice "one-liner".

ask

The ask command is similar to the ask() method in Task Runners. It requires an interactive terminal and will ask the user a question and return their answer. It is meant to be changed with other commands.

or with default values

or with masked input

Or fun stuff like this

confirm

The confirm command will ask the user a yes/no question and return a passing or failing exit code from the command based on the answer.

Remember the && operator will only execute the second command if the first command returns an exit code of 0.

More info here:

server prune command

You can easily forget all servers which have not been started for a certain period of time with the server prune command. It accepts the number of days that need to have passed since a server was last started in order to prune it.

More info here:

Release Notes

Here are the full release notes for CommandBox 5.4.0

Bug

Cancelling a prompt with active job doesn't clear job logs

Param tab completion is off-by-one when piping

Can't list files in directory with brackets ( [ or ] ) in the name

forgebox timeout is too small when publishing packages

dir command returns no results in drive root

Summary over 200 chars in box.json causes error when publishing

Addition of Apache logging classes breaks 3rd party libs using it

Installing a system module as one-off command doesn't clear wirebox metadata cache

Commenting server rules doesn't work correctly in text files

CommandDSL doesn't handle struct args

create a server prune command

Server start can hang when CF engine blows up

Tab complete doesn't work after a pipe

Working dir of server custom menu items doesn't default properly

Error when setting failing exist code in Task Runner

updating commandbox to 5.3.1 via Homebrew breaks with a java error

Rewrite rule with query string doubles up question mark

printTable column validation breaks with spaces in list

Directory listing not showing folders properly when names are numeric

Certain Java installs fail version check

Improvement

ask and confirm command to capture user input from shell

Improve version handling in JAR endpoint

Update to Lucee 5.3.8

Support dots in struct keys with set/show/clear commands

printTable custom header names for non-array input

Add printTable check for data with no columns

Sort column names in printTable --debug

New Feature

Set env vars directly in server.json for local one-off overrides

Support web.xml Overrides

Task

Update to Undertow 2.2.10.Final

• There is a fix for a regression introduced in 5.4.0 where updating the version of a CF engine doesn't work without forgetting the server first.

• There is also an important security improvement to CommandBox servers. Thanks to Abram Adams for reporting this to Ortus so we could address it.

Release notes

Note, the details of the security improvement have been tracked privately.

Bug

Java path shows up twice in "server info --verbose"

Updating server in-place keeps old web.xml path

recipe with multiple "install" instructions fails

Improvement

Add additional interceptData to server interceptors

Update to WireBox 6.5.2

Immediately activate modules after installation

Improve multiselect DSL

Story

Add JSON and Properties output for info command

Override Config Settings via Env Vars

Every Config Setting can be overridden by convention by creating environment variables in the shell where you run box. This is ideal for CI builds where you want to easily set ForgeBox API keys, or tweak settings for your build.

More Info: https://commandbox.ortusbooks.com/config-settings/env-var-overrides

Override Server Settings via Env Vars

Every server setting can be overridden by convention by creating environment variables in the shell where you run box. This is ideal for CI builds where you want to easily set ports, or tweak settings for your build.

More Info:

HTTP/2 Support

CommandBox now has out-of-the-box support for the HTTP/2 protocol. It is always enabled by default and browsers will use it when you're serving over HTTPS.

More Info:

JMES JSON filtering / jq Command

Thanks to a massive effort from Scott Steinbeck, the CFML world has a new of the , which is what powers the popular . We've plugged this new library into CommandBox and exposed it in the following ways.

We've added a new jq command which behaves roughly like the bash counterpart. You can pipe in JSON, or read the JSON from a file and apply a JSON query against it which can be used to filter, massage, rewrite, map, or filter the JSON into a new JSON object.

We've also added the ability to specify powerful jq filters to the "package show", "server show", and "config show" commands directly. Just prefix your filter with the text "jq:" like so:

The jq command and JMES spec are very powerful and probably do ! Make sure you check out the docs for more ideas.

