Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
In this section you will find the release notes for the 5.x version of CommandBox.
Version 5.9.1 - August 2023
Version 5.9.0 - May 2023
Version 5.8.0 - April 2023
- December 2022
- September 2022
- May 2022
- May 2022
- October 2021
- September 2021
- August 2021
- May 2021
- Dec 2020
- Nov 2020
- June 2020
- May 2020
- Mar 2020
In this section you will find the release notes for each version we release under this major version. If you are looking for the release notes of previous major versions use the version switcher at the top left of this documentation book. Here is a breakdown of our major version releases.
Versions 6.x - Feb 2024 -
Versions 5.x - Mar 2020 - August 2023
Versions 4.x - Jun 2018 - Sept 2019
- Feb 2016 - Nov 2017
- June 2015 - Nov 2015
- Feb 2015
This is a very small release with two changes.
Update to Lucee 5.4.3.2
Update bundled JRE to 11.0.20+8
Note Lucee 5.4.3.2 contains critical security patches which are outlined here:
https://dev.lucee.org/t/lucee-critical-security-alert-august-15th-2023-cve-2023-38693/12893
The new Lucee version affects the core CLI runtime as well as the default server you get when running "server start" with no cfengine specified. Possible compatibility issues related to the major bump in Lucee version:
This Lucee version does not include Hibernate, so the Ortus Hibernate extension is installed. We will stop doing this in 6.0
This Lucee version has strict XML parsing settings on by default which may affect any servers you start which parse XML containing DTDs.
If you do run into XML errors, this code may help you in your Application.cfc, which allows DTDs, but still disallows XML external entities (XEE).
Update bundled JRE to 11.0.20+8
Update to Lucee 5.4.3.2
In this section you will find the release notes for the 3.x version of CommandBox.
- Nov 2017
- Aug 2017
- Jul 2017
This release was primarily to address a regression in 5.1.0 affecting Mac OS users who tried to start Lucee servers. If you see an error similar to this on a Lucee server and you're running a Mac and CommandBox 5.1.0, then this release will fix it for you.
If you are upgrading from CommandBox 5.1.0, there are only a handful of tickets which are listed below. If you are updating from an earlier version of CommandBox, please check out our and release blogs.
In this section you will find the release notes for the 4.x version of CommandBox.
- Sept 2019
- June 2019
- Mar 2019
In this section you will find the release notes for the 1.x version of CommandBox.
- Feb 2015
In this section you will find the release notes for the 2.x version of CommandBox.
- Nov 2015
- Aug 2015
- Aug 2015
Properties weren't being read correctly from the server.json file. If you have been using server.json, please double check the format of the file here in our docs:
This fix will make this functionality work as expected:
If you already have 3.0.0 then this fix only affects the CFML bits and is very easy for you to install. Simply run this command:
Note, the details of the security improvement have been tracked privately.
COMMANDBOX-1382 Java path shows up twice in "server info --verbose"
COMMANDBOX-1381 Updating server in-place keeps old web.xml path
COMMANDBOX-1375 recipe with multiple "install" instructions fails
COMMANDBOX-1380 Add additional interceptData to server interceptors
COMMANDBOX-1379 Update to WireBox 6.5.2
COMMANDBOX-1376 Immediately activate modules after installation
COMMANDBOX-1349 Improve multiselect DSL
COMMANDBOX-1120 Add JSON and Properties output for info command
Version 3.6.0 - Mar 2017
Version 3.5.0 - Jan 2017
Version 3.4.0 - Nov 2016
Version 3.3.0 - Oct 2016
Version 3.2.0 - Jul 2016
Version 3.1.1 - Jul 2016
Version 3.0.1 - Feb 2016
Version 3.0.0 - Feb 2016
Version 4.5.0 - Dec 2018
Version 4.4.0 - Nov 2018
Version 4.3.0 - Oct 2018
Version 4.2.0 - Aug 2018
Version 4.1.0 - Jun 2018
Version 4.0.0 - Jun 2018
Version 2.0.0 - June 2015
If you're still on CommandBox 2.x, check out our 3.0.0 release announcement to see the cool new stuff.
server set web.http.port=8000
server startupgradethis.xmlFeatures={
externalGeneralEntities: false,
disallowDoctypeDecl: false
};[COMMANDBOX-1107] - Overzealous gitignore matching of parent directories when zipping up for ForgeBox storage
[COMMANDBOX-1173] - Enabling SSL results in some CFHTTP requests to fail.
[COMMANDBOX-1178] - writedump failing in Lucee
[] - File globbing matching partial file names
[COMMANDBOX-1181] - Allow for verbose startup without debug logging of requests
There are a lot of new features in CommandBox 6. Here's an overview of the biggest ones. Check out the release notes for the full list.
This one is huge. It's the hallmark feature of CommandBox 6 and allows you to easily run as many web sites (with different web roots) in a single CommandBox server. This finally gives you the same behavior you get with Adobe ColdFusion and IIS or Lucee/Tomcat and Apache with mod_cfml. CommandBox has had built-in ModCFML support for a while, but it still needed a web server in front to work fully. CommandBox Multi-Site gives you a fully powered web server that allows you to define as many separate web sites as you like, each with COMPLETE configuration control, all inside a single server process.
Rewrites
web aliases
security profile
HTTP/SSL/AJP bindings
SSL Certs
welcome files
MIME types
GZIP settings
Basically everything can currently configure under the "web" object of your server.json can be set on a per-site basis!
CommandBox is now truly a One-Stop-Shop for running your apps from development to production. You don't need Apache, Nginx, IIS, or Tomcat!
Read more here:
Going hand-in-hand with our Multi-Site features, is the ability to bind to more than one HTTP port, more than one SSL port and more than one AJP port. You can configure proper host name matching on any binding, and even have multiple SSL certs. This new feature is available not only for Multi-Site but also for single site servers. The new server bindings come with a new JSON syntax in the server.json (we still support the old one too)
Read more here:
Going hand-in-hand with our enhanced server bindings, is the ability not only to be able to specify multiple SSL certs per site, but also multiple SSL certs per SSL binding. CommandBox automatically enables SNI (Server Name Indication) which will choose the proper cert based on the incoming host name. With support for PEM files, DER formats, and PFX formats, this really opens up a lot of capabilities.
Read more here:
We added a popular feature from Apache's mod_rewrite called rewrite maps. This allows you to create a simple text file of values you can reference in your rewrite rules to map incoming URL values to another value.
Read more here:
This is a nice little productivity enhancement. When you run the publish command, the CLI will now directly upload your zip file to S3 instead of sending it to ForgeBox first. This improves the speed and efficiency of your deployments.
This is a simple one. If you want to create a simple reverse proxy to a single back-end server, we've created an alias for the existing load-balanced-proxy() handler called just proxy which accepts a single host with less verbosity.
Read more here:
You're already familiar with specifying package scripts and server scripts in your box.josn and server.json as a string containing one or more commands. Instead of using && for multiple commands, you can also do this by specifying an array of strings instead of a string like so:
This can be much more readable for multiple commands. Note, this is functionality equivalent to using &&, which means any erroring command will stop execution.
Read more here:
CommandBox still bundles helpful scaffolding commands for your favorite MVC framework Testing framework, and CMS, but these commands are no longer part of the core CommandBox source code. We've given them new life as independent modules. They are installed by default, but they now have their own lifecycle and can get releases at any time. You can view and update them with the rest of your system modules.
Read more here:
CommandBox adds a /cf_scripts/scripts alias for you any time you start an Adobe CF server. This alias points to the same folders in the root of the Adobe WAR. If you set a custom scripts src path in the CF administrator then you'll want to ensure CommandBox uses the expected alias. There is now a setting called web.adobeScriptsAlias which allows you to control the public, web-accessible path to the scripts folder that CommandBox creates for you. And better yet, if you're using CFConfig, will automatically update the Adobe script source setting to match and vice versa.
Read more here:
As a perk of CommandBox pro, once you log into the CLI with your ForgeBox Pro account, your config settings will now automatically sync to and from ForgeBox. This is a great way to keep multiple CLI instances across computers up to date.
Read more here:
Here are the full release notes for CommandBox 6.0.0
Some server.json config options unavailable as environment variables
Runwar doesn't load servlet filter mappings correct in web.xml override
semantic version parsing ignores part of pre-release IDs with hyphen
Stackoverflow when using serverinfo system setting expansion in a server script
Lucee Light Engine
Installing package crashes when PackageService cannot delete tmp folder
Add a `proxy` server rule alias to `load-balanced-proxy` which takes in one item instead of an array.
Add Rewrite Map feature similar to Apache
Multi-Site mode
CommandBox Pro users get config auto sync
box install <package>: constrain to version already defined in box.json
Publish command directly upload to S3
Allow the scripts key under the server.json and box.json to use an array of scripts to run under the same script key name
XML formatting in print helper can kick in a bad time
Allow control over undertow' s transferMinSize
Provide way to escape literal colon (:) command parameter name
Remove contentbox, coldbox, etc modules from the core
Customize Adobe cf scripts alias
Update bundled JRE to 11.0.22+7
Update to Lucee 5.4.4.38
Java 17 was a breaking change for Java users as it now blocks illegal reflective access. Both Adobe and Lucee have been slow to address this. Lucee 5.3.10 mostly seems to run on Java 17, but only the public beta of ColdFusion 2023 (Fortuna) supports Java 17. You may want to start testing Java 17 out, so the CommandBox CLI and its servers seem to have basic support for running on Java 17 now. Note, you may need to add additional JVM args to any servers based on the specific Java libraries you use.
We've bumped library versions such as Redhat Undertow to stay current with recent CVE fixes.
If you have a project and want all packages of a certain type to use a different-than-normal default install location, you can override each package type just for that project. Create an installPathConventions key in the containing package's box.json which is an object containing keys for each package type you wish to override package install paths for.
Read more:
You can get recursive file listings now in a tree view by using the --tree flag
In task runners and custom commands, you can now tap into the same tree printer that the "package list" and "ls --tree" use to output your own ASCII trees.
which outputs
Read More:
There is also a print helper method for task runners and custom commands as well as a CLI command you can use that accepts an array or list of simple values and prints them in a column format based on the widest value and the available terminal width.
Read More:
This command will accepted piped text and strip any ANSI formatting from it. Especially useful if piping the text to a native OS binary which doesn't handle formatting well.
We've introduced a new command for piping text onto your native operating system's clipboard.
Here's the full list of all the changes in CommandBox 5.9.0.
[COMMANDBOX-665] - Relative SSL certFile or keyFile path in server.json isn't expanded
[COMMANDBOX-674] - propertyfile set errors if file doesn't exist
[] - Allow relative property file paths in task runners
[] - Allow custom tray contributions to have relative image path
[] - Improve coldbox create app --wizard
[] - Always run onServerInstall
This fixes a bug in the "update" and "outdated" commands that caused them to error after you had installed packages from an endpoint other than ForgeBox. Note, packages installed from HTTP(S) and Git endpoints will always show as outdated and will always update since those endpoints don't provide a way to know what version they're hosting without downloading the entire package anyway.
We also included a small enhancement to the Git endpoint to allow for authentication via public/private SSH keys. As long as you have a public key configured on your Git server and the private key is stored in ~/.ssh/ using a standard name, SSH-based clones should automatically authenticate. Please see the docs for more info.
As always, the CommandBox Getting Started Guide is located here:
http://commandbox.ortusbooks.com/content/getting_started_guide.html
[] - update command erroring
[] - Git SSH endpoint private key support
[] - Standardize parameter names for install command
lucee.runtime.exp.NativeException: mac os x is not a supported OS platform.COMMANDBOX-1372 Support excludePaths in watcher DSL and watch command
COMMANDBOX-1369 Ensure Adobe wars have a seeds.properties file
COMMANDBOX-1368 Add tab complete for "env clear" command
COMMANDBOX-1367 Ignore empty startScript on server start
COMMANDBOX-1472 Globber copyTo() command mishandles *nix leading slash
COMMANDBOX-1470 preServerStart can no longer affect server.json env var replacements
COMMANDBOX-1467 Servers can no longer override rest mappings
COMMANDBOX-1465 Corruption in interactive job output
COMMANDBOX-1464 Can't set XNIO socket settings or Sequence types
COMMANDBOX-1463 Command chaining has a code path where "job" variable is not defined
COMMANDBOX-1462 cfpm breaks in single server mode
COMMANDBOX-1473 Allow Undertow's resource manager file system watcher to be disabled
COMMANDBOX-1468 Customize Undertow's enabled SSL protocols
COMMANDBOX-1476 Update to Lucee 5.3.9.141 stable
[COMMANDBOX-673] - Improve handling of loading a bad modules
[COMMANDBOX-678] - Command to normalize line endings for a batch of files
[COMMANDBOX-679] - Improve package parsing regex for private packages
{
"name": "commandbox-multi-site",
"web": {
"bindings": {
"HTTP": {
"listen": "80"
}
}
},
"sites": {
"site1": {
"hostAlias": "site1.com",
"webroot": "site1"
},
"site2": {
"hostAlias": "site2.com",
"webroot": "site2"
},
"site3": {
"hostAlias": "site3.com",
"webroot": "site3"
}
}
}{
"web" : {
"bindings" : {
"HTTP" : {
"listen" : "10.10.0.123:8080",
"host" : "site.com,site2.net"
}
}
}
}{
"web" : {
"rules":[
"rewrite-map( name=myMap, file='/path/to/myMap.txt' case-sensitive=false )",
"regex-nocase( '^/foo/(.*)$' ) -> rewrite( 'index.cfm?page=%{map:myMap:$[1]|99}' )"
]
}
}proxy( 'http://localhost:8085' ){
"name" : "My Package",
"scripts" : {
"build" : [
"!grunt build",
"testbox run",
"run-script generateAPIDocs",
"bump --patch && publish"
],
}
}list --system
update --system{
"installPathConventions" : {
"modules" : "../lib/modules",
"mvc" : "../lib/framework",
"testing" : "they-will-never-find-it-here-lol/"
}
}ls --treeprint.tree( [
'Ortus Solutions' : [
'Products' : [
'Open Source' : {
'ColdBox MVC' : {},
'CommandBox CLI' : {},
'ContentBox CMS' : {}
},
'Commercial' : {
'ForgeBox Pro' : {},
'CommandBox Pro' : {},
'TimeBox BMP' : {}
}
],
'Services' : {
'Consulting' : {},
'Training' : {},
'Design' : {}
}
]
] )└─┬ Ortus Solutions
├─┬ Products
│ ├─┬ Open Source
│ │ ├── CommandBox CLI
│ │ ├── ContentBox CMS
│ │ └── ColdBox MVC
│ └─┬ Commercial
│ ├── ForgeBox Pro
│ ├── TimeBox BMP
│ └── CommandBox Pro
└─┬ Services
├── Training
├── Design
└── Consultingls --simple | printColumnspackage list | unansiecho "Hello World!" | clipboard
Copied to clipboard!Added a new "noninteractive" setting to improve the output on build servers like Jenkins or Travis-CI
Task runner metadata changes picked up without needing to reload the CLI
Ability to load ad-hoc modules on the fly from Task Runners
Here's the full list of tickets we addressed in the 4.1.0 release. Thanks to those who send me pull requests for some of these fixes and features!
[COMMANDBOX-791] - server start on linux: "/bin/bash not found" message displays
[COMMANDBOX-799] - Improve port binding logic
[COMMANDBOX-802] - Task component metadata is not refreshed before each run
[] - Error when invalid UTF-8 characters are in servers.json
[COMMANDBOX-669] - Localized CommandBox Modules
[COMMANDBOX-793] - Add new slugify function to the formatter utility
[COMMANDBOX-794] - When creating coldbox skeleton apps, clear out the basic name, slug, version, location and scripts so the user can configure them
[] - Added new bundles,labels,verbose,directory arguments to the testbox watch command to allow for granular executions
[] - Added verbose options to passthrough to the testbox runner so it true it can return the debug buffer
[COMMANDBOX-792] - Remove legacy installColdbox, installColdboxBE, installTestbox arguments from create commands
[COMMANDBOX-796] - Added ability to visualize the exception stacktraces with a configurable depth.
[COMMANDBOX-800] - Add setting to force "non interactive" shell that disables fancypants progress output
[] - Change user agent on downloader to get around proxies like cloudflare
[] - Store less "result" text in CommandBox's servers.json
[] - Upgrade core Lucee engine to 5.2.7.63
[] - Server commands can have huge delay on Windows
[] - List artifacts alphabetically.
[] - /usr/bin/open on Linux
[] - Errors in command CFCs can cause box to exit completely during tab complete
[] - Running native binary that returns lots of text can perform poorly
[] - Interceptor service blows up if you register a module with an interceptor not matching any current states
[] - Allow modules to register an interceptor with no currently valid states
[] - Catch errors from desktop.isDesktopSupported()
[] - Allow system setting (env var) expansions in REPL
[] - Improve task DSL to allow access to exit code
[] - Add config setting to debug raw native command being used in the "run" command
[] - Enforce correct casing conventions on scaffolding commands
[] - Update propertyFile core module
[] - Improve default ignores in box.json from init command.
There is now a new "forgebox logout" command you can use for testing or just to remove your API token from the local CLI.
You can change CommandBox's default tab completion to be an inline list that follows your cursor. This setting requires you to close and re-open the shell to take affect.
Read more here:
We've added better debugging information for Server Profiles. If you add the --verbose flag to your server start, you'll be able to see what profile was detected for your server, and what baked-in rules have been turned on as a result.
We've added a new Single Server Mode you can enable in the CLI to make using CommandBox in Docker images easier.
Read more here:
One of the biggest pieces of feedback we got from the CommandBox 3.1 release was that it requires an Internet connection to start a server. Since you can specify the version of the server you want to start, including semver ranges like 5.x, this required a trip to ForgeBox to check and see what the best version match was since it might have changed since the last time you started the server.
Now, if you provide an exact CF engine version number (meaning you give us a major, minor, AND patch version) CommandBox will skip phoning home to ForgeBox and will just continue with that version.
Remember that the version "5" de-sugars to "5.x.x" so you need to have all three numbers even if they're "0"
New "artifacts prune" command to remove older artifacts that haven't been used recently
Improved "upgrade" command which can also update new jars (you'll be able to use this in the NEXT update!)
Support for PFX cert file for server SSL
And here are the full release notes:
[COMMANDBOX-931] - Allow exit code to be returned via "return" keyword
[COMMANDBOX-935] - Improve syntax highlighting in REPL
[COMMANDBOX-938] - Checking interrupted status from inside a thread doesn't end the task/command
[COMMANDBOX-943] - Remove hint from default CFC in Lucee for CommandBox CFCs with no hint of their own
[COMMANDBOX-945] - Endpoint URL shows incorrectly for forgebox endpoints
[COMMANDBOX-948] - Enhance tab complete for private slugs
Another major new feature is support for different endpoints when installing packages in addition to ForgeBox. Now packages can be installed from the following locations:
Local zip file
Local folder
HTTP/HTTPS URL that points to a package zip
ForgeBox (default)
The ForgeBox endpoint now also has rudimentary support for targeting a specific version. If you request a specific version of a package to be installed, and it is in your artifacts cache, no network calls will be made. This allows completely offline installations! Here are some examples:
We also have a nice collection of bug fixes. Below are the full release notes for CommandBox 2.0.0.
[COMMANDBOX-211] - CommandBox caches .cfm files between executions
[COMMANDBOX-214] - Lucee version leaves tons of old jars on upgrade
[COMMANDBOX-218] - Script repl confused on paranthesis or quotes
[] - coldbox create model command doesn't escape "open" parameters
[] - Coldbox create model creates incorrect testcase w/ no methods
[] - Calling `forgebox slugcheck` with empty slugname throws error
[] - osx brew installation broken for commandbox 2.0
[] - Application times out and wirebox references die
[] - Dev installation w/out package directory overwrites box.json
[COMMANDBOX-159] - Switch CommandBox core to Lucee
[COMMANDBOX-215] - Multi Endpoint support
Here are the release notes for the 5.2.1 release.
[COMMANDBOX-1231] - Installing via lex endpoint uses incorrect file extension
[COMMANDBOX-1232] - Location of predicate file is in a folder that the Docker finalization script deletes
[COMMANDBOX-1238] - Command alas for run command doesn't expand properly
[COMMANDBOX-1237] - Add config setting to activate JLine's AUTO_MENU_LIST
[COMMANDBOX-1240] - forgebox logout command
[COMMANDBOX-1227] - verbose server start output for profile and security settings
[COMMANDBOX-1228] - Extend ${} scopes to apply to any getSetting() call or "env show" command
[COMMANDBOX-1229] - Modules aren't unloaded on reload or shutdown
[] - Add debug output that shows location of commandbox.properties file on start
[] - Add single server mode for CommandBox in a Docker container
[] - Add Testbox runner to sensitive paths in production profile
[] - Use UTF-8 when reading files with "cat" command
[COMMANDBOX-967] - Update semver for fix in prerelease comparison
[COMMANDBOX-970] - Tokenizer breaks "run" command with odd syntax
[COMMANDBOX-972] - init-wizard command is incorrectly aliasing as init
[COMMANDBOX-978] - File watcher that modifies the file system triggers the watcher again
[COMMANDBOX-985] - bump command doesn't work on a submodule
[COMMANDBOX-986] - Text on standard input causes banner and prompt to be blank
[COMMANDBOX-988] - Inconsistent behavior of "run" command.
