What's New With 2.9.0


  • Fixes a typo in the cbSecurity_onInvalidAuthorization interception point declaration. Previously, the typo would prevent ColdBox from allowing the correctly-typed interception point from ever triggering an interception listener.
  • The userValidator() method has been changed to roleValidator(), but the error message was forgotten! So the developer is told they need a userValidator() method... because the userValidator method is no longer supported. :/


  • The isLoggedIn() method now makes sure that a jwt is in place and valid, before determining if you are logged in or not.
  • Migrated all automated tests to focal and mysql8 in preparation for latest updates
  • Add support for JSON/XML/model rules source when loading rules from modules. Each module can now load rules not only inline but from the documented external sources.
  • Ensure non-configured rules default to empty array
Copy link
Edit on GitHub