More Info:

AJP Secret Support

CommandBox's AJP listener (provided by Undertow) is already protected against the . However, if you would like to set up an AJP secret as well to ensure all requests coming into the AJP listener are from a trusted source, you can do this by setting the web.ajp.secret property.

For this to work, you must also configure your AJP proxy in your web server to send the same secret!

More info:

AsyncManager Available to Task Runners and Commands

We've updated the version of WireBox inside the CLI and now have access to the AsyncManager for sweet threading and scheduled task support.

CommandBox is using an AsyncManager scheduled task thread now to redraw interactive jobs and progress bars. Look out for some new eye candy hiding in your server starts and package installs!

More Info:

New Table Printer

The print helper in commands and Task Runners has a new toy that will print ASCII representations of tabular data thanks to a pull request from Eric Peterson. You can see it in the output of the outdated command.

And you can use it in your Task Runners like so:

ColdBox Scaffolding for REST Handlers

When scaffolding ColdBox handlers, we have support for ColdBox 6.x REST Handlers now.

Experimental Server Features

You can enable extra Resource Manager Logging when troubleshooting file system issues:

You can force case sensitivity on a Windows server:

You can force case Insensitivity on a Linux server:

You can enable a cache of file system lookups of servlet paths. This is only for production and will eliminate repeated file system hits by your CF engine, such as checking for an Application.cfc file on every request, or testing where the servlet context root is. Standard Adobe ColdFusion installations have a similar cache of "real" paths from the servlet context that is tied to a setting in the administrator called "Cache Webserver paths" but that setting is not available and does not work on CommandBox servers for some reason. This setting would apply to any CF engine.

More Info:

HTTPS Redirect/HSTS

When using a CommandBox web server in production, you may wish to force your users to visit your site over HTTPS for security (and for HTTP/2 to work). However, it is desirable to still have your web server listening on HTTP so a user just typing your address in his browser can still connect to HTTP and then redirect. CommandBox can be configured to redirect all HTTP traffic over to HTTPS with the following setting.

If you want to go one step further, you can add a Strict-Transport-Security header to your site. This instructs the browser to automatically use HTTPS every time the user visits your site again.

More Info:

Force Colored Output in your Builds

CommandBox won't use ANSI color formatting when running inside of a non-interactive terminal. However, build servers such as Gitlab or Jenkins (via a plugin) support ANSI color sequences. You can force CommandBox to use colored text output with this new setting:

Loose Semantic Version Parsing

One of the common hangups for people dealing with Lucee Server and Adobe ColdFusion CF Engines versions, is that CommandBox follows the npm-flavor of the semantic version spec and expects

instead of

So we've loosened our sem ver library to treat the 4th number as a build ID if there is no plus sign in the version (instead of just discarding the 4th digit as the spec requires)

Support for "localhost subdomains"

Most modern browsers allow you to make up any subdomain you want before localhost such as mySite.localhost and will simply resolve them to localhost (127.0.0.1) even without a hosts file entry. CommandBox now supports using these domains and will bind your server's ports to localhost even without using the commandbox-hostupdater module.

More Info:

Relative CommandBox home

You can customize where CommandBox lives by placing a commandbox.properties file next to the box binary. We have better support for relative paths now so you can have portable CommandBox installations such as a thumb drive.

More Info:

Halt Server If Port In Use (Breaking Change)

The only known breaking change in this release is if you try to start two servers on the same HTTP port. Previously, CommandBox would just ignore the port on the second server and choose a random port. Due to the confusion that can cause, CommandBox will now throw an error. If you want to override an explicit port locally, set the port to an empty string or a 0 and CommandBox will choose a random port for you. For example, if you are using the commandbox-dotenv module, you can put this line in your project's .env file to override the port in your server.json

Relative Web Alias Behavior (regression)

If you have a server with the server.json outside of the web root and at least one relative web alias, the alias will not work on the first start of the server. The workaround is to change the web aliases to be relative to the folder that the server.json lives in.