[COMMANDBOX-989] - Tab completion incorrect for some partial command names
[COMMANDBOX-990] - Interactive jobs are not thread safe
[COMMANDBOX-956] - Leading zeros in semver prevent them from being matched
[COMMANDBOX-957] - Allow --verbose flag on uninstall command
[COMMANDBOX-958] - Add --roundup flag to indents command
[] - JSON Schema for box.json
[] - Update JGit to 5.3.0.201903130848-r
[] - Update Jline to 3.10.0
[] - Remove Riaforge endpoint Rince riaforge is dead
[] - Modify default box.json from "init" command
[] - Add box: namespace for compat with Coldbox injection DSL
[] - Improve debugging and error messages for custom ForgeBox endpoints
[] - If the test runner produces a 500 exception during watcher no output is shown
[] - support for Environment variables in "Key" names
[] - Make env vars in CommandBox visible to native OS binaries
[] - Launching VSCode from ConEMU screws up the integrated terminal
[] - Keep relative installPaths in box.json
[COMMANDBOX-104] - Execute command doesn't work in interactive shell
[COMMANDBOX-112] - Testbox create commands break if testname includes package
[COMMANDBOX-270] - installpaths not added when not creating package directory
[COMMANDBOX-271] - Git endpoint psses java.io.File instead of string
[COMMANDBOX-273] - HTTP Endpoint package name guessing doesn't account for periods in file name
[COMMANDBOX-274] - When you do an 'update' command, it updates the modules but does not update the box.json with the latest version
[COMMANDBOX-275] - SQL Server JDBC driver doesn't work
[COMMANDBOX-282] - Sign Debian packages
[COMMANDBOX-258] - Update the status command to output the results in json
[COMMANDBOX-268] - Update coldbox model generator to allow the creation of accessors
[COMMANDBOX-269] - Add ability to generate properties on coldbox model generations
[] - Update all BDD tests to fail by default to promote refactoring and process
[] - CFLib endpoint
[] - RIAForge Endpoint
[COMMANDBOX-204] - Add a directory argument for the REPL
[COMMANDBOX-265] - REPL's handling of functions that output content
[COMMANDBOX-267] - Optimize JVM Memory Arguments to Prevent PermGen and Java.lang.outOfMemory errors
[] - Improve error message when ForgeBox REST API is down
[] - Update to latest Lucee stable build
[] - Update to latest ColdBox application templates
We even went a step further. Sometimes ForgeBox may be down for maintenance or due to an outage and it was preventing people from being able to start their servers. If ForgeBox can't be reached for some reason while starting the server, we'll try again by comparing the version range you provided with the CF Engines already cached in your local artifacts cache. If we can find a version that satisfies what you asked for, we'll use it to start the server. That means you might not be getting the latest version of the engine from ForgeBox, but at least your server will start with that is has downloaded already.
Unpublishing a package should be something you rarely need to do since once a package is published, someone else may be depending it for their app to run. However, we now have an unpublish command you can run from the CLI to remove a specific version of a package, or the entire package itself from ForgeBox.
We've also included the latest versions of Adobe ColdFusion 10, 11, and 2016 on ForgeBox. This is something we can update separately from our CommandBox releases, but they came at the same time so I bundled the announcements together :) Here are the latest Adobe versions available:
Adobe CF 10.0.20+299202
Adobe CF 11.0.09+299201
Adobe CF 2016.0.02+299200
We also fixed a few bugs too. For example, targeting a Git tag stopped working in version 3.1 due to a library update, plus CommandBox's proxy settings weren't being used for all HTTP requests.
Here's the full list of everything in version 3.2.0 of CommandBox. Click on the ticket numbers for more details in JIRA.
[COMMANDBOX-400] - Box install throws exception on git endpoint with commit-ish syntax
[COMMANDBOX-406] - Starting server from diff directory by name uses wrong web root
[COMMANDBOX-407] - semver isExactVersion returns true for 3 and 3.4
[] - Proxy server not used in ForgeBox calls
[COMMANDBOX-397] - Unpublish command
[COMMANDBOX-402] - Show package URL location after publish, some consoles allow you to click and visit
[COMMANDBOX-403] - Show number of packages in forgebox types
[] - Add ForgeBox URL to show command as some consoles allow you to visit
[] - Add ForgeBox URL to search command so consoles can click and open
[COMMANDBOX-409] - Add new patches for Adobe CF 10, 11, and 2016 to forgebox
[COMMANDBOX-391] - Add Offline Ability for cfengine Server Start
[COMMANDBOX-401] - Add box.json data to pre/post publishing interceptors
The main features of CommandBox 4.5.0 are:
Ability to install OpenJDK automatically for your servers to use (read more)
Environment Variables in the shell (read more)
Support for Forgebox Enterprise (TBA soon)
JRE Bundled CommandBox installs now use OpenJDK instead of Oracle JDK
TestBox Code Coverage integration ()
I already wrote a fairly comprehensive overview of the new features and big fixes here. Go read it:
Note, there are two backwards incompatible changes. The first is we turned OFF directory browsing by default on servers. You can easily get the old behavior back with
The second is that unhandled errors in the shell no longer show the stack trace (you probably wouldn't have noticed if I didn't tell you!) Get the old behavior back with:
Here's the full list of everything that went into this release.
[] - editing in the shell prompt is buggy while using Gitbash in VSCode
[] - Passing positional args to task errors with required param
[] - Passing command string as single arg to box fails
[] - Add concept of env vars for commands to use
[] - Add preCommandParamProcess interception point
[] - outdated commands now verify packages in parallel
[] - Add ETA to progress bar when downloading
[] - Improve default handling of JVM heap size
[] - Default directoryBrowsing to false
[
You've been able to run OS binaries from the CommandBox interactive shell for a while now which is great for adding native CLI calls to your recipes.
The biggest problem with this though was that no output shows on the screen until the OS command is completely finished and if your OS command blocks for interactivity or just never ends, the CommandBox shell will just "hang" with no output. All that is a thing of the past now. The standard input and output of the OS process is now bound to the standard input and output of your CommandBox shell. That means that you see output as soon as the binary outputs it and if it stops to ask you for input, you can provide it. This opens up a world of possibilities.
You can ping an address and watch the output stream as the packets return.
You can do a Git commit and interact with the VI window that appears to capture your commit message.
You can actually open a bash/DOS shell right inside of CommandBox and then "exit" back to box when you're done.
Run native commands that collect input from you to continue like a sudo password.
This has been tested and works pretty well on Mac and Windows. Note, we've seen some issues on Linux where output is streamed, but input is not captured.
- Always fires before attempting to forget a server whether or not the forgetting is actually successful
- Fires after a successful server forget. If the forget fails, this will not fire.
This was supported in CommandBox 3.4.0, but we had a regression in 3.5.0 that caused issues for users who have a space in their path to CommandBox's home dir. This has been fixed along with some related issues with the FusionReactor module. Make sure you have the latest Fusion Reactor module once you upgrade to CommandBox 3.6.0.
The core version of Lucee that the CLI runs on has been updated to 4.5.5.006. Please note this means the default version of Lucee that starts up for your server when you don't specify otherwise will change. If you have settings like datasources and such that you want to keep, make sure you lock in your exact version of Lucee or check into our new CFConfig project for exporting/importing your server settings.
The testbox run command would return an exit code of 0 when your tests had in fact failed. This has been fixed so you can trust a proper exit code from the process when running your tests inside a Jenkins or Travis CI build.
Previously, you couldn't set a global default HTTP port for all your servers. This was on purpose since it didn't really make sense since one one server can use a port at a time. Now, with the introduction of Chris Schmitz's host updater module, you can more easily run each server on a dedicated host name which is added to your host file for you and bound to a unique port. This allows you to run all your local servers on port 80 which is great for cleaning up your local dev. As such, we've added the ability to set the global HTTP port now in your config setting's server defaults.
Here's the full release notes for the 3.6.0 release.
[] - Windows CommandBox upgrades fail silently if servers are left running
[] - Box start error
[] - All semicolons removed in REPL which breaks some code
[] - improve execution of OS binaries in "run"
[] - Add xxxServerForget interceptors to the Server lifecycle
[] - Improve port binding detection
This release fixes an issue where Adobe CF servers will not start if you're machine is offline and also fixes a bug where the previous version of CommandBox didn't correctly remove old versions of jar files on upgrade.
Git tags when bumping a package command can have a custom prefix now. Tab completion options are also alphabetized. Ctrl-C is also handled better on Unix and actually works in Windows! Also, the timestamp on your sever.json file won't be updated unless the contents of the file actually changed.
Here is the full list of everything that changed in the CommandBox 3.4.0 release.
[] - Adobe Servers won't start offline
[] - start serverConfigFile=myServer.json doesn't load json settings
[] - Adobe web.xml Flex config path is wrong after first engine start
[] - allow bump Git tag to have custom prefix
[] - testbox create bdd include describe and it block
[] - Allow server list to filter partial server names
[] - Sort tab completion options
And finally, the ability to install packages from a Git repo is here!
And this nice shortcut for installing from GitHub:
If you've not used CommandBox yet, check out our getting started guide here:
http://commandbox.ortusbooks.com/content/getting_started_guide.html
You can download CommandBox 2.1.0 here on our product page:
[] - Piping content to box repl
[] - Lucee default error template is broken in CLI
[] - OWASP jars corrupt
[
[] - Improve parameter escaping when running commands from native OS
[] - Make ColdBox skeleton hints dynamic by reading folder instead of hard-coded values
[] - Increase the size/resolution of the icon
[] - Additional install endpoints
[] - Git endpoint
[] - Update all tray icons to CommandBox latest icons
[
The foreach command which was introduced recently and allows you to iterate over any list of input and run a command using each item in the list has been enhanced to also allow you to iterate from the CLI over any JSON string that you pipe in.
https://commandbox.ortusbooks.com/usage/foreach-command#iterating-over-json
Now when you create a directory watcher in a task runner or custom command, you can not only get notified when something in that directory changes, but you also now receive a list of files added, removed, and modified.
Thanks to Scott Steinbeck, we have a new command called coldbox watch-reinit. This will watch for changes to certain files in your project and will automatically issue a framework reinit when you edit things like configs or services.
Thanks to John Berquist, CommandBox now has sweet color coding any time it outputs JSON to the screen. Try it out by running something like "server show".
Users can also customize the colors they see for JSON with the following config settings:
json.ansiColors.constant
json.ansiColors.key
json.ansiColors.number
Setting values can be any color name from the system-colors command.
Thanks to Jason Steinshouer we have a new Gist endpoint for installing code from a public Gist.
[] - testbox watcher shows error when test fail
[] - Tab complete doesn't work on param values with spaces
[] - Long lines wrap in interactive jobs
[] - Allow watcher access to files that were added, removed, updated
[] - coldbox watch-reinit command
[] - Color code JSON on console output by default
[] - Refresh any salt values when deploying a new CF engine.
[] - Add Gist endpoint
[] - Change update behavior of GIT and URL endpoints to use semver in path if present
After almost a year in development, we are so excited to finally announce the release of . This has been definitely one of the most challenging and fun projects we have overtaken here at Ortus. We had a vision of how we could accelerate not only development, tools and ultimately the ColdFusion (CFML) landscape by building a tool that could put us up to par with many other technologies. I am glad to say we have now a great foundation to move forward. CommandBox brings CFML to any Operating System and even embedded systems like the Raspberry and Banana Pi. It also gives ColdFusion (CFML) developers a much better workflow to work with their projects and a sense of community we lovingly call .
With anything we do here at Ortus, it is fully documented using our new book formats. So head on over to to download or read the entire CommandBox documentation. In the next coming weeks we will begin our CommandBox 5-week roadshow that will include weekly blogging tutorials and video presentations, so stay tuned as each week progresses. So without further ado, I present to you project Gideon: CommandBox CLI!
install coldbox
install [email protected]
install C:/myZippedPackages/foobar.zip
install C:/myUnzippedPackages/foobar/
install http://site.com/foobar.zip
install https://site.com/foobar.zip# Logout one user
forgebox logout username
# logout all users
forgebox logoutconfig set tabCompleteInline=true|------------------------------
| √ | Setting Server Profile to [development]
| |------------------------------------------------------
| | Profile set from "environment" env var
| | Block CF Admin disabled
| | Block Sensitive Paths enabled
| | Block Flash Remoting enabled
| | Directory Browsing enabled
| |------------------------------------------------------CommandBox> start [email protected]CommandBox> start [email protected]CommandBox> unpublish
CommandBox> unpublish 1.2.3CommandBox> !git pushCommandBox> start heapSize=768install git://github.com/username/repoName.gitinstall username/repoNamepackage show dependencies | foreach[COMMANDBOX-246] - commandbox.properties isn't picked up when box.exe is in a folder with spaces
[COMMANDBOX-256] - Integrate the Loader java bits into the CommandBox source
[COMMANDBOX-257] - Migrate APIDocs generation to DocBox
[COMMANDBOX-484] - cflib-coldbox endpoint creates invalid CFML for Adobe
[COMMANDBOX-485] - write history before command finishes
[COMMANDBOX-491] - Coldbox create interceptor doesn't create test with proper CFC mapping
[COMMANDBOX-492] - war path not stored in server.json as relative path
[COMMANDBOX-494] - CFML upgrades don't delete removed files
[COMMANDBOX-496] - Forgetting a named server deletes the 'default' server.json too
[COMMANDBOX-488] - Stop model scaffolding with empty names
[COMMANDBOX-489] - Handle Control-C better in the shell
[COMMANDBOX-493] - Improve check for previously-installed package
[COMMANDBOX-495] - Don't update modified date of server.json unless actually modified.
[COMMANDBOX-497] - Starting named server inherits same server.json settings
[COMMANDBOX-901] - external module mappings broken in CommandBox 4
[COMMANDBOX-903] - Incorrect behavior when parsing unmatched quotes
[COMMANDBOX-915] - Cruft left in temp folder
[COMMANDBOX-917] - Silence annoying ESAPI warnings
[COMMANDBOX-919] - Warnings on java 11 about illegal reflective access
[COMMANDBOX-910] - Support multiple ForgeBox endpoints
[COMMANDBOX-911] - New Java endpoint that ties into the AdpotOpenJDK builds
[COMMANDBOX-914] - Make exit code of native binary from run command available in the exception that is thrown
[COMMANDBOX-916] - Pull Code Coverage data on "testbox run"
[COMMANDBOX-921] - Allow recipe args to be used as environment variables for that command
[COMMANDBOX-904] - Prevent folder endpoint from picking up folders in CWD on install
[COMMANDBOX-909] - Hide stack trace by default when CLI errors
[COMMANDBOX-922] - Allow recipe command to accept arbitrary commands directly
[COMMANDBOX-923] - Include mapping-tag in rewrite exclusion list
[COMMANDBOX-924] - Update JRE builds to use OpenJDK instead of Oracle JDK
[COMMANDBOX-925] - Provide all other args to command completor UDFs
[COMMANDBOX-926] - Announce postInstall interceptions even if package was found to be already installed
[COMMANDBOX-559] - server list --verbose produces an error
[COMMANDBOX-567] - package list sometimes shows incorrect version of 1.0.0
[COMMANDBOX-572] - Running server info on non-server folder creates empty server details
[COMMANDBOX-575] - CommandBox fails to start if a 3rd party module fails to load
[COMMANDBOX-582] - NPE on some URLs occasionally
[COMMANDBOX-587] - testbox run doesn't always return correct exit code on failure
[COMMANDBOX-576] - Improve CommandBox module installations
[COMMANDBOX-578] - Bump Lucee version to 4.5.5.006
config set server.defaults.web.directoryBrowsing=trueconfig set verboseErrors=trueCommandBox> !ping -c 4 google.com
CommandBox> !git commit
CommandBox> !bash
CommandBox> !sudo commandCommandBox> install commandbox-fusionreactor$> box testbox run runner=http://localhost:8080/tests/runner.cfmCommandBox> config set server.defaults.web.http.port=80json.ansiColors.string
[COMMANDBOX-895] - Passing positional args to task errors with required param
[COMMANDBOX-884] - ACF 11 should start without Secure Profile
[COMMANDBOX-890] - Enhance "forgebox search" command to break up versions like "forgebox show"
[COMMANDBOX-891] - Support versions like 0.5.2 in forgebox show/search output
[COMMANDBOX-892] - Speed up embedded server start
Thanks to a pull request from John Berquist, we've borrowed a Bash and Powershell feature of being able to change back to your previous working directory by typing this:
Thanks to more pull requests from John Berquist, you can use file and folder based tab completion when typing native binaries from CommandBox
And tab completion also works better now when typing a quoted string such as a file path that contains a space. This is a huge timesaver!
Package scripts that are fired from internal interception points, can access any intercept data via environment variables. This example writes a file into a server home directory when the server starts, using an environment variable to dynamically find the correct path.
Here are the full release notes for CommandBox 4.8.0:
[COMMANDBOX-991] - Can't always install modules - git error: Directory already exists
[COMMANDBOX-994] - regex metachars not escaped properly in first token of run command
[COMMANDBOX-998] - testbox watch command doesn't obey verbose flag in box.json
[] - Sometimes line breaks leak to console when using expansions
[] - Pass ad-hoc parameters to package scripts
[] - Servers bound to 0.0.0.0 don't open useful browser URL
[] - unicode chars not read from readme files when publishing
[] - Native OS execution doesn't handle exit on fail for *nix
[] - Install path not respected when createPackageDirectory set to false
[COMMANDBOX-1002] - Add cached version of HTTP(S) endpoints
[COMMANDBOX-1031] - Output binary objects in REPL
[COMMANDBOX-1039] - Add support for "cd -"
[COMMANDBOX-993] - Announce onServerStop when stopping a --console server
[COMMANDBOX-996] - Support path completion with "run" or "!" command
[COMMANDBOX-997] - Expand log output of failed job steps
[] - Pass interceptData to package scripts
[] - Allow tab completion on quoted parameters
[] - Editor on Linux
[] - Return actual exit code of server process from server start
[] - Java install endpoint allows invalid slugs
[] - Pass CommandBox shell env vars to server starts
[] - Better detection of CF Engine when using HTTP provider
CommandBox is a standalone, native tool for Windows, Mac, and Linux. It provides a Command Line Interface (CLI) for developer productivity, tool interaction, package management, embedded CFML server, application scaffolding, and some sweet ASCII art. It includes a plethora of commands to interact with your Operating System, TestBox, ForgeBox, ContentBox, CacheBox, etc. Built-in help is completely integrated for every command. You can pop open a CommandBox shell in your terminal window and manually type commands, or even automate things externally via the CommandBox binary with your OS's native shell.
So one of the biggest things we think the CFML community was missing, was a true package management platform. With this in mind, CommandBox + ForgeBox now includes full package management control for ANY ColdFusion (CFML) application. We have created a spec for a box.json file which will go in the root of CFML packages to describe metadata about the package, how it should be installed, and dependencies that the package requires to run. CommandBox is getting a tight integration with the ForgeBox REST API to search, view, and install packages/modules directly into your app from the command line.
The CommandBox CLI also leverages a REPL console for executing a-la-carte CFML commands. You can use it in script or even tag mode with full command history as well. Each REPL instance also has included memory, which means you can declare functions, datasources, etc and leverage them within the same command executions. We even support multi-line statements.
CommandBox has tons of commands for quickly building out applications. Create a new ColdBox app with coldbox create app, add a handler with coldbox create handler. You can even get actions added to it, views created, and BDD integration tests stubbed out at the same time. This can bring new productivity for people who like to live on the command line and especially for those who want to be able to automate stuff they do a lot of.
CommandBox has a thin Java layer and a rich CFML command suite built using WireBox dependency injection. This allows for any CFML developer to contribute and write out their own commands. You can even register your commands in ForgeBox and have them available to any CommandBox installation. This means that any application or framework author can contribute their own suite of commands for their community.
CommandBox also leverages the concept of CommandBox Recipes which allows you to create reusable command files with a box extension. You can execute this recipes and even do argument-binding for further reusability. You can even shared them in ForgeBox as well. It also natively integrates into your operating system you can even use CommandBox for Unix shell scripting or just plain template executions: box myfile.cfm or even use argument-binding box execute file=mayflies.cfm var1=hello name=luis and we will bind those variables into the variables scope for you.
One of the cool things CommandBox brings to the table is the ability to spin up an ad hoc, lightweight, CFML server in any directory from the command line. Simply change your working directory to the root of your app, type server start and a super fast CFML server spins up on a new port running your code. When you're done type server stop from that directory or use the little icon that's showed up in your system tray.In our final release we even included SSL and full URL rewrite support as well.
We have spent considerable time in our auto-update capabilities so users can transition to patches and updates with ease. We have even created two channels for updates:
Stable : Stable releases
Bleeding Edge : Bleeding edge releases
So from you console you can type: box upgrade --latest for bleeding edge releases or box upgrade for stable releases.
