What's New With 3.0.0
- Dropped Adobe ColdFusion 2016
JwtAuthValidatorinstead of mixing concerns with the
JwtService. You will have to update your configuration to use this
validatorinstead of the
- New ability for the firewall to log all action events to a database table.
- New visualizer that can visualize all settings and all firewall events via the log table if enabled.
- New Basic Auth validator and basic auth user credentials storage system. This will allow you to secure your apps where no database interaction is needed or required.
- New global and rule action:
blockand the fireall will block the request with a 401 Unathorized page.
- New event
cbSecurity_onFirewallBlockannounced whenever the firewall blocks a request into the system with a 403.
DBTokenStoragenow rotates using async scheduler and not direct usage anymore.
- Ability to set the
cbcsrfmodule settings into the
- We now default the user service class and the auth token rotation events according to used authentication service (cbauth, etc), no need to duplicate work.
- New rule based IP security. You can add a
allowedIPskey into any rule and add which IP Addresses are allowed into the match. By default, it matches all IPs.
- New rule based HTTP method security. You can add a
httpMethodskey into any rule and add which HTTP methods are allowed into the match. By default, it matches all HTTP Verbs.
securityHeadersconfiguration to allow a developer to protect their apps from common exploits: xss, HSTS, Content Type Options, host header validation, ip validation, click jacking, non-SSL redirection and much more.
- Authenticated user is now stored by the security firewall according to the
prcUserVariableon authenticated calls via
preProcess()no matter the validator used
- Dynamic Custom Claims: You can pass a function/closure as the value for a custom claim and it will be evaluated at runtime passing in the current claims before being encoded
- Allow passing in custom refresh token claims to
- Disable lastAccessTimeouts for JWT CacheTokenStorage BOX-128
- Fix spelling of property
datasourceon queryExecute that was causing a read issue.