Incompatibility with old DotEnv module

Some users receive the following error when starting CommandBox after updating:

If you see this, it means you have an older version of the commandbox-dotenv module installed that is not compatible with the new version of WireBox inside CommandBox. To fix, delete this folder out of your CommandBox home:

Now the CLI will start and you can install the latest version of dotenv.

Release notes

Here is the list of all tickets included in the 5.3.0 release.

Bug

web server aliases in server.json should be relative to the folder of the server.json

${Setting: serverinfo.foo not found} expansions don't work in a folder that's not the web root

Re-using same server.json with two names doesn't work

Corrupted WireBox metadata cache file will prevent CommandBox from starting

HTTP2 Additional Port Handling and Flexibility

REPL & Command highlighters don't handle square brackets [] well

JVM arg ending in backslash doesn't work

Coldbox Watch-Reinit Watches Unwanted Folders

Package installation doesn't always optimize duplicate packages

Globber.count() bombs if run after .asQuery()

Starting [email protected] will use light-light when using CommandBox Light

Loading class files in task runner doesn't work

variables scope doesn't persist between task dependencies

tokenreplace removes BOM from files

trayOptions.json not respecting serverHomeDirectory

Server status not always correct.

Improvement

Add singleServerHome option to not auto-deploy different versions of servers

Improve error message if version isn't found in ForgeBox

Loosen parsing of build ID in semver

Treat empty HTTP port the same as 0 (chooses random port)

Remove runwar hack that sets java vesrion

Runwar timesout when Lucee's new warmup flag is used

Add option for PID file

Allow generic override of server start settings via env vars or java sys props

Have parser ignore quotes inside a token

Cache "/" path lookup in Runwar's mapped resource manager

Add setters for run() arguments in CommandDSL

Default embedded server only needs to copy lucee.jar

Have outdated also show latest version of a package

Integrate AsyncManager into CommandBox

Upgrade to latest WireBox 6.x

Bundle testbox in testbox module to prevent auto download

Halt server start if asked for port is in use

the git bullet train car disappears while current working directory is not the root project folder

Support AJP secret in Undertow

Rethink the way the screen is redrawn upon extensive installs so it can be fluent on all screen sizes

Can't link package if no modules are installed

New first-class setting to enable HTTP2

Comment out the default environment vars in .env when createing a new coldbox app

New Feature

Allow server rules to be commented out with #

Allow servers to use random.localhost domains

Integrate JMES JSON filtering

Debug when lucee-extensions don't find Lucee server

Allow JSON service to create implicit arrays

Add config setting to enable ANSI colors in dumb terminals

Allow generic override of config settings via env vars or java sys props

Add --json flag to server list

Add HTTP redirect options

Add optional servlet path cache in Runwar

Allow caching of task runners

Support for generating ColdBox RESTHandlers

Support default module export as @moduleName,

Allow commandbox_home to be relative

Upgrade Compatibility

Even though this is a new major version, it should be very backwards compatible. CommandBox proper has no known backwards compatibility issues we're aware of, but note we've bumped libraries like Lucee Server, Undertow, and Java support, so you may notice differences due to these 3rd party lib updates. For example, one breaking change in Lucee 5.3 (which now powers your default server) is how page output buffer is handled.

You should be able to simply replace your box.exe binary and run it to get the same in-place upgrade you're used to. If you run into issue, you can try removing the "engine" folder in your ~/.CommandBox folder and try again. If you need to downgrade for any reason, replace the box binary with the old version, remove the "engine", "cfml", and "lib" folders in your CommandBox home and they will get re-created on the next run.

You may also notice the box binary is larger now. From 44 Megs up to 77 Megs. This is a regrettable byproduct of us turning off the Pack200 process we used to run against the Lucee jar. Lucee seems to have some bugs that causes it to re-download a bunch of OSGI bundles when we compress them and we can't figure it out, or get support on the matter, so for now we're just not compressing as much stuff. This was a huge blocker for anyone needing to run CommandBox on a PC with no external internet access as Lucee provides no mechanism to turn off it's auto-download behavior.