In the next coming months, ForgeBox 2.0 will be released with many more features to help developers manage their contributions, multiple version control, CommandBox integration, private repositories and much more. We will also be using the URL forgebox.io instead of embedding it in the ColdBox site; time for separation. We also have tons of features planned for CommandBox, here are a few teasers:
Adobe CF embedded server
Task Runner
NodeJS bridges
Lucee Support
Multiple installation providers
ForgeBox Enterprise (For private enterprise installations)
ForgeBox Cloud Private Entries
RCE (Let's see if you can figure out the acronym)
Multiple version and fuzzy version package management
WAR packager
Package signing
Much More
So as you can see, so much work to be done. I leave you with one final note, we highly encourage you to support us in any way you can as ultimately we offer these tools as professional open source and they need your support in order to continue with their development. Enjoy and go code something!
When you start an Adobe or Lucee CF Engine, the WAR CommandBox uses has a stock web.xml baked into it. Sometimes you may want to add custom servlets, servlet mappings, etc into your server. You can override the stock web.xml in part or in total with a file of your own which you specify in the server.json like so:
More info here:
https://commandbox.ortusbooks.com/embedded-server/configuring-your-server/web.xml-overrides
In addition to quoting parameter values, parameter names can also be quoted. This is useful when setting keys into settings or JSON files that have spaces, hyphens or special characters. Each of these examples are now supported:
More info here:
Lucee Server has been updated to 5.3.8.201 and JBoss Undertow has been updated to 2.2.10.Final. The Lucee update, as usual, applies to the CLI as well as the default server you get when you run server start.
When you install a Jar via HTTP URL and the version number is baked into the URL, the jar endpoint now makes more assumptions about what the version of the package is that allows it to optimize the update checks and eliminate unnecessary downloads.
More info here:
Here are some fun commands for user interactivity in the shell. You can use these as part of a recipe or a nice "one-liner".
The ask command is similar to the ask() method in Task Runners. It requires an interactive terminal and will ask the user a question and return their answer. It is meant to be changed with other commands.
or with default values
or with masked input
Or fun stuff like this
The confirm command will ask the user a yes/no question and return a passing or failing exit code from the command based on the answer.
Remember the && operator will only execute the second command if the first command returns an exit code of 0.
More info here:
You can easily forget all servers which have not been started for a certain period of time with the server prune command. It accepts the number of days that need to have passed since a server was last started in order to prune it.
More info here:
Here are the full release notes for CommandBox 5.4.0
Cancelling a prompt with active job doesn't clear job logs
Param tab completion is off-by-one when piping
Can't list files in directory with brackets ( [ or ] ) in the name
forgebox timeout is too small when publishing packages
dir command returns no results in drive root
Summary over 200 chars in box.json causes error when publishing
Addition of Apache logging classes breaks 3rd party libs using it
Installing a system module as one-off command doesn't clear wirebox metadata cache
Commenting server rules doesn't work correctly in text files
CommandDSL doesn't handle struct args
create a server prune command
Server start can hang when CF engine blows up
Tab complete doesn't work after a pipe
Working dir of server custom menu items doesn't default properly
Error when setting failing exist code in Task Runner
updating commandbox to 5.3.1 via Homebrew breaks with a java error
Rewrite rule with query string doubles up question mark
printTable column validation breaks with spaces in list
Directory listing not showing folders properly when names are numeric
Certain Java installs fail version check
ask and confirm command to capture user input from shell
Improve version handling in JAR endpoint
Update to Lucee 5.3.8
Support dots in struct keys with set/show/clear commands
printTable custom header names for non-array input
Add printTable check for data with no columns
Sort column names in printTable --debug
Set env vars directly in server.json for local one-off overrides
Support web.xml Overrides
Update to Undertow 2.2.10.Final
ModCFML is a popular standard for running a CF server behind IIS or Apache web server and allowing your virtual hosts configured in the web servers to control the web root of the CF server so you can run more than one site on a single CF instance. CommandBox has historically only had a single web root per server, but now you can use a single CommandBox instance to power as many Adobe CF or Lucee Server sites as you like. CommandBox's ModCFML just needs to be enabled and can work with BonCode, mod_cfml or Nginx.
server.json
Read more here: https://commandbox.ortusbooks.com/embedded-server/modcfml-support
CommandBox's core is now 100% free of 1.x versions of the Log4j library. Note, if you start an older Lucee server or any Adobe ColdFusion server, they may still have Log4j 1.x bundled with them.
Many of the java libraries have been updated
JRE-bundled version ships with Java 11.0.15+10
Undertow updated to 2.2.17.Final
Lucee updated to 5.3.9.133
JGit
Does what it says. Looks like this:
server.json
Read More Here:
JVM args and Runwar args can now be set an array of strings which prevents you from needing to escape or quote anything.
Old way (still works)
New way
Read More Here:
There is now a handy little handler you can put in your server rules to view a console dump of all the header data related to your request and response.
server.json
The java API has been moved from AdoptOpenJDK to the project. This is basically the same project, it just changed names.
Opposite of assertTrue. Returns a passing (0) or failing (1) exit code whether falsy parameter passed. Truthy values are "yes", "true" and positive integers. All other values are considered falsy
Opposite of assertEqual. Returns a passing (0) or failing (1) exit code whether both parameters DO NOT match. Comparison is case insensitive.
You can have more than two chained commands, and the command chain will keep executing so long as the next part is compatible with the previous exit code. Ex:
We now set the JAVA_HOME for the cfpm command if it doesn't exist
An Adobe server no longer needs to be the default server for that web root
If cfpm is run as part of a package or server script, it will default to the using the server currently doing something
Previous versions of Launch4j only used the Windows registry to find the installed version of java. The following environment variables are now also checked in this order to attempt to find a JRE to use.
JAVA_HOME
JRE_HOME
JDK_HOME
PATH
Does the same basic thing as the tail command, but it reads from the top of the file or input.
For better security, CommandBox servers will not automatically obey X-Forwarded-For HTTP headers unless you enable it.
Only enable this setting if your CommandBox server is behind a trusted proxy which always sets this header. Otherwise, a malicious client could spoof a trusted IP an bypass IP access control.
Both of these commands will now do the same thing. The second one used to error with version not found.
XML formatting is now a first-class citizen of the print helper and the REPL. You can pass a parsed XML doc and they will be formatted upon display.
Due to lack of Java 9+ support in the Java library that creates tray icons, we've disabled the tray icon by default on MacOS. If you want to brave the possibility of it not working or spilling errors in the console, you can re-enable it like so:
Hopefully when the library gets updated, we'll be able to re-enable the tray icon by default.
Here is the complete list of all tickets closed in this release
watch()
.onChange( function( paths ) {
print
.line( '#paths.added.len()# paths were added!' )
.line( '#paths.removed.len()# paths were removed!' )
.line( '#paths.changed.len()# paths were changed!' ) ;
} )
.start();package set reinitWatchPaths= "config/**.cfc,models/**.cfc,ModuleConfig.cfc"
coldbox watch-reinitinstall gist:b6cfe92a08c742bab78dd15fc2c1b2bbinstall https+cached://downloads.ortussolutions.com/ortussolutions/coldbox-modules/cbi18n/1.4.0/cbi18n-1.4.0.zip
start cfengine=http+cached://update.lucee.org/rest/update/provider/forgebox/5.3.3.60-RCcd -!foo bar "C:/Program Files/baz/myFile.cf_cd "C:/program Fi_package set scripts.onServerStart="touch \$ {interceptData.SERVERINFO.serverHomeDirectory}/hi.txt"{
"app" : {
"webXMLOverride" : "path/to/web-override.xml"
}
}{
"ModCFML":{
"enable":"true",
"sharedKey":"my-secret"
}
}JLine updated to 3.21.0
Runwar updated to 4.7.4
Log4j updated to 2.17.1
io.undertow:undertow-servlet 2.2.17.Final -> 2.2.19.Final
io.undertow:undertow-websockets-jsr 2.2.17.Final -> 2.2.19.Final
net.minidev:json-smart-mini 1.0.8 -> 1.3.2
commons-cli:commons-cli 1.2 -> 1.5.0
org.jooq:joox 1.2.0 -> 1.6.2
org.apache.logging.log4j:log4j-slf4j-impl 2.17.1 -> 2.18.0
org.apache.logging.log4j:log4j-core 2.17.1 -> 2.18.0
org.jboss.logging:jboss-logging 3.4.1.Final -> 3.4.3.Final
Over half of the tickets in this release were bug fixes to keep the CLI running smoothly on all operating systems. You can check out the full list of ticket below to see the screws we tightened.
CommandBox servers have an exciting new weapon in their arsenal, and that is a new system of security that allows you to protect certain parts of your site from the general public. This could be CF admins, private dashboards, or a subfolder of sensitive files.
You'll find a new section in the server.json called web.security where these settings live. You can leverage the power of our Server Rule predicates to match whatever requests you want to secure, based on folder, HTTP method, remote IP, HTTP headers and more.
That authPredicate would require authorization for any pages in the Lucee admin unless you were on localhost. NOTE: path-prefix is case sensitive, so on Windows you'd want to use a regex() based check such as regex( pattern='^/lucee/admin/.*', case-sensitive=false )
When a request is marked as requiring authentication, you can enable one or more auth mechanisms to challenge the user as discussed below.
Read more on Server Security Here.
CommandBox has supported basic auth for a while, but it was a simple all-or-nothing implementation. Basic auth has been revamped and rolled into the new security system. If no authPredicate is defined, it will still apply to the whole site. But when an authPredicate is declared in your server.json, it will only kick in for those pages.
We've also moved the basic auth settings in server.json to here:
Don't worry, the old location still works too for now. We won't remove support for it until the next major release of CommandBox. If both the settings exist (Ex: web.basicAuth.enable and web.security.basicAuth.enable), the new location will be given precedence.
Read more on Basic Auth Security Here.
Adding support for client SSL certs was one of our largest undertakings and is a very exciting new feature for government shops who use PKI based authentication, often times in the form of DoD CAC (cards) which are physical cards containing a private PKI cert that identifies the user. This feature was one of the last reasons to need IIS or Apache in your mix, but now CommandBox can do it all!
Client certs have two part-- first is the ability of the web server to prompt the user's browser to ask for a client cert to send. This requires configuring a trust store or a list of trusted CA certs to accept. When the user sends a cert, it automatically makes a number of CGI and request variables available to your CF code. You can configure your SSL connection to accept or require client certs like so:
Some of the CGI variables which are automatically created when a client cert is present are
CGI.SSL_CLIENT_CERT - PEM-encoded cert (base 64 string)
CGI.CERT_SUBJECT - The Subject distinguished name of the client cert (CN=foo, O=bar, OU=baz)
CGI.CERT_SERIALNUMBER - The serial number of the cert in the format 91-7e-5f-a5-b2-20-a1-8b-4c-d0-40-3b-1c-a1-a8-58
CGI.CERT_ISSUER - The Issuer distinguished name of the client cert (CN=foo, O=bar, OU=baz)
CGI.SSL_CLIENT_VERIFY - Matches Apache HTTP. Values will be "SUCCESS" or "NONE"
The second part of client certs is the ability to use that client cert information as an authentication mechanism to enforce your authPredicate automatically. (When CommandBox's security system is unable to authorize a user, it stops the request before it ever even reaches CF!)
When authorizing based on client certs, you can have 4 levels of checks:
Any user with a cert is allowed. (Remember, the client cert must always be trusted by one of your configured trusted CA certs)
Subject Distinguished Name (DN) matches one or more complete or partial DNs you specify
Issuer Distinguished Name (DN) matches one or more complete or partial DNs you specify
Or disable the web.security.clientCert.enabled setting and allow all requests to reach CF where you can write your own checks.
CommandBox also supports SSL Renegotiation which allows you to not force the client cert right away until the user gets to a page on the site that kicks in the authPredicate and then their browser will prompt them then. This is a popular configuration since the user can hit your login page first and then be prompted for their cert once they login.
The configuration for all this looks like this:
Read more on Client Cert Auth security Here.
As Task Runners become more popular and people combine them with more modules to perform their operations, you run into the need to load a list of modules all at the same time which may have interdependencies. There is now a new loadModules() method available to Task Runners which accepts an array of module paths. Each module is first registered, and then each module is activated.
Read more here:
# quoted string
package set foo."bar.baz"=bum
# bracketed string
package set foo[bar.baz]=bum
# quoted, bracketed string
package set foo["bar.baz"]=bumset color=`ask "favorite Color? "`
echo "you said ${Setting: color not found}"ask question="Who is cool? " defaultResponse="Balbino!"ask question="What is your password? " mask=*ask "Secret phrase: " | assertEqual "mockingbird" || echo "access denied!" && exit 1confirm "do you want to update your packages? " && updateserver prune days=30
# Skip the confirmation check
server prune --force{
"jvm" : {
"properties" : {
"foo" : "bar baz"
"java.awt.headless" : "true"
}
}{
"jvm" : {
"args" : "-XX:+UseG1GC -XX:-CreateMinidumpOnCrash --add-opens=java.base/java.net=ALL-UNNAMED"
}
}{
"jvm" : {
"args" : [
"-XX:+UseG1GC",
"-XX:-CreateMinidumpOnCrash",
"--add-opens=java.base/java.net=ALL-UNNAMED"
]
}
}{
"web" : {
"rules" : [
"regex('(.*).cfm') -> dump-request()"
]
}
}assertFalse false && echo "The inputs was false"assertNotEqual "foo" "bar" && echo "The inputs are not equal"assertTrue false && echo "it was true!" || echo "back on track";cat file.txt | head lines=10server set web.useProxyForwardedIP=true# technical correct
server start [email protected]+133
# technical incorrect, but people still always tried it
server start [email protected]❯ repl 'xmlParse(\'<root><user name="brad"/></root>\')'
<root>
<user name="brad"/>
</root># for one server
server set trayEnable=true
# for all servers
config set server.defaults.trayEnable=true{
"web" : {
"security" : {
"realm" : "My Realm",
"authPredicate" : "path-prefix( /lucee/admin/ ) and not equals('%{REMOTE_IP}', 127.0.0.1)"
}
}
}{
"web":{
"security" : {
"realm" : "My Realm",
"authPredicate" : "regex( pattern='^/lucee/admin/.*', case-sensitive=false )"
"basicAuth":{
"users":{
"brad":"pass",
"luis":"pass2"
},
"enable":"true"
}
}
}
}{
"web" : {
"ssl" : {
"enable" : true,
"clientCert" : {
"mode" : "Requested",
"CACertFiles" : "rootCA.cer,anotherRootCA.cer",
// OR...
"CACertFiles" : [
"rootCA.cer",
"anotherRootCA.cer"
],
// OR...
"CATrustStoreFile' : "cacerts",
"CATrustStorePass' : "changeit"
}
}
}
}{
"web" : {
"security" : {
"realm" : "My Realm",
"authPredicate" : "path-prefix( /admin )"
"clientCert" : {
"enable" : true,
"SSLRenegotiationEnable":true,
"subjectDNs" : "O=Ortus, OU=Marketing",
"issuerDNs" : [
"O=Verisign",
"CN=Bob, O=Walmart",
"CN=GeoTrust TLS RSA CA G1, O=DigiCert Inc, OU=www.digicert.com"
]
}
}
}
}loadModules(
directoryList( path=resolvePath( 'modules/' ), type='dir' )
);You can start up a lightweight server that only serves static files now with CommandBox.
In pursuit of the smallest possible Docker images, we have CommandBox light which is built on Lucee Light. We also have a box "thin" binary you can swap out with the full self-extracting binary when using CommandBox in custom docker images. Check out Pete Freitag's Minibox image to see both of these in use in a super tiny 78 Meg docker image. More docs here:
If you're using box in an integration where you want it to start up in a specific working directory, there is a new bootstrap CLI arg for that.
You've always been able to specify custom menu items in your server.json or global config settings, but we've kicked it up a notch. Not only can you contribute to existing sub menus now, you can execute arbitrary native commands synchronously or async.
Here's the full list of tickets closed down in the 5.1.0 release.
[COMMANDBOX-1121] - Runwar deadlocks when using Lucee server warmup flag
[COMMANDBOX-1122] - Server start console output isn't always formatted correctly
[COMMANDBOX-1125] - Boolean env var causes error on server start
[] - Output of foreach can't be piped
[] - Lucee Extension install doesn't recognize Lucee Light
[] - Package unlink command misspelled parameter moduleDirectory as moduleDrectory
[] - Package link command misspelled parameter moduleDirectory as moduleDrectory
[] - Tab complete doesn't work on Windows paths with backslashes
[] - CommandBox Watcher shows error on Ctrl-C
[] - Extension management doesn't "recognize" a Lucee server started with --dryRun
[] - Downgrading a package with install doesn't work without --force
[] - The run command doesn't always seem to kill interactive binaries
[] - Relative paths incorrect in drive root on *nix
[] - Using a warPath of ./ gets normalized to "" and then ignored in subsequent starts
[] - native commands with * can fail due to missing regex escape
[] - Incorrect serverInfo for a server that hasn't started
[COMMANDBOX-1015] - Allow arbitrary actions for menu items
[COMMANDBOX-1019] - Allow to start a pure HTML server
[COMMANDBOX-1130] - Update ColdBox Templates to new standards
[] - Allow default working dir of box to be overridden
[] - Create box-thin binaries that don't bundle any libs
[] - Create CommandBox Light built that uses Lucee Light jar
[] - Add two new methods to commands for working with async futures: getCurrentThread() getThreadName()
[] - TestBox run commands now support the outputFormats argument to allow you to output post-test reports in many formats
[] - TestBox revamped UI for the CLI reporter
[] - Add Java info debug to box binary
[COMMANDBOX-1102] - Add Java version as info log
[COMMANDBOX-1080] - Provide way to disable server instance icon in MacOS dock
[COMMANDBOX-1126] - Add --full flag to dir command to output full path
[COMMANDBOX-1129] - Rework the server list command so it is more performant
[] - Bump to Lucee 5.3.6.61
[] - Tab complete for sort options in dir command
[] - Have the ProgressableDownloader send an Accept header
[] - Don't overwrite lucee-server.xml file when updating libs
[] - Auto-detect *unix distros with non-bash shells
[] - Copy lco files so Lucee server can start on CommandBox Light
[] - Reset console window title after `run` executes a process
For a task that has more than one target (method) you can specify dependencies that will run, in the order specified, prior to your final target. Specify task target dependencies as a comma-delimited list in a depends annotation on the target function itself. There is no limit to how many target dependencies you can have, nor how deep they can nest.
Given the above Task Runner, typing
would run the runMeFirst() and run() method in that order.
Docs:
The web server in CommandBox is capable of enabling GZIp compression to reduce the size of HTTP responses. To enable GZip compress on your CommandBox server, add a web.gzipEnable setting in your server.json file.
Docs:
When you get a directory listing in CommandBox, you can add the --simple flag which will only output the file and folder name without any other information. This feature was added to compliment the feature below.
The foreach command will execute another command against every item in an incoming list. The list can be passed directly or piped into this command. The default delimiter is a new line so this works great piping the output of file listings directly in, which have a file name per line.
This example will find all JSON files in a directory and run the cat command against them.
Docs:
This is still a little experimental since it hasn't gone through full testing, but we upgraded to Lucee 5.2.9.31 in the core CLI which has support for the newer versions of Java. We've removed the checks that previously preventing CommandBox from even trying to run on versions of Java later than 8 and at first glance it seems to be working though there's been some flakiness on Java 11. Please help test these later Java versions and remember that if you spin up a server, you'll want to still dial in Java 8 for Adobe CF 2016 and prior and Lucee 5.2.8.50 and prior even if you have the CLI running on Java 9+.
Docs for setting custom Java version in your server:
Here's the full release notes for CommandBox 4.3.0.
[] - Command Box failed to initialize using java 9
[] - CFFileServlet doesn't work with default rewrites in ACF 2016
[] - We need to review exit codes in Tasks
[] - Task method dependencies
[] - Add setting for GZip compression
[] - Add --simple flag to ls/dir command to only output filename
[
[] - TestBox Run command could use a way to add custom url parameters. Also the options parameter does nothing
[] - Improve progress bar cleanup and exit codes on Ctrl-C
[] - Allow Java jars to be installed from S3
server start cfengine=nonebox -cliworkingDir=C:/my/path/here/{
"trayOptions" : [
{
"label" : "Does the Internet work?",
"action" : "run",
"command" : "ping google.com"
},
{
"label" : "Math is math!",
"action" : "runAsync",
"command" : "calc.exe"
},
{
"label" : "Update dependencies",
"action" : "runTerminal",
"command" : "box update"
}
]
}component {
function run() depends="runMeFirst" {
}
function runMeFirst() {
}
}task run
[COMMANDBOX-857] - Engine name not detected correctly when using HTTP URL for cfengine
[COMMANDBOX-860] - Fix annoying web-inf folder for Flex logs on Adobe engines
[COMMANDBOX-861] - Missing line break when following log file
[COMMANDBOX-865] - Spelling error in info message for accessLogEnable
[COMMANDBOX-867] - coldbox create app cuts last char from package name
[COMMANDBOX-869] - Starting Adobe server errors when no CFIDE mapping is defined
[COMMANDBOX-871] - CommandDSL parsing doesn't handle quoted text in command
[COMMANDBOX-863] - Upgrade CLI to Lucee 5.2.9.31
[COMMANDBOX-864] - Support sorting JSON objects by key when formatting
[COMMANDBOX-866] - Task DSL assume CWD of task file
[COMMANDBOX-868] - coldbox scaffold install testbox by default
[COMMANDBOX-870] - Allow command DSL params() to be called more than once
[COMMANDBOX-872] - Make resolvePath() in Base command/task
[COMMANDBOX-873] - Reload shell doesn't always fire when non-CommandBox modules get updated in core
[COMMANDBOX-874] - Allow print helper to accept complex objects and serialize them for output.