And finally, if you have installed any custom OSGI bundles into your CLI, they will be wiped by the upgrade process now. We didn't want to have to to do this, but Lucee has bugs that cause errors when doing in-place upgrades with the old OSGI bundles left in place and we couldn't get it fixed, so this was the only way to ensure in-place upgrades would "just work" without errors. We are leaving the Lucee engine folder, so any settings you may have put into your CLI should remain in place.

What's New?

There's a lot of new stuff in CommandBox 5.0.0. Here's an overview. One of the biggest new "features" is you can finally use CommandBox on Java 11+. This was not possible in CommandBox 4.x due to the version of Lucee not fully supporting newer versions of Java. Now that Lucee has been bumped to 5.3 (see below) you are free to leave java 8 behind for the CLI. Note if you're using CommandBox to start up older versions of Adobe CF or Lucee/Railo, you may still need to use java 8 specifically for your servers.

New Libraries

Let's start with the library updates. For the most part, all the jars we bundle are a "black box" but in reality, every update is usually for new features, fixes, or security patches. Here's an overview of the new libs:

• WireBox 5.6.2

• JLine 3.13.0

• Runwar 4.0.3 (major bump from 3.x)

New Features/Enhancements

You can now use user/pass or personal access token authentication when cloning Git repos over HTTPS. This has been tested with Github and Gitlab and is an alternative to SSH keys. Please check the docs, as Github and Gitlab both expect slightly different inputs.

There is a new Lex installation endpoint to help you acquire Lucee Extensions your app needs via the "install" command or a dependency in your box.json file. If the current directory has a Lucee server in it, CommandBox will install the extension file directly into your server's "deploy" folder (server context)

The auto-install feature into your server will work on any Lex package, even one coming from ForgeBox:

Tuning your server is easier now. You can configure your Undertow worker-threads setting with first-class server.json property

Which gives you this in your server.json

We've also unlocked a method for you to set ANY valid Undertow option or XNIO option. So if Undertow supports it, you can configure it!

We've added a new experimental feature that lets you create a batch file, powershell script, or bash shell script that directly starts a server with the exact settings that you get from "server start". This is for you to create super-optimzed startups in Docker or Service that bypass the CLI steps and "lock in" the settings. No server.json or CFConfig, or dotenv code will be processed, but you will have a fast streamlined start that is the same every time. Couple this with our new "dryRun" flag on server start that will unpack the CF engine, but not actually start the server, and you can create your customs start script like so:

The Globber helper can now take more than one globbing pattern. This also means every built-in command in CommandBox that takes a globbing pattern, can now take a comma delimited list of patterns. We've also added an exclude list of globbing patterns to the dir command as well.

We've got a couple new handy commands to help you from the command line, "unique" (modeled after the Bash "uniq" command)

And "sort" (modeled after the Bash "sort" command)

The "grep" command has received a "count" parameter if you just want the count of lines that match the regex (or no regex will count all lines)

The tray icon for your servers now has a new option under the "Open" menu that will open up the file system folder where the server home lives. This is nice for finding your CF Engine's log files.

Release Notes

There are a lot of bug fixes and even more enhancements I didn't cover above. You can read the full release notes here:

Sub-task

• [] - Remove extra stashes on url paths when servlet init params starts with WEB-INF

Bug

• [] - Tray Icon not displaying on Debian8

• [] - X Window Errors

• [] - "Coldbox create resource" uses wrong paths on Windows

New Feature

• [] - Ability to install/uninstall box server services

• [] - Server command to explode server war but not start it

• [] - Set any valid XNIO option

Task

• [] - Make sure the build works

• [] - Document Setup in the Repo

• [] - Vet all changes on Runwar since April 25, 2018.

Improvement

• [] - Enhance Globber to take more than one pattern

• [] - Enhance Globber to have exclude patterns

• [] - Update CLI to Lucee 5.3 and test Java 11

There are a number of pretty exciting new features and a pile of bug fixes. And as usual, input from the community via Pull Requests. Huge thanks to Pete Freitag, Kai Koenig, Matthew Clemente, Bobby Hartsfield, Scott Steinbeck, Daniel Mejia, and Miguel Mathus! Here's an overview of the new stuff in 5.2.0

Library Updates

We know library updates are boring, but they are important and we want you to know we take them seriously. Keeping up-to-date ensure you have the latest fixes and security updates from all the third-party libs we bundle in CommandBox.

Here's an overview of what we updated in CommandBox 5.2.0.

• Upgraded Runwar from 4.1.2 to 4.3.8

• Upgraded JBoss Undertow from 2.0.27.Final to 2.2.0

• Upgraded UrlRewritesFilter to Ortus fork 5.0.1 with custom fixes

The Undertow bump is a minor update, but a pretty big deal. Ortus sent three pull requests to the core Undertow project fixing bugs and adding predicate logging. All of our pulls were accepted and merged into the core Undertow project and released in the 2.2 release.

Read more about library updates here:

Server Security Profiles

This is a feature that we expect to grow in the future. We've started it out simple, yet powerful but left a lot of room to build on it. The two main goals here are

• Make CommandBox secure-by-default so a server shoved in production comes nice and locked down

• Makes it very easy for you to toggle off all the security stuff for development

CommandBox now has profiles you can assign to a server when you start it to configure the default settings. This is to provide easy secure-by-default setups for your production servers, and to make it easier to switch between a development mode and production mode.

There are 3 currently supported profiles. Custom profiles will be added as a future feature.

• Production - Locked down for production hosting

• Development - Lax security for local development

• None - For backwards compat and custom setups. Doesn't apply any web server rules

In production mode, CommandBox will block access to your CF admin to all external traffic, will block all common config files such as box.json or .env and will block, the "TRACK" and "TRACE" HTTP verbs

You can set the profile for your server in your server.json

Or you can specify it when starting the server like so:

If a profile is not set, CommandBox looks for an environment variable called "environment" or it checks to see if the site is bound on localhost to try and guess the correct profile for you.

We've also added some new flags in your server.json to fully customize how your profile behaves.

‌Read more about Server Profiles here:

Server Rules

This is huge-- probably the biggest chunk of work, and it's actually what makes the server profiles above even possible! It's always been possible to perform basic lock downs with a custom rewrite file, but we've exposed an amazing built-in functionality of Undertow called the Predicate language. It allows you to create ad-hoc rules that apply to your server to provide any of the following:

• Security - Block paths, IPs, or users

• URL rewrites - Rewrite incoming URLs to something different

• Modifying HTTP requests on the fly - Set headers, cookies, or response codes

An example of a server rule using Undertow's predicate language to block access to any box.json files looks like this:

One of the best things about these rules, is they don't have to be in a single monolithic XML file. Instead they can come from

• An array of ad-hoc definitions in your server.json file or config server defaults

• one or more external JSON or text file specified in your server.json or config server defaults

• Built in CommandBox server profiles (see above)

Here's some examples of what can be in your server.json

There are TON of built in predicates and handlers your rules can use. We've documented some of them :

CommandBox also registers some custom rules in Undertow you can use for your CF apps:

There are lots of new docs on this. Read more about Server Rules here:

Task Runner Lifecyle events

The more we use Task Runners for builds, scheduled tasks, and utilities, we've seen the need to have lifecyle events in the same manner as the preHandler and postHandler sort of stuff in ColdBox MVC. Now if a task runner has methods of this name, they will be executed automatically.

• preTask - Before any target in the task

• postTask - After any target in the task

• aroundTask - Wraps execution of any target in the task

The lifecycle methods are very powerful and can be controlled via whitelist and blacklists to control what targets they execute for. "Around" events are very easy to use thanks to the use of closure. There's a lot more details in the docs.

Read more about Task Runner Lifecyle events here:

System Setting ${} Namespaces

The default namespace when using the $ {foo} system setting expansion syntax is box environment variable, Java system properties, and OS environment variables.