Launch4j - 3.14
JANSI - 2.3.2
When you configure libDirs for a server, CommandBox used to only load jar files found in the root. Now it will include sub directories which gives you more flexibility around how to install your jars.
In the previous release, we introduced a new helper for printing ASCII Art tables in your custom commands and task runners. We've taken this a step further and wrapped the table printer utiilty in a new command so you can use it from the CLI directly. We've also expanded its functionality to accept ANY data in as JSON and it will marshall it into a query for you. This means it can be a query, an array of structs, an array or arrays, and more. You can now get quick and easy visualization of any data right from the CLI or in builds.
As if the previous command isn't cool enough, we've also added a new "sql" command which will also accept any sort of data as JSON, marshall it into a query object and allow you to alias, filter, order, and limit the rows on the fly using CFML's query of queries!
The sql command works very nicely with the new tablePrinter command, and truly makes JSON a first class citizen of the CommandBox CLI.
We've made a small adjustment to the print.table() helper that was introduced in CommandBox 5.3.1 as follows. The old method signature is
And the new method signature is:
The parameters to the new printTable command matches the NEW method signature of the print.table() helper as well.
When working with XML in the REPL, formatting is now applied when the XML is printed out to the console, making it easier to read (same as JSON)
COMMANDBOX-1320 Server stop doesn't message user when it fails
COMMANDBOX-1319 Stop loading cfusion/lib in system class loader
COMMANDBOX-1318 5.3.0 errors with commandbox-dotenv 1.x versions due to WireBox change
COMMANDBOX-1314 When building Lucee war from local jars, seeded web.xml file is ignored
COMMANDBOX-1311 Table printer error with no rows
COMMANDBOX-1310 update '{slug}' fails as it is trying to print the package version and its dependencies.
COMMANDBOX-1308 Relative Web Alias Behavior (regression)
COMMANDBOX-1307 jq doesn't resolve file paths to current working directory
COMMANDBOX-1303 CFEngine adobe - Could not initialize class coldfusion.vfs.VFile when using s3 protocol
COMMANDBOX-1328 Improve performance of piping large strings to "cfml" command
COMMANDBOX-1317 Format XML in REPL
COMMANDBOX-1316 Change default CLI JSON representation of query to array of structs
COMMANDBOX-1306 Allow upgrade command to pull stable versions when CLI is a prerelease version
COMMANDBOX-1305 Update bundled java libraries
COMMANDBOX-1302 app.libDirs does not load jars/classes recursively from sub folders
COMMANDBOX-1210 Allow for relative URLs when defining trayoption elements
COMMANDBOX-1194 Add Libraries To Runwar Necessary For URLRewrite Proxy
COMMANDBOX-1324 New "printTable" command to add CLI usage of table printer
COMMANDBOX-1323 New "sql" command to filter tabular data with SQL
COMMANDBOX-1321 Add --verbose to 'server stop' to see raw output
COMMANDBOX-1309 Add printTable command that proxies to print.table() helper
server set web.gzipEnable=truels --simplels *.json --simple | forEach cat# Jar installs to lib/jline-3.0.0.M1/jline-3.0.0.M1.jar
install "jar:https://search.maven.org/remotecontent?filepath=jline/jline/3.0.0.M1/jline-3.0.0.M1.jar"
# Load up the jar when the server starts
server set app.libDirs=lib# array of structs
printTable [{a:1,b:2},{a:3,b:4},{a:5,b:6}]
╔═══╤═══╗
║ a │ b ║
╠═══╪═══╣
║ 1 │ 2 ║
╟───┼───╢
║ 3 │ 4 ║
╟───┼───╢
║ 5 │ 6 ║
╚═══╧═══╝
# array of arrays
printTable data=[[1,2],[3,4],[5,6]] headerNames=foo,bar
╔═════╤═════╗
║ foo │ bar ║
╠═════╪═════╣
║ 1 │ 2 ║
╟─────┼─────╢
║ 3 │ 4 ║
╟─────┼─────╢
║ 5 │ 6 ║
╚═════╧═════╝
# Query object
#extensionlist | printTable name,version
╔═════════════════════════════════════════╤═══════════════════╗
║ name │ version ║
╠═════════════════════════════════════════╪═══════════════════╣
║ MySQL │ 8.0.19 ║
╟─────────────────────────────────────────┼───────────────────╢
║ Microsoft SQL Server (Vendor Microsoft) │ 6.5.4 ║
╟─────────────────────────────────────────┼───────────────────╢
║ PostgreSQL │ 9.4.1212 ║
╟─────────────────────────────────────────┼───────────────────╢
║ Ajax Extension │ 1.0.0.3 ║
╚═════════════════════════════════════════╧═══════════════════╝
# JSON list of all servers
server list --json | printTable name,host,port,status
╔══════════════════════════════╤═════════════════════════════╤═══════╤═════════╗
║ name │ host │ port │ status ║
╠══════════════════════════════╪═════════════════════════════╪═══════╪═════════╣
║ servicetest │ 127.0.0.1 │ 54427 │ stopped ║
╟──────────────────────────────┼─────────────────────────────┼───────┼─────────╢
║ servicetest2 │ 127.0.0.1 │ 52919 │ stopped ║
╟──────────────────────────────┼─────────────────────────────┼───────┼─────────╢
║ FRDemos │ 127.0.0.1 │ 50458 │ stopped ║
╚══════════════════════════════╧═════════════════════════════╧═══════╧═════════╝# filter, sort, limit, and select extensions installed into the CLI (output as table)
#extensionlist | sql select=id,name where="name like '%sql%'" orderby=name limit=3 | printTable
# order and select JSON data from a file (output as JSON)
cat myfile.json | sql select=col1,col2 orderby=col2
# limit JSON (output as table)
sql data=[{a:1,b:2},{a:3,b:4},{a:5,b:6}] where="a > 1" | printTable
public string function print(
required any headers,
array data=[],
string includeHeaders
) {public string function print(
required any data=[],
any includedHeaders="",
any headerNames="",
boolean debug=false
) {❯ repl "XMLParse( '<root><brad>wood</brad></root>' )"
<?xml version="1.0" encoding="utf-8"?><root>
<brad>wood</brad>
</root>Task Runners - Run ad-hoc builds from the CLI written in CFML (Read more)
Manage System Packages - update, list, and uninstall system modules
File Globbing - Use place holders like **.cfc for file operations to affect more than one file at a time.
Command Aliases - Alias your favorite commands for easy access in the future
Global Command Parameter Defaults - Set common parameters to have a given value at a global level
System Settings - Utilize environment variables to make your package and servers more dynamic
Testbox Run - Improved, minimalist output to the "testbox run" command
TestBox Watchers - Watch a directory for file changes and run your unit tests
Customize REST Servlets - Customize or disable the REST servlet paths on Lucee and Adobe servers
Custom Java Versions - Start your CF servers with any version of Java you want
Property files - New commands and helper libs for dealing with property files
Basic Authentication - Enable basic security on your servers with unlimited users
Custom URL to Open - Customize the browser URL that opens when you start a server
Disable Tray Icon - Turn off the system tray icon for your servers entirely
Show Proxy IP - Servers pass through the original user IP through proxies
Jar Endpoint - Install 3rd party jars into your projects
[] - Server start tries to open HTTP URL even if it's disabled
[] - testbox run with runner urls that have a query string fail
[] - cf_scripts folder not working on Adobe 2016
[] - Allow file globbing patterns in file/folder operations
[] - Create BaseTask
[] - Add "task" command to run tasks
[
[] - Better error message for invalid JSON in a server.json file
[] - Update debian build signing to be higher than SHA-256
[] - If publishing but not logged into forgebox, prompt for login instead of just erroring
[] - Clean up SSL cert and key file parameters for server start
This has been pretty big for Windows users who access files on their servers over a UNC network path like \\server-name\foo\bar. You can now cd into paths starting with \\, perform file operations like cat against those paths, etc. Note backslashes need escaped in the CommandBox shell.
This was pretty straightforward since Java already supports this, but I had to change a lot of core path handling to make sure the correct slashes were preserved. This needs a fair amount of testing to make sure we nailed it down for good. If your network share requires permissions, you'll need to have saved those in Windows Explorer already or execute a "net use" OS command from the shell.
[COMMANDBOX-611] - errors if you start second CLI while first one is using the temp dir
[COMMANDBOX-616] - TestBox scaffolds are missing super calls for beforeAll/afterAll
[COMMANDBOX-621] - Prevent two servers from getting the same name
[COMMANDBOX-625] - Basic auth doesn't set cgi.remote_user
[COMMANDBOX-651] - unregister method in interceptor service doesn't work
[COMMANDBOX-459] - Create the --system argument to all package commands for system wide packages
[COMMANDBOX-513] - Allow REST servlet to be configured
[COMMANDBOX-548] - Allow custom JRE version for server starts
[COMMANDBOX-560] - Support Basic Auth
[COMMANDBOX-564] - Allow placeholders in for env vars and system props
[COMMANDBOX-585] - Provide convenient command to do simple token replacements from the CLI
[COMMANDBOX-589] - Checksum Command
[COMMANDBOX-590] - Property files commands support
[COMMANDBOX-599] - Add MinHeapSize setting
[COMMANDBOX-608] - Support for viewing/installing private packages
[COMMANDBOX-610] - Finalize box.json testbox runner options
[COMMANDBOX-613] - Allow Command DSL to set working directory
[COMMANDBOX-614] - Implement "testbox watch" command
[COMMANDBOX-638] - Simple Jar endpoint
[COMMANDBOX-642] - Ability to disable tray icons
[COMMANDBOX-644] - Allow ad-hoc aliases to be created for commands
[COMMANDBOX-645] - Allow global defaults to be set for command parameters
[COMMANDBOX-647] - Automatic collection from parameter names containing a colon
[COMMANDBOX-648] - Implement the equiv of Tomcat's remoteIPValve
[COMMANDBOX-649] - Support missing Tuckey config settings
[COMMANDBOX-655] - Command to remove trailing whitespace from files
[COMMANDBOX-656] - Command to add final EOL to files
[COMMANDBOX-602] - Refactor JSON formatter to separate lib for reuse
[COMMANDBOX-606] - Add trace flag for starting server
[COMMANDBOX-612] - Improve output of "testbox run" command
[COMMANDBOX-617] - Remove deprecated and unused properties from box.json with init
[COMMANDBOX-618] - Don't try to output binary data in REPL
[COMMANDBOX-622] - Show "last started" datetime for servers
[COMMANDBOX-623] - Customize URL that opens when starting server
[COMMANDBOX-626] - Allow commandbox-modules to register endpoints
[COMMANDBOX-646] - Enhance parser to allow quoted spaces in parameter names
[COMMANDBOX-650] - WireBox injection DSL allow to drill down into Config Settings
[COMMANDBOX-652] - Command to remove trailing spaces from code files
[COMMANDBOX-657] - Allow console flag to be stored in server.json like every other setting
[COMMANDBOX-658] - Allow publishing of private packages
When running a task from the CLI, the user will be automatically prompted if they don't supply all the required args. This is just like commands work now.
We also fixed several bugs with passing positional parameters and flag to task runners.
This has been a long time coming, but if you want to work on a CommandBox module now, you don't have to keep copying files over to your CommandBox installation just to test. Instead, just run this from the root of your module's repo:
This will symlink (works on Windows and *nix) your module into the core CLI's modules folder and reload the shell so you can immediately start testing. When you're done, just run package unlink. If you'd like to use this same feature, but to link a ColdBox module's repo over to a test application so you can test it without making a copy, you can pass in the path to the remote modules folder you'd like to link to.
This is a little easier than using your OS's native symlink commands and can be used in recipes that will work across operating systems!
The rest of the changes don't really need a dedicated section but they're worth mentioning, so I've put them in this tidy list :) If you'd like the ticket numbers, you can get them out of this full list of tickets in JIRA: https://ortussolutions.atlassian.net/secure/ReleaseNote.jspa?projectId=11000&version=20400
box install returns failing exit code if a package install fails. This helps builds fail correctly if things go wrong
When prompted to type in something like a missing parameter, your answer is no longer added to the command history
The --debug flag works correctly when starting a server from your OS shell like $> box server start --debug
box.json dependencies are stored with forward slashes so Mac and Windows devs stop fighting over which file to commit
config set no longer prints out the value to avoid leaking secrets in build script output.
Updating a package now uninstalls the previous version first to ensure a fresh start since the new version may have removed files.
If you're setting CommandBox behind an AJP proxy, we exposed the flag and ports for that as first class citizens of server.json.
Visual markers for private packages in the forgebox search command.
The package init command creates a valid slug for private packages in the @user/slug format.
work on all the aliases for a command now.
New --local flag to server list to show all servers that have been started in the current working directory
If for some reason you want to supply some ad-hoc JVM args to the actual CLI process, you can create a new environment var called BOX_JAVA_PROPS="foo=bar;brad=wood"
You can now touch files in a non-existent directory and it will create the directory instead of erroring.
Viewing a ForgeBox package via package show with a markdown based description, now has basic formatting in the CLI
The default URL rewrite file doesn't try to rewrite requests to /favicon.ico even when it doesn't exist.
Our CF11 servers no longer have secure profile enabled. That was causing issues due to some of the settings like returning 200 on error. If you were making use of that default, please use to set what you need.
At John Farrar's request, several URLs in output messages have had space put before and after them so capable shells will auto-link them correctly.
Improved the Java networking error messages on server start if the host name wasn't correct in your host file and you were letting CommandBox pick a random port for you.
Prevented unnecessary saves to box.json when installing to keep file updated dates from being touched.
Added friendly check for Java 9 since it's not supported yet and the error that displayed made zero sense.
Commands like forgebox show and forgebox list now can provide their data in JSON format. ex: forgebox show coldbox --json
Bug
[COMMANDBOX-579] - --debug flag is eaten when running CommandBox from native OS
[COMMANDBOX-640] - Ensure clean install/update of packages
[COMMANDBOX-681] - Touching file in nonexistent directory errors instead of creating directory
[] - CommandDSL that errors out doesn't reset CWD
[] - positional task args don't work
[] - cp command doesn't work for folders
[] - CommandBox Modules customInterceptionPoints can't accept an array
[] - CommandBox has no `processState` method on the InterceptorService
[] - Flags aren't passed correctly to task runners
[] - CFML functions don't handle incoming JSON with pound signs
New Feature
[COMMANDBOX-653] - Expose Runwar AJP listener settings
[COMMANDBOX-663] - Update server list and server info to be able to show all the servers on a particular directory
[COMMANDBOX-668] - New package link and package unlink commands
[] - Add ad-hoc JVM props via an environment variable
Improvement
[COMMANDBOX-178] - Don't store text entered to "ask()" command in history
[COMMANDBOX-565] - Handle minor version updating a bit better
[COMMANDBOX-607] - Always store dependency install paths with forward slashes
[] - Have a setting to not show secrets when printing out the config
[] - Support UNC file paths on Windows
[] - JSON format for forgebox endpoints
[] - Ask user for required params to task runners
[] - Visually show if a package is private when listing or showing
[] - make package init create correct slug for private package
[] - Make default command parms work on aliases
[] - Box install failures to produce non-zero exit codes so build fails instead of continuing installation.
[] - Provide ANSI formatting for markdown package descriptions
[] - box.json template isn't proper JSON
[] - Remove background color from CommandBox ASCII art
[] - Default rewrite rules to ignore favicon.ico
[] - Disable Secure Profile on CFEngine WARs
[] - Leave space around URLs so some consoles will be clickable
[] - Improve performance of package install ignores
[] - Improve error message in ServerService.getRandomPort()
[] - Prevent unnecessary writes to box.json file when installing dependencies
[] - Improve formatting when asking for required param that has no hint
[] - Add Java 9 check to CommandBox until its supported
To be more useful, CommandBox now bundles the following system modules
They will be automatically installed (or updated) when you start the CLI for the first time. You can still update or uninstall them, just like any system module. Note: If you have any of these modules currently linked into the CommandBox core, any uncommitted changes will be overwritten when you upgrade box. Please unlink the repos first before upgrading.
The CommandBox Update Check modules can be disabled if you don't like it via
It will also automatically obey the
CommandBox will automatically set the content type in the HTTP response for common static file types. If you come across a file extension that doesn't have the correct type, you can set it like so in your server.json:
Which creates the following
In the above example, hitting a file such as foo.log would come back with a text/plain content type header.
This setting will override any <mime-mapping> tag in your web.xml file.
More Info:
If you are authenticated to ForgeBox in the CLI, you can synchronize your config settings to and from your ForgeBox account. This is a great way to get up and running on a new PC or keep multiple CommandBox installs in sync. In addition to synchronizing your Config Settings, this feature will also track your installed system modules, such as CFConfig, etc.
This command will push your local settings and modules up to your ForgeBox account.
By default, the settings are "merged" so new local settings will be added to ForgeBox, but nothing will be removed. To remove config that only exists on ForgeBox, you can use the --overwrite flag to force a full sync.
This command will pull your settings and modules from your ForgeBox account and set/install them locally.
By default, the settings are "merged" so missing settings will be added locally, and missing system modules will be installed, but nothing will be removed. To remove config and modules that only exist locally, you can use the --overwrite flag to force a full sync. This will remove local config settings and uninstall local system modules which were not on ForgeBox.
This command will not change anything, but gives you a full report of all settings which are different between your local CommandBox CLI and ForgeBox. It will show you "Remote Only," "Local Only," and "Changed" settings and modules. Use this to see what you're about to change before pushing or pulling.
Read More:
This is the same as onServerInstall, but it only runs the VERY FIRST time a CF engine is installed. This is helpful if you want to install Lucee extensions or ACF modules and only need to do it the first time. This interceptor is easier than using onServerInstall and inspecting the installDetails.initialInstall flag.
This has been an experimental feature of CommandBox servers for a while, but we've finalized the feature and added a proper setting to enable it in server.json. By default, the web server in CommandBox will follow the case sensitivity of the underlying file system. So, when on Windows /FiLe.TxT will still load an actual file called /file.txt. But on Linux, the case in the browser would need to match that of the file system. CommandBox allows you to force case sensitivity to be ON or OFF for a server, overriding the server's file system.
To force CommandBox's web server to be case sensitive, even on operating systems like Windows, use the following setting. There is a nominal performance benefit in doing this, and it can allow a Windows CommandBox server to mimic a Linux server for testing.
To force CommandBox's web server to be case insensitive, even on operating systems like Linux, use the following setting. There is a nominal performance overhead in doing this, and it can allow a Linux CommandBox server to mimic a Windows IIS server. In this mode, CommandBox will use an internal cache of file system lookups to improve performance. If there are two files of the same name using different case, then you will get whatever file is found first.
Read More:
If using CommandBox's SSL, you can now use a PFX file (PKCS #8 format) which contains the public and private key in one file.
More Info:
Most of the Server Rule predicates are case-sensitive, which poses a problem when using them for security on Windows since they will only match one specific spelling of a folder or file. We have added "-nocase" versions of several popular predicates which perform case-insensitive checks.
regex-nocase()
path-suffix-nocase()
path-prefix-nocase()
path-nocase()
Undertow's reverse-proxy() handler would not connect to a back-end server using SSL. We've given up on , and added a new load-balanced-proxy() handler which works with SSL.
Due to in the Lucee evaluate() function that seem like they'll , we've finally put a workaround in the REPL, which captures the return value of member functions chained to literals and expressions using closures. Ex:
There is already a Config Setting for the preferred browser when opening up sites. You can now customize this on a per-server basis with this server.json setting
You can now control the Log4j appender layout for CommandBox servers, which includes formats such as JSON, which allows your server logs to be automatically imported into Elastic Search
Read More:
There is a helpful command called forgebox version-debug which will show you what version of a package will be installed without actually installing it. It can also be useful to test a semver range and see what packages it matches.
Read More:
Experimental feature force insensitive web server has stopped working in some cases
Hide Felix error messages in console on startup
Custom tray options calling box with space in path fail
Add load-balanced-proxy() handler to replace Undertow's broken reverse-proxy() because they refuse to fix it
Capture return value from some REPL expressions because Lucee refuses to fix evaluate()'s parser
Two instance of CLI cause class loading issues from OSGI bundles
server start port check doesn't take web.http.enable into accout
CommandBox settings sync feature
Add onServerInitialInstall package/server script
Add `.webp` as a default mime type for CommandBox to support this new image format
Formalize setting for case sensitivity of web server
Add "nocase" versions of regex(), path-suffix(), path-prefix(), equals(), contains(), and path() predicates
Improve forgebox whoami command
Allow CommandBox to customize console appender Layout
New "forgebox version-debug" command
Bundle super helpful modules in box core
onConfigSettingSave and onEndpointLogin interception announcements
Ability to pass file name to "more" command
Add a method in server.json to add MIME type mappings to Undertow
Improve message when starting second server with single server mode enabled
system setting serverinfo namespace use interceptdata if running inside of server script
Allow `web.webroot` to be changed in single server mode
Authentication failures don't send custom error pages
Add directory param to coldbox watch-reinit command
Support PKCS #8 format private keys
Allow preferredBrowser to be set on a per-server basis
Add file and directory completion to the ID param of the install command
Add installExtension() for commands and task runners to install Lucee extensions on the fly to the CLI
Update Lucee to 5.3.10.120 in CLI core
Improve upgrade command
Load libdirs in system classloader
Check for default branch of "main" in Git endpoint
Try removing JAX API classes from runwar
Update to Undertow 2.2.22-Final
Update bundled JRE to jdk-11.0.18+10
Remove stopgap for COMMANDBOX-1459
In no particular order...