It is also possible to leverage built-in namespaces to allow expansions that reference:

• server.json properties

• box.json properties

• arbitrary JSON file properties

This gives you a lot more power now to be able to create dynamic configuration in your JSON files and even from the command line. Here are some examples:

And one of the coolest things is this implementation is driven by a new onSystemSettingExpansion interception point and completely extendable! That means you can write a module that powers something hypothetical like this:

Read more about System Setting namespaces here:

GZip Compression Control

CommandBox has had the ability to enable/disable GZip compression in Undertow for a while. Now you can fully control when it activates based on the type or size of file, etc. This feature utilizes the same Undertow predicate language that we introduced above.

Read more about GZip Compression Control here:

Generic Watch Command

This is a fun one. There are some specific commands that make use of the Watcher library in CommandBox such as testbox watch and coldbox watch-reinit. However, there is also now a generic watch command that will run any arbitrary command of your choosing when a path matching your file globbing pattern is added/updated/deleted. Use this to build custom watchers on-the-fly without needing to touch any CFML code to write a Task Runner.

That command will echo out "config files updated!" every time a JSON file gets changed in the current directory. Here's a more complex one:

That one will list every new file that's added in this directory and all sub directories.

Read more about the generic watch command here:

Control Default Browser

There are a handful of features in CommandBox that will open URLs for you in your default browser. We've had requests to allow the browser in use to be customized, so we've reworked all of that logic, consolidating it in some places and now you can control what browser CommandBox uses. To change the default browser for all URL opening functions use this:

Supported browsers are:

• firefox

• chrome

• opera

And you can even dial in a browser on demand for the browse and server open commands.

Read more about setting the default browser here:

Miscellaneous

Here are some honorable mentions.

.htaccess rewrite flags

The CommandBox Tuckey rewrites allow an .htaccess file that uses the mod_rewrite style syntax of rewrites. Previously, use of flags such as these didn't work:L

Server restart from tray icon

We've added a "restart" option to the tray icon that does exactly what you think it does.

Trick for "cd"ing up directories

There's a new trick supported in CommandBox's shell that we've borrowed that allows you to change directories and go "up" more than one directory with less typing:

Pipe into standard input of native binaries

You can now pipe the output of a previous command in CommandBox directly to a native binary like so:

In this case, clip is a Windows binary that will read the standard input and place that text on the clipboard.

Breaking Changes

We work hard to make every CommandBox upgrade backwards compatible. There's a couple things that you may notice different in this release. They're both done to put security first and can be modified to get your original behavior back.

Since the CF Administrator is now blocked for traffic not coming from localhost when in production mode, you may need to explicitly open up the CF admin to make it accessible again if you needed it open to the public on a production server. Even with the profile set to production, you can activate just the CF admin like so:

The web server built into CommandBox will now only serve static files if their extension is found in a whitelist of acceptable files. This is to prevent prying eyes from hitting files they shouldn't be able to access on your server. The current list of valid extensions is:

If you have a common static file you need to serve, you can add your own custom extensions to the list like so:

And if you think we've missed an obvious one that deserves to be added to the default list, please let us know.

Release Notes

Here's the full list of tickets in the 5.2.0-RC.1 release.

Bug

• [] - Tuckey UrlRewrite DTD version issues

• [] - when installing a package which doesn't exist, commandbox claims forgebox is unreachable

• [] - Remove mail-4.1.1.jar from runwar's lib dir

New Feature

• [] - Restart server via tray icon

• [] - Stop expanding /WEB-INF paths in servlet init params

• [] - Allow configuring default browser to use when opening a URL

Task

• [] - review all the runwar dependencies and check for outdated ones

Improvement

• [] - Block TRACE HTTP Verb by default

• [] - Implement web server rules in Undertow

• [] - Add an option to console log output without ANSI codes

Sub-task

• [] - Load predicates in Runwar

• [] - Pass Predicates as part of Server Start in CommandBox

• [] - Add default server rules/predicates in CommandBox for default lockdown