Fix background colors not showing up in Powershell and Windows cmd
System Setting expansions not always working in server.json
testbox run no longer blindly assumes you're returning JSON.
Piping commands into box was broken since 4.0.0
Starting server with --debug didn't output logs on error.
Sorted by createUUID() DESC...
Custom commands have more control over their tab completion candidates.
Control how many levels deep package list displays
New versions of Lucee, JGit, JLine, and WireBox
More pack200 of the Lucee jar (and more improvements to come soon in the next version of Lucee)
The run command has been a pain over the last few versions as every "fix" has seemed to lead to another regression. We've made some more changes to try and get each use case working as expected with no annoying bash messages about "job control". Fingers crossed.
Single one-off command, streams output to console as it comes.
Piping output of native binary into another Command (output captured all together and not streamed).
Running interactive commands. No output at all really, standard input and output of CommandBox bound directly to native shell
You can now control the exit code that CommandBox (or your recipe) exits with. Remember, zero is successful, any other number is failure.
Access the Exit Code of the previous command via a System Setting expansion of${exitCode}.
Recipes now have better support for exit codes. If a command throws an error OR returns a non-zero exit code, the recipe will stop and the exit code of the last command will be returned as the exit code from the recipe command. And if it was a non-interactive shell, the exit code will flow all the way back to the operating system from the box binary. Also, running "exit" inside of a recipe will no longer exit the entire shell, but just that recipe execution. This give you a lot better control over your recipes.
Let's take a moment to review an existing but little known feature of CommandBox that we borrowed from bash. This is not new, but you need to know this for the following section to make any sense. Similar to bash, CommandBox allows you to chain multiple commands together on the same line and make them conditional on whether the previous command was successful or not.
You can use && to run the second command only if the previous one succeeded.
You can use || to run the second command only if the previous one failed.
You can use a single semicolon (;) to separate commands and each command will run regardless of the success or failure of the previous command.
With the above building blocks, we can get clever to create simple conditionals to only run commands if a condition is met. Or these can simply be used to cause recipes to stop execution or to fail builds based on a condition. The following commands output nothing, but they return an appropriate exit code based on their inputs.
Returns a passing (0) or failing (1) exit code whether the path exists.
You can specify if the path needs to be a file or a folder.
Returns a passing (0) or failing (1) exit code whether truthy parameter passed. Truthy values are "yes", "true" and positive integers. All other values are considered falsy
Returns a passing (0) or failing (1) exit code whether both parameters match. Comparison is case insensitive.
Big thanks to John Berquist and Dominic Watson for helping add this new feature. You can now install packages directly from S3, Amazon S3, Digital Ocean Spaces and Google Disk.
There are several different authentications mechanisms available too:
Per bucket credentials in your CommandBox endpoint settings
Global credentials in your CommandBox endpoint settings
Environment variables
AWS credentials file
The full docs are here:
We've added 17 pieces of flair to our server tray menus to show you more information such as PID, webroot, and port as well as a new option to open up the web root in your file system explorer.
Here's the full list of everything that changed in CommandBox 4.2.0.
[] - .zip files in artifacts cache don't include empty folders
[] - "bash: no job control in this shell" error message (pull request)
[] - external commands/shells that are interactive (such as vi) are not working when executed from commandBox
[] - Allow arbitrary command params to have file/folder completion via annotation
[] - Allow custom completion UDFs to provide group and description
[] - New conditional commands pathExists, assertTrue and assertEqual
[] - Compact package listing
[] - Write a custom JGit progress updater that clears out at the end
[] - Hide JLine warning about dumb terminals
CommandBox> cd \\\\server-name/share
CommandBox> cd \\\\192.168.123.105/shareCommandBox> task run myTask
Please enter required field "Foo": _# positional
CommandBox> task run taskFileName targetName value1 value2 true
# named
CommandBox> task run taskFile=taskFileName target=targetName :param1=value1 :param2=value2 :param3=true
# Use a Flag
CommandBox> task run taskFileName targetName value1 value2 --:param3
CommandBox> task run taskFile=taskFileName target=targetName :param1=value1 :param2=value2 --:param3CommandBox> package linkCommandBox> package link /path/to/test/app/modulesequals-nocase()
contains-nocase()
Automatic detection for build servers like Travis-CI to hide progress bar animations. Docs Here
Cloning Git repos during install has a nice new progress bar that plays well with interactive jobs
You can use the aforementioned progress bar for your own purposes in custom commands and Task Runners. Docs Here
IAM role
[COMMANDBOX-811] - System settings not always used in server.json
[COMMANDBOX-829] - "testbox run" formats outputfile as JSON even if it's not
[COMMANDBOX-833] - Piping input to CommandBox broken
[COMMANDBOX-834] - Bleeding edge upgrades show wrong URL after S3 artifacts move
[COMMANDBOX-835] - --debug doesn't dump job logs on error
[COMMANDBOX-841] - Allow user to exit shell with specific exit code
[COMMANDBOX-842] - Improve recipe handling of exitCodes
[COMMANDBOX-818] - Upgrade to JGit 5.0.1
[COMMANDBOX-819] - Upgrade to Launch4J 3.12
[COMMANDBOX-820] - Skip forgebox checks on server start with server home dir that's already installed.
[COMMANDBOX-821] - Upgrade to JLine 3.8.2
[COMMANDBOX-823] - Pack200 Lucee bundles
[COMMANDBOX-825] - Upgrade to Lucee 5.2.8.50
[COMMANDBOX-826] - Default rewrites support /pms servlet used for Adobe CF 2018 performance monitor
[COMMANDBOX-827] - Default nonInteractiveShell setting in commonly known build environments
[COMMANDBOX-828] - Improve messaging when initting private package
[COMMANDBOX-837] - Reorganize the tray menus
[COMMANDBOX-843] - Upgrade to Wirebox 5.1
Now CommandBox will not only start up Lucee 4 servers with a single command, but you can start up Adobe ColdFusion, Railo, and even Luce 5 servers all at the same time. Now it's easier than ever to test your code across multiple platforms. CommandBox's embedded server makes for a fast and easy development machine too regardless of what CF engine you need.
config set modules.commandbox-update-check.enable=falseserver set web.mimeTypes.log=text/plain{
"web":{
"mimeTypes":{
"log":"text/plain"
}
}
} config sync pushconfig sync pullconfig sync diffserver set web.caseSensitivePaths=trueserver set web.caseSensitivePaths=falseload-balanced-proxy({'https://reports1.mydomain.com','https://reports2.mydomain.com'})CFSCRIPT-REPL: "test".len()
4
CFSCRIPT-REPL: [1,2,3].each( (i)=>echo(i) )
123server set preferredBrowser=firefox
server openserver set runwar.console.appenderLayout=JSONTemplateLayout!ping google.com!pwd | #listLast /!nano index.cfmexit 123echo ${exitCode}mkdir foo && cd foomkdir foo || echo "I couldn't create the directory"mkdir foo; echo "I always run"# Only run the package show command if the box.json file exists
pathExists box.json && package show# output server.json only if it exists
pathExists --file server.json && server show
# Create the dir foo only if it doesn't already exist
pathExists --directory foo || mkdir foo# If this package is private, then run a package script
assertTrue `package show private` && run-script foo
# If this env var is true, then run a command
assertTrue ${ENABLE_DOOM} && run-doom
# Use the boolean output of a native CFML function to control this echo
assertTrue `#fileExists foo.txt` && echo "it's there!"# If the name of our package isn't a specific string, only then set it
assertEqual `package show name` "My Package" || package set name="My Package"
# If this env var is the string "production", then perform a production install of dependencies
assertEqual ${ENVIRONMENT} production && install --productioninstall s3://my-private-bucket/myPackage.zipCommandBox allows you to create web aliases for the web server that are similar to virtual directories. The alias path is relative to the web root, but can point to any folder on the hard drive. Aliases can be used for static or CFM files. To configure aliases for your server, create an object under web called alises. The keys are the web-accessible virtual paths and the corresponding values are the relative or absolute path to the folder the alias points to.
Here's what your server.json might look like.
Here's how to create aliases from the server set command:
You can customize the error page that CommandBox servers return. You can have a setting for each status code including a default error page to be used if no other setting applies. Create an errorPages object inside the web object in your server.json where each key is the status code integer or the word default and the value is a relative (to the web root) path to be loaded for that status code. This is what you server.json might look like:
You can set error pages via the server set command like this:
You can customize these tray menus and add your own option for your convenience. To add a menu contribution to an individual server, add the following to your server.json:
We've updated to a new library that creates the tray icon for your running servers and the menu that appears when you right click. In addition to better support for some Linux distros, we've added some nice new icons to the menus.
Before any package script is run, CommandBox will look for another package script with the same name, but prefixed with pre. After any package script is run, CommandBox will look for another package script with the same name, but prefixed with Post. So if you have a package that contains 3 package scripts: foo, preFoo, and postFoo, they will run in this order.
preFoo
foo
postFoo
This works for built-in package script names as well as as doc package scripts. It also works on any level. In the example above, if you created a 4th package script called prePreFoo, it would run prior to preFoo.
If you use more than one ForgeBox login, perhaps a personal one and a company one, it can be a pain to keep logging in. It's also hard to remember the last user you logged in with. We've introduced two new commands to help with this. Run this to tell you who you are logged in as:
Run this to switch between users that you've previously logged in with:
We've added a new "onRelease" interceptor and package script to help with the workflow of publishing packages. Here's a run down of the three key points when bumping a package version.
preVersion - Announced before the new version is set using the bump command
postVersion - Announced after the new version using the bump command but before the Git repo is tagged.
onRelease - Announced after a new version is set using the bump command and after the Git repo is tagged.
Here is a typical package script work flow for working with a package that's hosted on GitHub and published to ForgeBox:
Then when you want to publish a new version of your package, commit your changes to Git and run the following commands:
Those two commands, in combination with your package scripts, would accomplish the following:
Run the package's test suite (a failure will abort the process)
Increase the minor version of the page
Tag the Git repo
Change the package's location property in box.json to point to the new tag
Commit the tag and new box.json
Publish the package to ForgeBox
Push the new box.json and Git tag
Announced while a package is being installed, after the package endpoint and installation directory has been resolved but before the actual installation occurs. This allows you to override things like the installation directory based on package type. Any values updated in the interceptData struct will override what the install command uses.
The Lucee version that the CLI runs on has been updated to be 4.5.3.020 which is also now the default engine to be used when you use the "server start" command and don't specify a cfengine. If you still want to start a web server on Lucee 4.5.2.018, then simply to this:
There are tons of little bug fixes in this version that you can view in our release notes.
[COMMANDBOX-187] - error when updating forgebox when slugname changes
[COMMANDBOX-422] - Empty command CFCs with no functions throw an error starting box
[COMMANDBOX-423] - Error "key [FUNCTIONS] doesn't exist" thrown when trying to start command box
[] - server name completion errors on server open command
[] - Document the resolvePath() differing behaviour on OSX vs Windows
[] - artifacts clean fails on OSX when there's .DS_Store files
[] - appSkeleton in the coldbox create app wizard needs to comply to IDs instead of local disk
[] - "server open" always opens localhost
[] - The trayicon in server.json does not work with relative paths
[] - update command doesn't respect original install path
[] - custom url rewrite location doesn't respect starting server by name in different location
[] - coldbox create crud doesn't work on Windows
[COMMANDBOX-316] - Add Fusion Reactor support for server
[COMMANDBOX-399] - Starting server in web root with WEB-INF treats CWD as war
[COMMANDBOX-416] - Add "open" flag to touch/new command.
[] - forgebox whoami command to show what user your API key is set to
[] - Update the storage of the APIkey in the commandbox settings to include multiple keys
[] - Have a forgebox use {username} command to switch the current api key
[] - Allow aliases (virtual directory) in web server
[] - Provide custom 40x and 50x error pages for servers
[COMMANDBOX-398] - Catch error scenario when user tries to start a server with a WEB-INF
[COMMANDBOX-410] - Upgrade to latest Runwar with several bug fixes
[COMMANDBOX-412] - Refactor string similarity to use external library
[] - Refactor semver CFC to be separate lib
[] - Refactor path pattern matcher CFC to be separate lib
[] - coldbox create app command does not list all templates
[] - Run pre/post package scripts by convention
[] - Add onRelease interception point/package script
[] - Serious performance issue with formatting large JSON strings
[] - Better handle syntax errors in a module's config
[] - Move onServerStart interception announcement to have server home dir
[] - Allow tray options to be customized
[] - Add onInstall interception point
[] - Incorrect custom model path in the unit test
[] - Exit REPL multi-line with extra enter stroke
[] - Don't use in-use port specified in start params or server.json
[] - Wait for full debug output when starting server with debug=true
[] - Append JVM args and runwar args to server defaults
[] - Update to Runwar 3.4.10
[] - Improve server status detections
[] - Show tag stack when executing .cfm files
[] - Improve tab completion of forgebox slugs
[] - Allow custom images inside tray menu plus disabled items
[] - Add overwrite confirmations to all coldbox create commands
[] - Improve version output in "forgebox show" command
[] - Upgrade engine to Lucee 4.5.3.020
We'v released a brand new ForgeBox.io site with a new UI, fresh features, and a shiny new API. CommandBox 3.1.1 is now powered by the new ForgeBox site and API which includes features like having more than one version for a package.
When you install packages from ForgeBox, you can use fancy semver ranges to specify the versions of a package you're willing to install. CommandBox will automatically grab the latest version that satisfies your version range. This also applies to the "update" command which makes keeping your projects' dependencies up-to-date even easier.
Another feature of the new ForgeBox site is the ability to create a new ForgeBox user right from the CLI. After creation, you'll be logged in with your ForgeBox API Key which let's you update your packages.
You no longer need to visit the ForgeBox web site to publish new or updated packages to ForgeBox. This is all available from the CLI once you've logged in. This means you can even automate the process of publishing to cut down on the number of manual steps it takes you to update your projects and share those changes with the community.
You can now run commands of your choosing automatically when certain events in the CLI happen (like publishing a package, or starting a server). You can also create ad-hoc collections of commands to run whenever you want to help automate things like building your projects or publishing to ForgeBox.
We hope you enjoy playing with the new features. As always, jump on our mailing list, or the CFML slack team with any questions or feedback. And remember, we provide tools like CommandBox CLI free of charge to the community as professionally-supported open source. If you have specific needs in the form of features or training for your team, Ortus is here to help you. Contact us with any questions.
[COMMANDBOX-347] - CFML Function commands do not work on recipes
[COMMANDBOX-348] - box update pulling down dev dependencies
[COMMANDBOX-350] - Exception in packageservice determining testbox slug runner
[] - Git clone doesn't obey commit hash
[] - tail command doesn't handle CR and LF correclty
[] - Linux: CommandBox 3.1.0-1: Fails to start
[] - Linux distros: /usr/bin/box created with wrong permissions
[] - Progress bar errors if console is too small
[] - Slug auto-complete doesn't work with ForgeBox 2.0
[] - "forgebox search" doesn't work with ForgeBox 2.0
[] - bump command creates invalid version if it starts blank.
[] - CF servers create WEB-INFcfform directory in server root
[COMMANDBOX-77] - Start server on any engine
[COMMANDBOX-216] - ForgeBox 2 API Integration
[COMMANDBOX-335] - forgebox register command
[COMMANDBOX-336] - forgebox login command
[] - forgebox publish command
[] - Creation of API Docs for internal CommandBox Core
[] - Update S3 Sync for CommandBox to publish core API Docs
[] - Update the coldbox create command to make the skeleton be a 'name,git+url,http' endpoint
[] - Add command to output system log file
[] - Allow forgebox downloadURL to be any endpoint ID
[] - Allow a package to have listener scripts run by convention
[] - Add pre/postVersion, pre/postPublish interception points
[] - Allow interactive shell (scripts/recipes) to have more than one command per line
[] - bump command tags and commits Git repo if present
[] - Global default for server settings
[] - New Icons for Multi-Engine taskbars
[] - Ability to run ad-hoc scripts
[] - Track installs in ForgeBox 2.0 API
[] - Add onServerInstall interception point for addition engine config
[] - Allow server set/show/clear to target a custom JSON file
[COMMANDBOX-352] - Missing 'models' namespace on model test creation
[COMMANDBOX-383] - Update Adobe CFEngine wars to have latest updates
[COMMANDBOX-293] - Return with exit code 1 when things fail
[COMMANDBOX-338] - Add ability to use environment variables to supply java args for BOX itself
[COMMANDBOX-341] - install my-module installs unneeded devDependencies
[] - Add ability to specify a server.json by path
[] - Modify build to include sdk format of Unix binary
[] - Improve error message when using "box" from interactive shell
[] - Convert all existing ForgeBox calls to new API format.
[] - Improve messaging and logging when errors connecting to Forgebox
[] - Enhance semver logic for satisfying versions
[] - Allow param completion UDF to see typed text
[] - Capture full java exception stack from Jgit errors
[] - Convert CF Engine downloads to S3/ForgeBox
[] - Fix right click options on server tray icon to be non-Lucee
[] - Allow masking of user input
[] - Auto-correct rewritesEnabled to be rewritesEnable in the start command
[] - Update module scaffolding to create in modules_app folder.
[] - Make help for commands more intuitive
[] - Don't create init methods for models if included in the method list
[COMMANDBOX-390] - Switch create controller command to create handler command
CommandBox now has a JSON file of settings that can be used to configure any kind of behavior we want. We're still working on implementing features that actually use the settings, but the first will be the ability to set up a proxy server for your corporate network. Config settings give us a place to store ad-hoc settings like this as well as an API for retrieving them. What's great is the settings JSON file can store ANY information, including complex structs and arrays so feel free to use it for your own purposes as well. You can interact with config settings like so:
install commandbox-fusionreactor
fr register "your FR license key"
server start
fr open{
"web" : {
"aliases" : {
"/foo" : "../bar",
"/js" : "C:\static\shared\javascript"
}
}
}server set web.aliases./foo = bar{
"web" : {
"errorPages" : {
"404" : "/path/to/404.html",
"500" : "/path/to/500.html",
"default" : "/path/to/default.html"
}
}
}server set web.aliases.404=/missing.htm{
"trayOptions":[
{
"label":"Foo",
"action":"openbrowser",
"url":"http://${Setting: runwar.host not found}:${Setting: runwar.port not found}/foobar.cfm",
"disabled":false,
"image":"/path/to/image.png"
}
]
}forgebox whoamiforgebox use myUser"scripts":{
"preVersion":"testbox run",
"postVersion":"package set location='gituser/repov#`package version`'",
"postPublish":"!git push --follow-tags"
}bump --minor
publishstart [email protected]+018# Start the latest stable Railo engine
CommandBox> start cfengine=railo
# Start a specific engine and version
CommandBox> start [email protected]
# Start any Java WAR
CommandBox> start WARPath=/var/www/myApp.war# A specific version
CommandBox> install [email protected]
# Any version with a major number of 4 (4.1, 4.2, 4.9, etc)
CommandBox> install [email protected]
# Any version greater than 1.5.0
CommandBox> install foo@>1.5.0
# Any version greater than 5.2 but less than or equal to 6.3.4
CommandBox> install "foo@>5.2 <=6.3.4"CommandBox> forgebox registerCommandBox> forgebox publish{
"name" : "My Package",
"slug" : "my-package",
"version" : "1.0.0",
"scripts" : {
"postVersion" : "package set location='gitUser/gitRepo#`package version`'"
"postPublish" : "!git push"
}
}
This is perhaps the most radical thing we've done in CommandBox to date and it is huge. We've introduced modules (just like ColdBox) into the actual CLI itself. A module is a unit of code re-use that allows you to take a folder of code that follows a few simple conventions and drop it into a module-aware application for instant extension. This means that we've broken out all the internal commands into system modules for organization. What's more, you can write your own CommandBox modules that hook into the internal workings with interceptors, register their own custom commands, or help manage settings or servers. Modules can be placed on ForgeBox and installed by your friends in seconds to extend the core of CommandBox. The benefits here can't be understated. Check out the docs and go through the quick, easy steps to create your first CommandBox module.
Not only can modules have settings, but you can also override a module's default settings easily with config settings that follow a simple convention. For example, if a module named "foo" has a setting named "bar", you don't need to edit the module's code to change the setting. Simply run this command:
CommandBox interceptors, like modules, work the same way that ColdBox interceptors do. They give you hooks that you can register to listen to events broadcast by the CommandBox core, or custom events of your own design that you announce. These are very powerful for being able to extend and modify how the core CLI works to build upon it. Interceptors are bundled inside modules so they install quickly and easily. Distribute them on ForgeBox as well. I've already created a simple example module that uses the onCLIStart interceptor to modify the ASCII art banner that appears when you start CommandBox.
Here's some of the core interception points:
onCLIStart
onCLIExit
preCommand
postCommand
onServerStart
onServerStop
onException
preInstall
postInstall
Now you can write modules that check for upgrades on CommandBox startup, manipulate the output of commands, log exceptions, customize server startup, or audit what package you install the most!
We've had the ability for custom commands for a while, but they were limited and didn't easily allow you to include additional CFC files with your commands. Now with the addition of modules, your custom commands can be package in a module right alongside settings, interceptors, or services. We also simplified the creation of custom commands so things like extending our BaseCommand class is optional thanks to WireBox's virtual inheritance. We hate boilerplate as much as you do!
There are already some cool custom commands popping up on ForgeBox. Check out this community addition for making http calls from the command line similar to curl.
This feature has been a long-time coming. There are a lot of options you can set when starting a server, and portability has been hard for people wanting to distribute an app that needs to start with custom JVM args, rewrites, or a specific port. Now all server startup options can be set in your web root in a server.json file which will be used automatically the next time you run "start". You interact with these settings the same as package or config settings.
We've had the "run" command for a while now that allows you to run native binaries from the interactive shell, or from a CommandBox recipe. The output is returned which allows you to create mashups that pipe the output of OS commands directly into CommandBox commands. We took this a step further and borrowed from other CLIs out there so now the parser allows you to call native OS binaries by simply prefixing an exclamation mark (!) in front of the binary name. Now only are OS commands run in the current working directory, they are also executed via the shell for that machine which makes non-binaries and aliases like "ll" function.
This is a really neat feature that allows you to actually run CFML functions straight from the CommandBox CLI as commands. Just prefix the function name with a hash sign (#) and then type the function name with no parenthesis. Any parameters to the function can be passed (or piped) into the command like normal named or positional CLI command parameters.
This really gets cool when you start piping the output of commands together to string together mixtures of CommandBox commands and CFML functions for fancy one-liners. Here's some string manipulation. The first one does some list manipulation. The second one outputs the lowercase package name.
But wait, there's more! You can even use struct and array functions. Their output is returned as JSON and automatically deserialized as input to the next command. Keep in mind that piped data gets passed in as the FIRST parameter to the next command. This outputs a nice list of all the top-level dependencies in your package.
Parameter values passed into a CommandBox command don't have to be static. Any part of the parameter which is enclosed in backticks (`) will be evaluated as a CommandBox expression. That means that the enclosed text will be first executed as though it were a separate command and the output will be substituted in its place.
You can really go crazy with these mashups by combining CFML functions too. This example sets a property in a package's box.json that's equal to a nicely formatted date:
We've really focused on doing CommandBox development now with the possibilities opened up with the addition of modules. One pain point of extending CommandBox was calling other commands since parameters needed to be escaped. We created a nice method-chaining DSL to help execute any other command from inside of your custom commands.
You can even nest the DSL to pipe output between commands:
In line with the previous item, we've made it yet easier to write custom modules that extend the functionality of CommandBox by adding new WireBox injection DSLs. Everything inside of CommandBox is created and autowired by WireBox. You can now ask WireBox to inject core services, module settings, or config settings.
[COMMANDBOX-144] - Starting a server by short name doesn't work
[COMMANDBOX-285] - Tag REPL seems to be unavailable
[COMMANDBOX-300] - REPL output cannot be piped
[COMMANDBOX-305] - url rewriterules in commandbox incorrect
[] - Brew fomulas SHA1 mismatch
[] - Starting server from OS shell doesn't always work
[] - Restarting server saves openBrowser as false in server.json
[] - Can't clear JSON properties with dash in the name
[] - Coldbox create view commands break if name includes package
[] - CommandBox TestBox array of runners does not run
[COMMANDBOX-52] - Provide a more programmatic way to run commands/tasks like a method
[COMMANDBOX-111] - Allow native binary execution with exclamation mark
[COMMANDBOX-266] - Add server.json to default server settings
[] - Global CommandBox setting file
[] - Disable sendfile in runwar server
[] - Refactor JSON handling out of package commands for reuse
[] - Allow # as a REPL shortcut to run CFML tags or functions
[] - Allow expressions in command parameters
[] - Add option to server start for enabling/disabling directory browsing module
[] - Allow commands to be piped in to box
[] - Override module settings with config settings on module load
[] - WireBox injection DSLs for module config and settings
[] - Handle struct of environment variables in server.json
[] - Add additional helper reference to the Executor
[COMMANDBOX-301] - Remove bleeding edge builds from production Debian repo.
[COMMANDBOX-121] - Standardize command packaging
[COMMANDBOX-205] - HTTP Calls don't work behind company proxy
[COMMANDBOX-226] - Use virtual inheritance for commands
[] - Allow ad-hoc JVM args when starting server
[] - Add modularity
[] - Add event-listener model to CommandBox
[] - Improve error handling in CFLib endpoint
[] - Alias Execute as exec
[] - Return better details from progressable downloader
[] - Run command uses same environment as box executable when it was first started
[] - Improve error handling in HTTP endpoint
[] - Update to latest version of WireBox
[] - bump command reset minor and patch
[] - bump runwar version to 3.3.0
[] - Enhance server rewrites for file/dir detection
[] - Refactor core commands to be modules
[] - Move application templates into the coldbox-commands module
[] - Move scaffolding templates into respective modules
[] - Improve error handling in commands
[] - Shortcut to cd into directory after mkdir command
[] - Run command doesn't run in the same CWD as CommandBox
[] - Allow run command to run any OS command from the shell
[] - Allow ConfigService to use nested setting keys
[] - Improve parsing of run and ! command
[] - Allow user to set custom shell with config setting
[] - warn user if package has invalid JSON file
[] - Bump JRE version to 1.8.0_72
[] - Embedded server doesn't sent proper headers for SVGZ files
[] - Support ContentBox installation paths
Every Config Setting can be overridden by convention by creating environment variables in the shell where you run box. This is ideal for CI builds where you want to easily set ForgeBox API keys, or tweak settings for your build.
More Info: https://commandbox.ortusbooks.com/config-settings/env-var-overrides
Every server setting can be overridden by convention by creating environment variables in the shell where you run box. This is ideal for CI builds where you want to easily set ports, or tweak settings for your build.
More Info:
CommandBox now has out-of-the-box support for the HTTP/2 protocol. It is always enabled by default and browsers will use it when you're serving over HTTPS.
More Info:
Thanks to a massive effort from Scott Steinbeck, the CFML world has a new of the , which is what powers the popular . We've plugged this new library into CommandBox and exposed it in the following ways.
We've added a new jq command which behaves roughly like the bash counterpart. You can pipe in JSON, or read the JSON from a file and apply a JSON query against it which can be used to filter, massage, rewrite, map, or filter the JSON into a new JSON object.
We've also added the ability to specify powerful jq filters to the "package show", "server show", and "config show" commands directly. Just prefix your filter with the text "jq:" like so:
The jq command and JMES spec are very powerful and probably do ! Make sure you check out the docs for more ideas.
More Info:
CommandBox's AJP listener (provided by Undertow) is already protected against the . However, if you would like to set up an AJP secret as well to ensure all requests coming into the AJP listener are from a trusted source, you can do this by setting the web.ajp.secret property.
For this to work, you must also configure your AJP proxy in your web server to send the same secret!
More info:
We've updated the version of WireBox inside the CLI and now have access to the AsyncManager for sweet threading and scheduled task support.
CommandBox is using an AsyncManager scheduled task thread now to redraw interactive jobs and progress bars. Look out for some new eye candy hiding in your server starts and package installs!
More Info:
The print helper in commands and Task Runners has a new toy that will print ASCII representations of tabular data thanks to a pull request from Eric Peterson. You can see it in the output of the outdated command.
And you can use it in your Task Runners like so:
When scaffolding ColdBox handlers, we have support for ColdBox 6.x REST Handlers now.
You can enable extra Resource Manager Logging when troubleshooting file system issues:
You can force case sensitivity on a Windows server:
You can force case Insensitivity on a Linux server:
You can enable a cache of file system lookups of servlet paths. This is only for production and will eliminate repeated file system hits by your CF engine, such as checking for an Application.cfc file on every request, or testing where the servlet context root is. Standard Adobe ColdFusion installations have a similar cache of "real" paths from the servlet context that is tied to a setting in the administrator called "Cache Webserver paths" but that setting is not available and does not work on CommandBox servers for some reason. This setting would apply to any CF engine.
More Info:
When using a CommandBox web server in production, you may wish to force your users to visit your site over HTTPS for security (and for HTTP/2 to work). However, it is desirable to still have your web server listening on HTTP so a user just typing your address in his browser can still connect to HTTP and then redirect. CommandBox can be configured to redirect all HTTP traffic over to HTTPS with the following setting.
If you want to go one step further, you can add a Strict-Transport-Security header to your site. This instructs the browser to automatically use HTTPS every time the user visits your site again.
More Info:
CommandBox won't use ANSI color formatting when running inside of a non-interactive terminal. However, build servers such as Gitlab or Jenkins (via a plugin) support ANSI color sequences. You can force CommandBox to use colored text output with this new setting:
One of the common hangups for people dealing with Lucee Server and Adobe ColdFusion CF Engines versions, is that CommandBox follows the npm-flavor of the semantic version spec and expects
instead of
So we've loosened our sem ver library to treat the 4th number as a build ID if there is no plus sign in the version (instead of just discarding the 4th digit as the spec requires)
Most modern browsers allow you to make up any subdomain you want before localhost such as mySite.localhost and will simply resolve them to localhost (127.0.0.1) even without a hosts file entry. CommandBox now supports using these domains and will bind your server's ports to localhost even without using the commandbox-hostupdater module.
More Info:
You can customize where CommandBox lives by placing a commandbox.properties file next to the box binary. We have better support for relative paths now so you can have portable CommandBox installations such as a thumb drive.
More Info:
The only known breaking change in this release is if you try to start two servers on the same HTTP port. Previously, CommandBox would just ignore the port on the second server and choose a random port. Due to the confusion that can cause, CommandBox will now throw an error. If you want to override an explicit port locally, set the port to an empty string or a 0 and CommandBox will choose a random port for you. For example, if you are using the commandbox-dotenv module, you can put this line in your project's .env file to override the port in your server.json
If you have a server with the server.json outside of the web root and at least one relative web alias, the alias will not work on the first start of the server. The workaround is to change the web aliases to be relative to the folder that the server.json lives in.
Some users receive the following error when starting CommandBox after updating:
If you see this, it means you have an older version of the commandbox-dotenv module installed that is not compatible with the new version of WireBox inside CommandBox. To fix, delete this folder out of your CommandBox home:
Now the CLI will start and you can install the latest version of dotenv.
Here is the list of all tickets included in the 5.3.0 release.
web server aliases in server.json should be relative to the folder of the server.json
${Setting: serverinfo.foo not found} expansions don't work in a folder that's not the web root
Re-using same server.json with two names doesn't work
Corrupted WireBox metadata cache file will prevent CommandBox from starting
HTTP2 Additional Port Handling and Flexibility
REPL & Command highlighters don't handle square brackets [] well
JVM arg ending in backslash doesn't work
Coldbox Watch-Reinit Watches Unwanted Folders
Package installation doesn't always optimize duplicate packages
Globber.count() bombs if run after .asQuery()
Starting [email protected] will use light-light when using CommandBox Light
Loading class files in task runner doesn't work
variables scope doesn't persist between task dependencies
tokenreplace removes BOM from files
trayOptions.json not respecting serverHomeDirectory
Server status not always correct.
Add singleServerHome option to not auto-deploy different versions of servers
Improve error message if version isn't found in ForgeBox
Loosen parsing of build ID in semver
Treat empty HTTP port the same as 0 (chooses random port)
Remove runwar hack that sets java vesrion
Runwar timesout when Lucee's new warmup flag is used
Add option for PID file
Allow generic override of server start settings via env vars or java sys props
Have parser ignore quotes inside a token
Cache "/" path lookup in Runwar's mapped resource manager
Add setters for run() arguments in CommandDSL
Default embedded server only needs to copy lucee.jar
Have outdated also show latest version of a package
Integrate AsyncManager into CommandBox
Upgrade to latest WireBox 6.x
Bundle testbox in testbox module to prevent auto download
Halt server start if asked for port is in use
the git bullet train car disappears while current working directory is not the root project folder
Support AJP secret in Undertow
Rethink the way the screen is redrawn upon extensive installs so it can be fluent on all screen sizes
Can't link package if no modules are installed
New first-class setting to enable HTTP2
Comment out the default environment vars in .env when createing a new coldbox app
Allow server rules to be commented out with #
Allow servers to use random.localhost domains
Integrate JMES JSON filtering
Debug when lucee-extensions don't find Lucee server
Allow JSON service to create implicit arrays
Add config setting to enable ANSI colors in dumb terminals
Allow generic override of config settings via env vars or java sys props
Add --json flag to server list
Add HTTP redirect options
Add optional servlet path cache in Runwar
Allow caching of task runners
Support for generating ColdBox RESTHandlers
Support default module export as @moduleName,
Allow commandbox_home to be relative
We upgraded to a new version of the underlying library that handles the CLI interactions which brought a number of nice things.
The cls command now clears background colors that used to be left on the screen
Tab completion works better when two folders with different case were in the same directory
When developing commands, default text can be placed in the buffer when asking the user for input.
Fixed some instances where undesired spaces would get added when hitting tab completion
We also made the following improvements to the CLI shell environment
You don't need to escape an equals sign that's part of a quoted parameter value
Removed extra line break when piping the output of the "run" command
Fixed some regressions when piping text to the box binary
Added better BOM detection when tailing files
The tail command used to only take a file as input, but now you can pipe raw text in as well.
When tailing a file, you can specify the --follow flag and any new text added to the file will live stream to your console until you press Ctrl-C to stop. This is perfect for tailing application logs while your code is running to see new entries.
The server log command also has a new --follow flag added to it which will live stream a running server's console log to the shell until you press Ctrl-C to stop it.
The artifact storage location is now customizable thanks to Chris Schmitz, allowing you to store your artifacts on another drive, or even a network share so your coworkers can all use the same "local" copies.
CommandBox will always re-download snapshot versions of packages to make sure you get a fresh version.
When you try to install a package and CommandBox is offline, instead of giving up, we'll now look in your local artifacts cache for a satisfying version. If we find a package that works in your artifacts, we'll install it instead.
We added a few new ways to start up a server. You can use the --debug flag when starting a server to see additional information and the foreground process also waits for the server to start before finishing. Now when starting in debug mode this output will stream to the console as it becomes available instead of showing up all at the end. This is great to troubleshoot errors that are happening on server start as well as finding the slow parts of the startup sequence.
By default, your servers fire up in a new process that runs independently from the CLI. There is now a new flag called --console that will start the server up in the foreground and stream the console output to the CLI for you to watch. The start command will not end and will keep streaming the console output until you press Ctrl-C to stop it. You can also use --debug alongside the console flag for even more information.
If you have an app that uses a default welcome file other than index.cfm, you can control that now.
This is one that you take for granted if you've always used Adobe ColdFusion, but for any CF server not running on Adobe's custom version of Tomcat, you can't use SES URLs in a subfolder like this without adding custom mappings to your web.xml:
We've added just a dash of servlet fairy dust that now makes this possible. Note, if you want to hide the index.cfm with URL rewrites, you'll need a for it to work in a subfolder.
All server engines and versions have been standardized to install into the same reliable directory structure to make it easier for you to script config file replacements.
For Adobe CF WARs, the xml config files are located in the WAR here: /WEB-INF/cfusion/lib/neo.*.xml
For the Lucee server context, the xml config file is located in the WAR here: /WEB-INF/lucee-server/context/lucee-server.xml
For the Lucee web context, the xml config file is located in the WAR here: /WEB-INF/lucee-web/lucee-web.xml.cfm
To find the folder where your WEB-INF lives (as well as lots of other information about your server) you can use the server info command to get useful properties about a starting or started server.
Combining these allows you to do some nice one-liners like scripting out the copying of config settings when the server starts up. Hint: !
Read more about this here:
Until now you've had to live with the special directory that CommandBox uses to install your servers into. Now you can get full control over where the server goes which is perfect for creating a folder "seeded" with config files that you want the server to use when it first starts. This trick (with some ) will also allow you to commit changes to your config files back to the repo while ignoring the rest of the engine.
Customize Lucee's server context folder with the serverConfigDir setting
Customize Lucee's web context folder with the webConfigDir setting
Customize where the entire WAR explodes to for any server with the serverHomeDirectory setting
This is very powerful since it gives you full control over the server deployment. Server installs have also been changed to NOT overwrite existing files when they unzip, so any config files you place in the server home prior to starting the server will be left in place and used by the server when it starts up. This means you can have datasources, mappings, and more start out-of-the-box for your site on a fresh install.
Read more about this here.
There were a few small changes in the "undocumented" core of CommandBox that got rearranged to make more sense. There's a small chance you may have been relying on one of them, so take note:
The serverHome property that comes back from server info has been renamed to serverHomeDirectory.
The webConfigDir property used to point to the server home, but this was incorrect. The property will now be blank unless specified. Use serverHomeDirectory instead.
The default Lucee server used to have a non-standard folder structure, but now matches the WAR folders of all other servers
[] - `box reload` doesn't clear background colors from buffer on Windows
[] - tab completion doesn't always work on paths
[] - CommandBox timeout is shorter than runwar timeout when starting Adobe servers
[] - ability for server start to deploy web-inf locally instead of server location
[] - Control list of welcome files
[] - Make artifacts path customizable
[] - Support for double wildcard servlet mappings
[] - Set default password Lucee CLI context
[] - absolute paths on Windows don't follow the same rules as DOS
Even though this is a new major version, it should be very backwards compatible. CommandBox proper has no known backwards compatibility issues we're aware of, but note we've bumped libraries like Lucee Server, Undertow, and Java support, so you may notice differences due to these 3rd party lib updates. For example, one in Lucee 5.3 (which now powers your default server) is how page output buffer is handled.
You should be able to simply replace your box.exe binary and run it to get the same in-place upgrade you're used to. If you run into issue, you can try removing the "engine" folder in your ~/.CommandBox folder and try again. If you need to downgrade for any reason, replace the box binary with the old version, remove the "engine", "cfml", and "lib" folders in your CommandBox home and they will get re-created on the next run.
You may also notice the box binary is larger now. From 44 Megs up to 77 Megs. This is a regrettable byproduct of us turning off the Pack200 process we used to run against the Lucee jar. Lucee seems to have some bugs that causes it to re-download a bunch of OSGI bundles when we compress them and we can't figure it out, or get support on the matter, so for now we're just not compressing as much stuff. This was a huge blocker for anyone needing to run CommandBox on a PC with no external internet access as Lucee provides no mechanism to turn off it's auto-download behavior.
config set name=mySetting
config set modules.myModule.mySetting=foo
config set myArraySetting[1]="value"
config set setting1=value1 setting2=value2 setting3=value3
config show settingNameconfig set modules.foo.bar=valueinstall commandbox-http-commandserver set web.http.port=8080
server show web.http.port
server start!myApp.exe
!git pull
!dir#now
> {ts '2016-01-19 16:14:23'}
#hash mypass
> A029D0DF84EB5549C641E04A9EF389E5
#reverse abc
> cba#listGetAt www.foo.com 2 . | #ucase | #reverse
> OOF
package show name | #lcase
> my packagepackage list --JSON | #structFind dependencies | #structKeyList
> coldbox,docbox,testbox,cbmessageboxecho "Your CommandBox version is `ver` and this app is called '`package show name`'!!"
> Your CommandBox version is 3.0.0 and this app is called 'Brad's cool app'!package set createdDate=`#now | #dateformat mm/dd/yyyy`
> Set createdDate = 1/19/2016command( 'cp' )
.params( path='/my/path', newPath='/my/new/path' )
.run();command( "echo" )
.params( "hello#chr( 10 )#world" )
.pipe(
command( "grep" )
.params( "lo" )
)
.run();property name='shell' inject='commandbox';
property name='ModuleService' inject='ModuleService';
property name='MyService' inject='MyService@MyModule';
property name='mySetting' inject='commandbox:moduleSettings:moduleName:mySetting';
property name='myConfigSetting' inject='commandbox:ConfigSettings:myConfigSetting'box_config_endpoints_forgebox_APIToken=my-token-here
# JSON which will be parsed
box_config_proxy={ "server" : "localhost", "port": 80 }
# dot-delimited keys (windows only)
box_config_endpoints.forgebox.APIToken=my-token-here
# array indexes too (windows only)
box_config_foo.bar[baz].bum[1]=test
cp command will create destination directories
Windows paths that start with \ or / will be treated as absolute (like DOS works)
All OS's will expand ~ to the current user's home directory
The web context in Lucee servers used to be in a folder named after a random hash which was kind of silly (and impossible to find). It's now always under /WEB-INF/lucee-web
All "internal" Lucee servers used to share a single server context (and settings). All servers are now separate. Use the serverConfigDir setting to point more than one server at a single server context or use one of the new options for copying configs.
The core CLI server context now has a default password of "commandbox" set. This would apply if you wanted to use the tag from .cfm files executed via the shell or a custom command.
Several new properties were added to the server info data for your convenience. Check them out by starting a server and running server info --JSON.
[COMMANDBOX-507] - Staring server with defautlPort in box.json, adds optional keys back in.
[COMMANDBOX-509] - Ignore equals in a quoted parameter
[COMMANDBOX-522] - Improve error message when endpoint fails installing server
[COMMANDBOX-526] - Use hostname for "coldbox reinit"
[COMMANDBOX-533] - Error starting CommandBox in some instances
[COMMANDBOX-539] - "run" expressions contain line break on Linux
[COMMANDBOX-542] - Regression in piping input from OS console
[COMMANDBOX-543] - Piping a file of commands with a BOM into box fails
[COMMANDBOX-544] - package set doesn't always set what you expect
[COMMANDBOX-545] - The `commandbox-home` when used in symbolic link mode fails on mac
[COMMANDBOX-504] - Allow raw text to be piped into the tail command
[COMMANDBOX-506] - Add startTimeout parameter to control how long to wait for server to start
[COMMANDBOX-508] - Console flag to server start
[COMMANDBOX-523] - new preServerStart interceptor
[COMMANDBOX-534] - Add --follow flag to "server log" to tail it and follow
[COMMANDBOX-535] - cp command create directories if necessary when copying file
[COMMANDBOX-536] - If Forgebox is down, use artifacts cache on installs
[COMMANDBOX-538] - Allow programmatic access to server info
[COMMANDBOX-546] - Allow custom server home dir
[COMMANDBOX-498] - Upgrade engine to Lucee 4.5.4.017
[COMMANDBOX-499] - improve contentbox-widget package installation conventions
[COMMANDBOX-501] - Stream server start log when debug is true
[COMMANDBOX-510] - Improve JSON parsing when piping complex values to cfml command
[COMMANDBOX-511] - Allow webConfigDir, serverConfigDir & webXML to be relative
[COMMANDBOX-514] - Improve rewrites to not fire on SES URLs in a subdir
[COMMANDBOX-515] - server forget does not stop server if running
[COMMANDBOX-518] - libdirs aren't relative when starting a server
[COMMANDBOX-519] - Libdirs aren't used for non-internal servers.
[COMMANDBOX-520] - Improve output of server info and server list commands
[COMMANDBOX-521] - Stop loading java agent for Lucee 5
[COMMANDBOX-524] - Improve starting internal server when not specifying buildID
[COMMANDBOX-528] - Improve server start intercepors
[COMMANDBOX-529] - Standardize server home directories
[COMMANDBOX-530] - Upgrade to JLine 2.15-snapshot
[COMMANDBOX-531] - Allow default text to be put in buffer for ask() function
[COMMANDBOX-532] - Don't cache snapshots
[COMMANDBOX-537] - Remove .git folder when cloning a Git repo
[COMMANDBOX-540] - Support ~ as a shortcut for the user home directory like bash.
[COMMANDBOX-547] - Improve tab completion for server/package/config set commands
[COMMANDBOX-549] - Spruce up the opening ASCII art
[COMMANDBOX-550] - Pass JVM args through to background server process
[COMMANDBOX-551] - Fix working directory of xxxInstall package scripts
CommandBox> forgebox search | tail lines=50CommandBox> tail myFile.log --follow
CommandBox> system-log | tail --followCommandBox> server log --followCommandBox> config set artifactsDirectory=/path/to/artifactsCommandBox> install [email protected]CommandBox> server start --debugCommandBox> server start --console
CommandBox> server start --console --debugCommandBox> server set web.welcomeFiles="go.cfm,main.cfm,index.cfm,index.html"site.com/myFolder/index.cfm/home/login# Find the "home" directory for a server (where the WEB-INF lives)
CommandBox> server info property=serverHomeDirectory
# Find the out log file
CommandBox> server info property=consoleLogPath
# Get all possible values as JSON
CommandBox> server info --JSONCommandBox> cp neo-datasource.xml '`server info property=serverHomeDirectory`/WEB-INF/cfusion/lib/neo-datasource.xml'And finally, if you have installed any custom OSGI bundles into your CLI, they will be wiped by the upgrade process now. We didn't want to have to to do this, but Lucee has bugs that cause errors when doing in-place upgrades with the old OSGI bundles left in place and we couldn't get it fixed, so this was the only way to ensure in-place upgrades would "just work" without errors. We are leaving the Lucee engine folder, so any settings you may have put into your CLI should remain in place.
There's a lot of new stuff in CommandBox 5.0.0. Here's an overview. One of the biggest new "features" is you can finally use CommandBox on Java 11+. This was not possible in CommandBox 4.x due to the version of Lucee not fully supporting newer versions of Java. Now that Lucee has been bumped to 5.3 (see below) you are free to leave java 8 behind for the CLI. Note if you're using CommandBox to start up older versions of Adobe CF or Lucee/Railo, you may still need to use java 8 specifically for your servers.
Let's start with the library updates. For the most part, all the jars we bundle are a "black box" but in reality, every update is usually for new features, fixes, or security patches. Here's an overview of the new libs:
WireBox 5.6.2
JLine 3.13.0
Runwar 4.0.3 (major bump from 3.x)
JBoss Undertow 2.0.27.Final (major bump from 1.x)
JGit 5.5.1.201910021850-r
Lucee 5.3.4.77("major" bump from 5.2)
AdoptOpenJDK jdk-11.0.6+10 (In the JRE-included download) (major bump from 8.x)
You can now use user/pass or personal access token authentication when cloning Git repos over HTTPS. This has been tested with Github and Gitlab and is an alternative to SSH keys. Please check the docs, as Github and Gitlab both expect slightly different inputs.
There is a new Lex installation endpoint to help you acquire Lucee Extensions your app needs via the "install" command or a dependency in your box.json file. If the current directory has a Lucee server in it, CommandBox will install the extension file directly into your server's "deploy" folder (server context)
The auto-install feature into your server will work on any Lex package, even one coming from ForgeBox:
Tuning your server is easier now. You can configure your Undertow worker-threads setting with first-class server.json property
Which gives you this in your server.json
We've also unlocked a method for you to set ANY valid Undertow option or XNIO option. So if Undertow supports it, you can configure it!
We've added a new experimental feature that lets you create a batch file, powershell script, or bash shell script that directly starts a server with the exact settings that you get from "server start". This is for you to create super-optimzed startups in Docker or Service that bypass the CLI steps and "lock in" the settings. No server.json or CFConfig, or dotenv code will be processed, but you will have a fast streamlined start that is the same every time. Couple this with our new "dryRun" flag on server start that will unpack the CF engine, but not actually start the server, and you can create your customs start script like so:
The Globber helper can now take more than one globbing pattern. This also means every built-in command in CommandBox that takes a globbing pattern, can now take a comma delimited list of patterns. We've also added an exclude list of globbing patterns to the dir command as well.
We've got a couple new handy commands to help you from the command line, "unique" (modeled after the Bash "uniq" command)
And "sort" (modeled after the Bash "sort" command)
The "grep" command has received a "count" parameter if you just want the count of lines that match the regex (or no regex will count all lines)
The tray icon for your servers now has a new option under the "Open" menu that will open up the file system folder where the server home lives. This is nice for finding your CF Engine's log files.
There are a lot of bug fixes and even more enhancements I didn't cover above. You can read the full release notes here:
[COMMANDBOX-1069] - Remove extra stashes on url paths when servlet init params starts with WEB-INF
[COMMANDBOX-643] - Tray Icon not displaying on Debian8
[COMMANDBOX-711] - X Window Errors
[COMMANDBOX-812] - "Coldbox create resource" uses wrong paths on Windows
[COMMANDBOX-941] - urlrewrite.xml has file size of 0 on docker restart but not regular start
[] - CommandBox instances crashing because of TrayIcon rendering
[] - CommandBox always reads STDIN even when in non-interactive mode
[] - Using zsh exits out of CommandBox when running a binary command
[] - Shebang scripts no longer work without .cfm extension
[] - If custom rewrite file is already in correct destination, runwar overwrites it as 0 bytes
[] - worker-threads setting no longer has any affect
[] - Tray icon not showing in Ubuntu 18.04
[] - Undertow error output when starting server
[] - [RUNWAR] Tray menu placeholders such as ${Setting: runwar.port not found} are not replaced in sub menus
[] - regex string index out of bounds exception
[] - URL Rewrites fire incorrect on URL containing a space
[] - Browser doesn't open when server start
[] - Host updater does not work
[] - Server doesn't stop on Windows
[] - ConcurrentModificationException with undertow?
[] - Restrict /dumprunwarrequest to be used only on Unit Testing
[] - Remove trailing slash from Adobe updates path
[] - Default command parameters don't work on commands in namespaces
[] - Command DSL has unexpected behavior with equals sign in positional tokens
[] - Tab complete for negated flags isn't complete
[] - box fails to open in vSphere Web Client console due to outdated JLine jar
[] - Server start doesn't correctly expand relative Java Home directory
[] - slashes into the servlet init param paths
[] - Tray icon doesn't disappear on Windows when server stops from CLI
[] - Install dependency from box.json with env var placeholder gets overwritten with actual value
[] - coldbox create resource command ignores specsDirectory argument
[] - foreach cannot be interrupted with Ctrl-C
[] - validate non-numeric exit codes from the "exit" command
[] - Task Runner's loadModule() fails on path with period
[] - Tasks don't treat return 1 and setExitCode( 1 ) the same
[] - When a task sets a failing exit code, no output is sent to console
[] - Commands that set a failing exit code don't raise proper exception
[] - foreach, grep, and sed only break on chr(10)
[COMMANDBOX-148] - Ability to install/uninstall box server services
[COMMANDBOX-715] - Server command to explode server war but not start it
[COMMANDBOX-1007] - Set any valid XNIO option
[] - Add generic feature to set any valid Undertow option
[] - Allow no rest mappings to be supplied
[] - Tab completion for task targets
[] - New TestBox commands: generate visualizer and generate browser
[] - Update ColdBox module templates for 5.0 standards
[] - Expose Undertow worker-threads setting with first-class server.json property
[] - Support HTTPS username/password auth
[] - Option for server start to write file with full start args for direct Runwar call
[] - Add lex endpoint for installing Lucee extensions
[] - Add unique command to filter out duplicates rows of input
[] - Add sort command to sort rows of input
[COMMANDBOX-964] - Make sure the build works
[COMMANDBOX-965] - Document Setup in the Repo
[COMMANDBOX-995] - Vet all changes on Runwar since April 25, 2018.
[COMMANDBOX-885] - Enhance Globber to take more than one pattern
[COMMANDBOX-886] - Enhance Globber to have exclude patterns
[COMMANDBOX-963] - Update CLI to Lucee 5.3 and test Java 11
[] - Change CommandBox build to pull Ortus build of Runwar
[] - Output Runwar version and jar path in "info" command output
[] - Need Config for Max Thread Request at runwar
[] - Enhance dir command with new Globber features
[] - Optimize installation of packages with createPackageDirectory set to false
[] - Improve performance of print buffer by using String Builder internally
[] - Add --count flag to grep command
[] - Update CommandBox to Runwar 4.0.0
[] - Upgrade to JGit 5.5
[] - Tie into FusionReactor to report transactions for tasks, commands, etc.
[] - Default location to forgeboxStorage for package init command
[] - Improve default package naming of jar endpoint
[] - Add option to tray menu to open server home directory
[] - Update to latest WireBox
[] - Stop outputting extra line break for commands with no output
install git+https://username:[email protected]/user/repo.git
or
install git+https://[email protected]/user/repo.gitinstall lex:https://downloads.ortussolutions.com/ortussolutions/lucee-extensions/ortus-redis-cache/1.4.0/ortus-redis-cache-1.4.0.lex// ForgeBox slug for Ortus Redis Extension
install 5C558CC6-1E67-4776-96A60F9726D580F1server set web.maxRequests=200{
"web" : {
"maxRequests" : 200
}
}server set runwar.undertowOptions.ALLOW_UNESCAPED_CHARACTERS_IN_URL=true
server set runwar.XNIOOptions.WORKER_NAME=myWorkerserver start --console --dryRun startScript=bash startScriptFile=startmebaby.sh
// Later directly from bash...
./startmebaby.shdir **.cfc,*.cfm
dir paths=modules excludePath=**.md --recurse
dir paths=samples sort="directory asc, name desc"cat names.txt | unique
cat names.txt | unique --countcat names.txt | sort
cat names.txt | sort type=text
cat names.txt | sort type=numeric
cat names.txt | sort direction=descdir **.cfc | grep --count
dir | grep .*\.md --countbox_server_profile=production
box_server_web_http_port=8080
# JSON which will be parsed
box_server_web_ssl={ "enabled" : true, "port": 443 }
# dot-delimited keys (Windows only)
box_server_web.http.port=8080
# array indexes too (Windows only)
box_server_web_rules[1]=path-suffix(/box.json) -> set-error(404)
box_server_web_rules[2]=disallowed-methods(trace)server set web.http2.enable=true/false# Return array of dependency names
package show | jq keys(dependencies)
# Find dependencies with "cb" in their name
package show | jq key_contains(dependencies,'cb')config show jq:endpoints.forgebox.apiToken
# .. is the same as ...
config show endpoints.forgebox.apiToken
# or you can get fancy...
config show 'jq:keys(modules)'
# Impress your friends
package show "jq:[name,version]"
# Be the life of the party
package show "jq:contributors|split(@,' ')" server set web.AJP.secret=mySecret// Parallel Executions
async().all(
() => hyper.post( "/somewhere" ),
() => hyper.post( "/somewhereElse" ),
() => hyper.post( "/another" )
).then( (results)=> logResults( results ) );print.table(
[ 'First Name', 'Last Name' ],
[
[ 'Brad', 'Wood' ],
[ 'Luis', 'Majano' ],
[ 'Gavin', 'Pickin' ]
]
);coldbox create handler --restserver set runwar.args="--resource-manager-logging=true"server set runwar.args="--case-sensitive-web-server=true"server set runwar.args="--case-sensitive-web-server=false"server set runwar.args="--cache-servlet-paths=true"server set web.SSL.forceSSLRedirect=trueserver set web.SSL.HSTS.enable=true
server set web.SSL.HSTS.maxAge=31536000
server set web.SSL.HSTS.includeSubDomains=trueconfig set colorInDumbTerminal=trueserver start [email protected]+48server start [email protected]server set web.host=mySite.localhostcommandbox_home=../customHomebox_server_web_http_port=0The parameter [name] to function [get] is required but was not passed in.~/.CommandBox/cfml/modules/commandbox-dotenvinstall commandbox-dotenv
There are a number of pretty exciting new features and a pile of bug fixes. And as usual, input from the community via Pull Requests. Huge thanks to Pete Freitag, Kai Koenig, Matthew Clemente, Bobby Hartsfield, Scott Steinbeck, Daniel Mejia, and Miguel Mathus! Here's an overview of the new stuff in 5.2.0
We know library updates are boring, but they are important and we want you to know we take them seriously. Keeping up-to-date ensure you have the latest fixes and security updates from all the third-party libs we bundle in CommandBox.
Here's an overview of what we updated in CommandBox 5.2.0.
Upgraded Runwar from 4.1.2 to 4.3.8
Upgraded JBoss Undertow from 2.0.27.Final to 2.2.0
Upgraded UrlRewritesFilter to Ortus fork 5.0.1 with custom fixes
The Undertow bump is a minor update, but a pretty big deal. Ortus sent three pull requests to the core Undertow project fixing bugs and adding predicate logging. All of our pulls were accepted and merged into the core Undertow project and released in the 2.2 release.
Read more about library updates here:
This is a feature that we expect to grow in the future. We've started it out simple, yet powerful but left a lot of room to build on it. The two main goals here are
Make CommandBox secure-by-default so a server shoved in production comes nice and locked down
Makes it very easy for you to toggle off all the security stuff for development
CommandBox now has profiles you can assign to a server when you start it to configure the default settings. This is to provide easy secure-by-default setups for your production servers, and to make it easier to switch between a development mode and production mode.
There are 3 currently supported profiles. Custom profiles will be added as a future feature.
Production - Locked down for production hosting
Development - Lax security for local development
None - For backwards compat and custom setups. Doesn't apply any web server rules
In production mode, CommandBox will block access to your CF admin to all external traffic, will block all common config files such as box.json or .env and will block, the "TRACK" and "TRACE" HTTP verbs
You can set the profile for your server in your server.json
Or you can specify it when starting the server like so:
If a profile is not set, CommandBox looks for an environment variable called "environment" or it checks to see if the site is bound on localhost to try and guess the correct profile for you.
We've also added some new flags in your server.json to fully customize how your profile behaves.
Read more about Server Profiles here:
This is huge-- probably the biggest chunk of work, and it's actually what makes the server profiles above even possible! It's always been possible to perform basic lock downs with a custom rewrite file, but we've exposed an amazing built-in functionality of Undertow called the Predicate language. It allows you to create ad-hoc rules that apply to your server to provide any of the following:
Security - Block paths, IPs, or users
URL rewrites - Rewrite incoming URLs to something different
Modifying HTTP requests on the fly - Set headers, cookies, or response codes
An example of a server rule using Undertow's predicate language to block access to any box.json files looks like this:
One of the best things about these rules, is they don't have to be in a single monolithic XML file. Instead they can come from
An array of ad-hoc definitions in your server.json file or config server defaults
one or more external JSON or text file specified in your server.json or config server defaults
Built in CommandBox server profiles (see above)
Here's some examples of what can be in your server.json
There are TON of built in predicates and handlers your rules can use. We've documented some of them :
CommandBox also registers some custom rules in Undertow you can use for your CF apps:
There are lots of new docs on this. Read more about Server Rules here:
The more we use Task Runners for builds, scheduled tasks, and utilities, we've seen the need to have lifecyle events in the same manner as the preHandler and postHandler sort of stuff in ColdBox MVC. Now if a task runner has methods of this name, they will be executed automatically.
preTask - Before any target in the task
postTask - After any target in the task
aroundTask - Wraps execution of any target in the task
pre
The lifecycle methods are very powerful and can be controlled via whitelist and blacklists to control what targets they execute for. "Around" events are very easy to use thanks to the use of closure. There's a lot more details in the docs.
Read more about Task Runner Lifecyle events here:
The default namespace when using the $ {foo} system setting expansion syntax is box environment variable, Java system properties, and OS environment variables.
It is also possible to leverage built-in namespaces to allow expansions that reference:
server.json properties
box.json properties
arbitrary JSON file properties
Config settings
This gives you a lot more power now to be able to create dynamic configuration in your JSON files and even from the command line. Here are some examples:
And one of the coolest things is this implementation is driven by a new onSystemSettingExpansion interception point and completely extendable! That means you can write a module that powers something hypothetical like this:
Read more about System Setting namespaces here:
CommandBox has had the ability to enable/disable GZip compression in Undertow for a while. Now you can fully control when it activates based on the type or size of file, etc. This feature utilizes the same Undertow predicate language that we introduced above.
Read more about GZip Compression Control here:
This is a fun one. There are some specific commands that make use of the Watcher library in CommandBox such as testbox watch and coldbox watch-reinit. However, there is also now a generic watch command that will run any arbitrary command of your choosing when a path matching your file globbing pattern is added/updated/deleted. Use this to build custom watchers on-the-fly without needing to touch any CFML code to write a Task Runner.
That command will echo out "config files updated!" every time a JSON file gets changed in the current directory. Here's a more complex one:
That one will list every new file that's added in this directory and all sub directories.
Read more about the generic watch command here:
There are a handful of features in CommandBox that will open URLs for you in your default browser. We've had requests to allow the browser in use to be customized, so we've reworked all of that logic, consolidating it in some places and now you can control what browser CommandBox uses. To change the default browser for all URL opening functions use this:
Supported browsers are:
firefox
chrome
opera
edge (Windows and Mac only)
And you can even dial in a browser on demand for the browse and server open commands.
Read more about setting the default browser here:
Here are some honorable mentions.
The CommandBox Tuckey rewrites allow an .htaccess file that uses the mod_rewrite style syntax of rewrites. Previously, use of flags such as these didn't work:L
We've added a "restart" option to the tray icon that does exactly what you think it does.
There's a new trick supported in CommandBox's shell that we've borrowed that allows you to change directories and go "up" more than one directory with less typing:
You can now pipe the output of a previous command in CommandBox directly to a native binary like so:
In this case, clip is a Windows binary that will read the standard input and place that text on the clipboard.
We work hard to make every CommandBox upgrade backwards compatible. There's a couple things that you may notice different in this release. They're both done to put security first and can be modified to get your original behavior back.
Since the CF Administrator is now blocked for traffic not coming from localhost when in production mode, you may need to explicitly open up the CF admin to make it accessible again if you needed it open to the public on a production server. Even with the profile set to production, you can activate just the CF admin like so:
The web server built into CommandBox will now only serve static files if their extension is found in a whitelist of acceptable files. This is to prevent prying eyes from hitting files they shouldn't be able to access on your server. The current list of valid extensions is:
If you have a common static file you need to serve, you can add your own custom extensions to the list like so:
And if you think we've missed an obvious one that deserves to be added to the default list, please let us know.
Here's the full list of tickets in the 5.2.0-RC.1 release.
[] - Tuckey UrlRewrite DTD version issues
[] - when installing a package which doesn't exist, commandbox claims forgebox is unreachable
[] - Remove mail-4.1.1.jar from runwar's lib dir
[] - Restart server via tray icon
[] - Stop expanding /WEB-INF paths in servlet init params
[] - Allow configuring default browser to use when opening a URL
[] - review all the runwar dependencies and check for outdated ones
[] - Block TRACE HTTP Verb by default
[] - Implement web server rules in Undertow
[] - Add an option to console log output without ANSI codes
[] - Load predicates in Runwar
[] - Pass Predicates as part of Server Start in CommandBox
[] - Add default server rules/predicates in CommandBox for default lockdown
Upgraded jboss-logging-annotations from 2.1.0 to 2.2.1.Final
Upgraded JCabi Log from 0.18 to 0.18.1
Upgraded Apache HttpClient from 4.2.6 to 4.5.12
Upgraded Apache httpmime from 4.2.6 to 4.5.12
Removed unused JOpt Simple 5.0-beta-1
Removed unused Gson 1.2.3
post- After a specific target
around - Wraps execution of a specific target
onComplete - Fires regardless of exit status
onSuccess - Fires when task runs without failing exit code or exception
onFail - Fires if exit code is failing after the action is done (always fires along with onError, but does not receive an exception object). Use this to respond generally to failures of the job.
onError - fires only if an unhandled exception is thrown and receives exception object. Use this to respond to errors in the task. Does not fire for interrupted exceptions
onCancel - Fires when the task is interrupted with Ctrl-C
Server info properties (like the server info property=name command)
Other properties in the same JSON file
ie (Windows only)
safari (Mac only)
konqueror (Linux only)
epiphany (Linux only)
[COMMANDBOX-1205] - UndertowOptions and XNIOOptions don't work for Long type
[COMMANDBOX-1206] - HTTP endpoint leaves a zip file in the CommandBox temp folder
[COMMANDBOX-1213] - url rewrite no longer works
[COMMANDBOX-1218] - Piping a command into run does not execute interactivley
[COMMANDBOX-1221] - Support flags on .htaccess file for Tuckey rewrites
[COMMANDBOX-1167] - Add Task Runner lifecycle events
[COMMANDBOX-1197] - Generic watch command
[COMMANDBOX-1200] - When starting an already-started server, offer to open the existing one instead
[COMMANDBOX-1209] - Add directory expansion command for going back multiple directories
[COMMANDBOX-1214] - Add built-in predicates and handlers for undertow for easier lockdown
[COMMANDBOX-1215] - Add "profile" setting to help default security settings
[COMMANDBOX-1220] - Allow standard input to be piped to native binaries
[COMMANDBOX-1131] - Move ANSI logging format from Runwar to CommandBox
[COMMANDBOX-1157] - Automated flag negation hint is the same as the hint for the flag itself
[COMMANDBOX-1182] - Default server menu actions working directory to web root
[COMMANDBOX-1183] - Expand working directory when specified for a menu item
[COMMANDBOX-1191] - Validate incoming version for bump command
[COMMANDBOX-1192] - Programmatic skipping of package install via interceptor
[COMMANDBOX-1193] - Adding support for installing lex files from file or unc paths
[COMMANDBOX-1195] - Add File Filtering For GZIP Compression
[COMMANDBOX-1196] - Allow default server java version to be cleared
[COMMANDBOX-1198] - Add setSystemSetting() to BaseCommand
[COMMANDBOX-1202] - "testbox run" command - show tag context for global bundle exceptions
[COMMANDBOX-1203] - Add --trayEnable flag to server start
[COMMANDBOX-1204] - Allow ${} system setting expansions to have extendable namespaces
[COMMANDBOX-1208] - Improve verbose output of JVM args if args contain " - " in them
[COMMANDBOX-1217] - forgeboxstorage default ignores are over-aggresive
[COMMANDBOX-1219] - If native command is piped into RUN, allow the output to be piped again
[COMMANDBOX-1189] - Track/address Undertow tickets
server set profile=productionserver start profile=productionserver set web.blockCFAdmin=true
server set web.blockCFAdmin=false
server set web.blockCFAdmin=external
server set web.blockSensitivePaths=true
server set web.blockSensitivePaths=false
server set web.blockFlashRemoting=true
server set web.blockFlashRemoting=falsepath-suffix(/box.json) -> set-error(404){
"web" : {
"rules" : [
"path-suffix(/box.json) -> set-error(404)",
"path-suffix(hidden.js) -> set-error(404)",
"path-prefix(/admin/) -> ip-access-control(192.168.0.* allow)",
"path(/sitemap.xml) -> rewrite(/sitemap.cfm)",
"disallowed-methods(trace)"
],
"rulesFile" : "../secure-rules.json"
// Or...
"rulesFile" : ["../security.json","../rewrites.txt","../app-headers.json"]
// Or...
"rulesFile" : "../rules/*.json"
}
}// Block all CF admin access
cf-admin() -> set-error( 404 );
// Shortcut for the previous rule
block-cf-admin()
// Block external CF admin access
cf-admin() -> block-external() // Reference box.json file in this directory
$ {boxjson.slug}
// Reference server.json file in this directory
$ serverjson.web.http.port:80}
// Reference local server details
$ {serverinfo.serverHomeDirectory}
// Reference arbitrary JSON file
$ {[email protected]}
// Reference CLI's config settings
$ {configsetting.endpoints.forgebox.apitoken}
// Local reference to a JSON property in the same file
{
"appFileGlobs" : "models/**/*.cfc,tests/specs/**/*.cfc",
"scripts":{
"format":"cfformat run $ {@appFileGlobs} --overwrite",
"format:check":"cfformat check $ {@appFileGlobs} --verbose"
}
}$ {AWSSecretStore.mySecretKey}server set web.gzipEnable=true
server set web.gzipPredicate="not path-prefix( admin ) and regex( '(.*).css' ) and request-larger-than(500)"watch *.json "echo 'config file updated!'"set command = "echo 'You added \$ {item}!'"
watch command="foreach '\$ {watcher_added}' \$ {command}" --verbose// use Chrome
config set preferredBrowser=chrome
// use FireFox
config set preferredBrowser=frefox
// Just kidding, no one is going to use this!!
config set preferredBrowser=ieserver open browser=operaRewriteRule ^/login.cfm$ /condworks.html [R=301]// current directory
cd . -> ./
// back 1 directory
cd .. -> ../
// back 2 directories
cd ... -> cd ../../
// back 3 directories
cd .... -> cd ../../../ #createguid | !clip
or
#createguid | run clipserver set web.blockCFAdmin=false3gp,3gpp,7z,ai,aif,aiff,asf,asx,atom,au,avi,bin,bmp,btm,cco,crt,css,csv,deb,der,dmg,doc,docx,eot,eps,flv,font,gif,hqx,htc,htm,html,ico,img,ini,iso,jad,jng,jnlp,jpeg,jpg,js,json,kar,kml,kmz,m3u8,m4a,m4v,map,mid,midi,mml,mng,mov,mp3,mp4,mpeg,mpeg4,mpg,msi,msm,msp,ogg,otf,pdb,pdf,pem,pl,pm,png,ppt,pptx,prc,ps,psd,ra,rar,rpm,rss,rtf,run,sea,shtml,sit,svg,svgz,swf,tar,tcl,tif,tiff,tk,ts,ttf,txt,wav,wbmp,webm,webp,wmf,wml,wmlc,wmv,woff,woff2,xhtml,xls,xlsx,xml,xpi,xspf,zip,aifc,aac,apk,bak,bk,bz2,cdr,cmx,dat,dtd,eml,fla,gz,gzip,ipa,ia,indd,hey,lz,maf,markdown,md,mkv,mp1,mp2,mpe,odt,ott,odg,odf,ots,pps,pot,pmd,pub,raw,sdd,tsv,xcf,yml,yamlserver set web.allowedExt=jar,exe,dllUsing JSR-223 to dynamically load Lucee 5
All 3rd Party libs updated
JGit
Launch4J
Runwar
JLine3
Improved Task Runner support
Task scaffolding with “task create”
Task DSL to call other tasks
Ortus Builds are now being converted to Task Runners. No Ant! No XML!
Support for Private package
Revamped Server Logs (access, rewrite, console)
ColdBox 5 updates
Tons of bug fixes and improvements
There are currently 69 tickets that are part of the 4.0 release. You can view them all over in JIRA if you filter based on a fixVersion of 4.0.0. Here's an overview of some of the cooler new features, in no particular order.
This is dependant on your terminal, but the CLI now can look a lot prettier. For Mac users, this will probably work out of the box. For Windows users, cmd won't cut it. We recommend checking out ConEMU as a sweet, tabbed terminal replacement. To see what kind of punch your terminal packs, run this new command:
Along with the newest version of JLine, there's a ton of nice little things now available in CommandBox 4. The first is a totally revamped tab completion interface. Pressing Tab is now prettier, colored, and more organized. Help is integrated right into the interface, and pressing tab repeatedly will cycle through the available options instead of redrawing the screen over and over.
Next is color coding when you type commands in the shell. This make it much easier to tell when you've typed the name of a command correct and makes the difference between the command and parameters easier on your eyes.
Finally is tab complete and syntax highlighting in the REPL. You can tab complete any CFML function as well as previous variable names you've typed. Common CFML keywords are highlighted, as well as CFML functions and there's even color coded matching of braces, parens, and quotes as you type.
There are two new features in the shell's history. Pressing "up" will still show the previous items in your history. But typing a partial command like "cd" and THEN hitting up will jump to the most recent histories that start with that word. Very handy to find that one "coldbox create..." command you ran two days ago.
The second new history feature is known in the bash world as i-search. Press Ctrl-Shift-R to open a search from the console where you can search your entire command history by keyword. Keep pressing Ctrl-Shift-R to cycle backwards through the results. Press Ctrl-Shift-S to cycle forwards through the results. Press enter to run the matched search select, or edit it inline before running it.
There's a new CommandBox module available called "commandbox-bullet-train" which makes the CLI look super sleek and sexy. You can add it very easily with:
You'll want to install a powerline-patched font as well. Check out the instructions under the "Fonts" section in the readme.
And is that some sweet new ASCII art taking advantage of 256 colors as well as a randomized quote/tip on every shell start? Why yes, yes it is!
CommandBox has a new way to interact with users and give them a list of pre-defined options that doesn't require typing a free text response. You'll see it if you try to start the same server twice in a row. This is fully documented and available for you to use in Task Runners and custom commands as well.
Some of the more wordy tasks you perform like installing packages and starting servers have gotten a big makeover in how they reveal their output to you. If an installation fails, you want to know about it, but so long as everything worked, you usually don't care. These actions will now scroll the last few active log entries past in a controlled format, but hide them at the end so the shell stays much cleaner, even when installing dozens of packages at once.
As an example, installing CFConfig actually installs 9 separate packages. This used to output around 100 lines of console logging which no one in their right mind ever read. All the same logging is still there, but now by the time it's done, this is all you see:
If you want to troubleshoot, or you are running this install as part of a build and you want to see all this output later, just use the --verbose flag. For server starts, using the --debug flag will preserve all your precious log output on the screen after the server starts.
Even cooler, the Interactive Job interface is fully documented and available for you to use in your Task Runners or Custom Commands.
Docs:
Example:
Which looks like this when it's done:
We did a lot of work to make dealing with servers easier-- especially when it comes to your log files. Console starts and tailing server logs are now color coded so it's easier to find errors and warnings.
We've also fine tuned what information shows up when you do --console starts as well as --debug starts to reduce the noise and enhance the useful information. For instance, when you do:
You'll see a line of debug logging that shows if the URL rewrites kicked in and what the URL was rewritten to. How useful is that?!
Remember you can view and tail the server "out" logs like so:
The built in Undertow web server that CommandBox uses just got more powerful. You can turn on access logs that show you every incoming HTTP request in the same "common format" as Apache web server.
You can view and tail this log file like so:
But wait, there's more logging goodness. Troubleshooting rewrite rules can be really tricky. That's why we broke out a new separate log file just for Tuckey Rewrites to dump into. You can dial in how much information you get with --debug and --trace server starts.
You can view and tail this log file like so:
CommandBox web servers are truly ready for prime time. All the Undertow log files above automatically rotate which means you'll never fill up a hard drive on accident due to out of control log files.
Another optional module you can install is the CommandBox update check module. It will check every 24 hours (when starting the shell) and let you know if your CLI or any of your system modules are out of date.
This used to work back in the day, but was a regression back when I added the ability to interact with native binaries. Now you have the best of both worlds.
Running other tasks from inside of Task Runners is now easier. Docs:
Example:
(Same as running "task run build" from the CLI)
You can now cancel long running commands, tasks, and even HTTP downloads by pressing Ctrl-C. Yay! Pressing Ctrl-C from the prompt does nothing, which is consistent with other shells. Pressing Ctrl-D from the shell will now exit CommandBox entirely which is also consistent with other shells. In case you're wondering, Ctrl-C fires the interrupt terminal signal, and Ctrl-D sends the EOF (end of file) signal.
Docs:
You can now load ad-hoc jars right from Task Runners which is sometimes necessary for working with Java libs. Docs:
Examples:
Wanted to play with Task Runners but not sure where you start? Drop everything, grab the closest CommandBox 4 CLI, and run these two commands:
You just created a new task and ran it. Go on, look around!
Directory listings have gotten a makeover. The columns actually align, the file sizes are human-readable, and the file types are color coded. Be careful, you might actually be able to find stuff now!
If you remember the "Magic Eye" books from your childhood, you'll be pleased to know CommandBox has an ASCII Art Stereogram for every day of the month. You'll find it hiding inside the info command. The "image" will change every day at midnight.
If you keep looking like that, your face will freeze that way!
We tried very hard to keep CommandBox 4 compatible but there are a few things that might surprise you.
The REPL and Task Runners run against Lucee 5.2.7 instead of 4.5.5. That might affect valid CFML syntax as well as datasource definitions
The default server you get when you type "server start" is also Lucee 5.2.7, not Luce 4.5.5.
Java 7 support removed. This affects both the core CLI as well as any servers. For CF9 users, you can still run CF9 servers but you'll need to use an older version of Java 8 such as 1.8.0_92. (Note: Java 9 and 10 don't work yet!)
Native CFML execution via box foo.cfm now routes through the "execute" command which means no Application.cfc will get run. You can refactor your cfm scripts or use the undocumented _internalRequest() function in Lucee 5.
You no longer can use \t and \n to escape tab and line breaks in command parameters. This caused a lot of confusion in Windows paths and there are other ways to do it right in your terminal. Check out the
The waitForKey() method in Task Runners and custom commands no longer returns the ASCII code, but the actual character pressed OR a special string representing the key press like "key_up" or "key_down". Check out the .
CommandBox 4 is prettier, more productive, and cooler than CommandBox 3. This may cause CLI envy with your Node coworkers. Don't worry, this is normal.
[COMMANDBOX-174] - Box CLI not working inside cygwin
[COMMANDBOX-395] - Commandbox 3.1.X no longer works with Git Bash
[COMMANDBOX-728] - Allow control of default package name when box.json is missing
[] - Server won't start with $ in web root path
[] - Can't list files in directory with parenthesis in the name
[] - Default rewrites don't start regex at the start of the request URI
[] - Ctrl-C in shell kills associated server processes on *nix
[] - Issue installing older CF engine when two versions exist who only differ in build ID
[] - Adobe war has incorrect default /CFIDE CF mapping
[] - CLI Loader crashes: Error reloading cached bundle
[] - ls and dir do not list directory content after 'cd ..' without trailing slash
[] - restart command not correctly detecting stopped server
[] - Starting two servers at once can corrupt servers.json file
[] - Starting server from non-ForgeBox endpoint doesn't detect proper engine/verion
[] - Package publishing fails with folder named "readme" in the root
[COMMANDBOX-724] - Control HTTPOnly and secure attribute of JSESSIONID
[COMMANDBOX-73] - Version check on startup
[COMMANDBOX-566] - CommandBox bullet train
[COMMANDBOX-583] - Create a "checkbox" user input for commands
[COMMANDBOX-722] - Task DSL
[] - Make SSL work on Adobe servers
[] - Allow testbox run runner to be relative URL
[] - validate box.json properties for testbox run usage
[] - Change default jAnsi temp path
[] - Updating ColdBox commands to ColdBox 5
[] - Enhance REPL console highlighter to work with parens and curlys
[] - Support 256 colors with print helper
[] - Update testbox command to trim and prettify json results
[] - Be able to add jars to core Lucee classloader from inside the CLI
[] - Command to scaffold new task
[] - Create dedicated log for rewrites
[COMMANDBOX-438] - Remember the currently edited command when navigating through the history
[COMMANDBOX-482] - better tab completion for REPL
[COMMANDBOX-527] - Upgrade to JLine3
[] - Update Launch4j library
[] - Refactor `Box foo.cfm` to funnel through execute command
[] - Remove \t and \n escapes
[] - Upgrade CLI core to use Lucee 5
[] - Parsing issue with native OS binaries
[] - Add serverDetails and installDetails to the onServerStart interceptor
[] - Add web access logs to undertow
[] - Improve message on server forget
[] - Don't escape params() in CommandDSL when the command is "run"
[] - Change how Ctrl-C and Ctrl-D behave
[] - Pressing "up" filters history on what you've already typed
[] - Allow Ctrl-C to interrupt executing tasks like downloading a file
[] - REPL isn't clear whether expression returned empty string or null
[] - Allow commands to be interruptible with Ctrl-C
[] - Highlight code in the repl
[] - Add prePrompt interception point
[] - Allow installPath to override PackageDirectory
[] - preProcessLine and postProcessLine interception points
[] - Allow raw params to CommandDSL that aren't escaped
[] - start --console should exit if server is killed externally
[] - Handle download progress when no total file size is avaiable
[] - Switch to load CFML engine via JSR-223
[] - Throw on invalid server.json
[] - Add rewrite exception for Adobe CF's cf_scripts folder
[] - Allow output of native OS binaries to be captured from CLI and task runners
[] - Upgrade to latest JGit lib
[] - PackageDirectory in package box.json is never honored
[] - Improve "testbox run" error output on Adobe CF
[] - Update bundled JRE to latest
[] - Upgrade to WireBox 5.0
[] - Cache CFC metadata for faster startup times
[] - Refresh progress bar UI
[] - UI control for "Jobs" to pare down output for several operations
[] - Spruce up info command with easter eggs
[] - Spruce up dir command
[] - Default to latest in upgrade command when on a prerelease already
[] - Add additional debugging information to the "info" command
system-colorsinstall commandbox-bullet-train> install commandbox-cfconfig --force
✓ | Installing package [forgebox:commandbox-cfconfig]
| ✓ | Uninstalling package: commandbox-cfconfig
| ✓ | Installing package [forgebox:cfconfig-services@be]
| | ✓ | Installing package [forgebox:lucee-password-util@^1.0.0]
| | ✓ | Installing package [forgebox:adobe-password-util@^1.0.0]
| | | ✓ | Installing package [forgebox:propertyFile@^1.0.0]
| | ✓ | Installing package [forgebox:propertyFile@^1.0.7]
| | ✓ | Installing package [forgebox:semver@^1.0.0]
| | ✓ | Installing package [forgebox:JSONPrettyPrint@^1.2.6]job.start( 'Starting server' );
job.addLog( 'This is the server name' );
job.addWarnLog( 'Hey, don''t touch that dial' );
job.start( 'Installing CF Engine first' );
job.addLog( 'This was the version used' );
job.addLog( 'Yeah, we''re done' );
job.complete();
job.addLog( 'Aaand, we''re back!.' );
job.addErrorLog( 'I think we''re going to crash' );
job.error( 'Didn''t see that coming' );server start --rewritesEnable --console --debugserver log
server log --followserver set web.accessLogEnable=trueserver log --access
server log --access --followserver set web.rewrites.logEnable=trueserver log --rewrites
server log --rewrites --followinstall commandbox-update-check echo "java -version" | run | #ucasetask( 'build' )
.run();classLoad( 'D:/amqp-client-5.1.2.jar' );
classLoad( 'C:/myLibs,C:/otherLibs' );
classLoad( [ 'C:/myLibs', 'C:/otherLibs' ] );
classLoad( 'C:/myLibs/myLib.jar,C:/otherLibs/other.class' );
classLoad( [ 'C:/myLibs/myLib.jar', 'C:/otherLibs/other.class' ] );task create --open
task run _( ) _( ) _( ) _( ) _( )
_( ) )_ _( ) )_ _( ) )_ _( ) )_ _( ) )_
(____(___) (____(___) (____(___) (____(___) (____(___)
/\ /\ /\ /\ /\
/ \ /\ / \ /\ / \ /\ / \ /\ / \ /\
/ \/ \ / \/ \ / \/ \ / \/ \ / \/ \
\/ \ / \/ / \/
.. .. .. .. .. ..
" " " " " " "
* * * * * * * *
@ @ @ @ @ @ @ @ @ @
\|/ \|/ \|/ \|/ \|/ \|/ \|/ \|/ \|/ \|/
