LogoLogo
SourceSupportTraining
v3.x
v3.x
  • Introduction
  • Intro
    • Introduction
      • What's New With 3.7.0
      • What's New With 3.6.0
      • What's New With 3.5.0
      • What's New With 3.1.0
      • What's New With 3.0.0
        • Architecture
        • Administrator
        • Themes
        • Front End
        • Upgrading to 3.0.0
      • About This Book
      • Author
  • Getting Started
    • Installation
      • System Requirements
      • CommandBox Installation
      • Source Installation
      • WAR Installation
      • Express Installation
      • Existing ColdBox Application
      • Upgrading ContentBox
      • Docker
    • Quick Guide
  • Usage
    • Using ContentBox
      • Content
        • Publish Content
          • Blog
          • Sitemap
          • Content Editing Tips
            • Editor Features
            • Dynamic Variable Output
            • Markdown Support
            • Scheduled Content
        • Consume Content
          • Content Store
          • Categories
          • Media Manager
          • Menu Manager
      • Comments
        • Inbox
        • Settings
      • Look & Feel
        • Active Theme
        • Global HTML
        • Themes
        • Widgets
          • Inserting a Simple Widget
      • Modules
        • Installing Modules
        • Managing Modules
      • Users
        • Manage
        • Permissions
        • Roles
      • Tools
        • Import
        • Export
        • Static Site Generation
      • System
        • Auth Logs
        • Geek Settings
        • Settings
          • Site Options
          • Admin Options
          • Security Options
          • Login Options
          • Content Options
          • Editor Options
          • Media Manager Options
          • Gravatars
          • Notifications
          • Mail Server
          • Search Options
          • Login Options
        • Security Rules
        • Updates
  • Developing
    • Developing For ContentBox
      • Front-End Development
        • File Structure
        • Theme Development
          • Theme Settings
          • Theme UDFs
          • Theme Templates
          • Theme Layouts
          • Theme Views
          • Theme SEO Functionality
        • The Content Store
        • Customizing Views
        • Customizing Layouts
        • Managing Assets
        • Customizing Navigation
        • Global Variables
        • Template Variables
      • Back-End Development
        • Overriding ContentBox Settings
        • Modules
          • Installing a Module
          • Using a Module
          • Module Locations and Conventions
          • Build a Module
          • Scaffold a Module
          • Theme your Module
          • Build an Admin Module
          • Adding Admin Menus to your Module
          • Adding Meta to your Modules
        • Widgets
          • Simple Widget
          • Widgets with Arguments
          • Multiple Render Function Widgets
        • JS and CSS Assets
        • Interceptors
        • Accessing Logged in User
        • Customizing the Admin
        • Staying on the Upgrade Path
Powered by GitBook
On this page
  • Container Updates
  • Portable Datasource
  • Author Sessions Cache & Distribution
  • Security Updates
  • Two Factor Authentication
  • Login Options
  • Permission Groups
  • Improved Rate Limiting
  • Password Enhancements
  • Author Updates
  • New Author Wizard
  • Improved Author Listings
  • Improved Author Snapshot
  • Content Updates
  • Markdown Support++
  • Markdown Editors
  • Publishing Workflows
  • Content Hierarchy Navigation History
  • Full Release Notes
  • Bugs
  • New Features
  • Improvements

Was this helpful?

Edit on Git
Export as PDF
  1. Intro
  2. Introduction

What's New With 3.7.0

This release has a major focus on security, authentication, containers, testing and automation. Below you can find the major changes and updates for this release and our full release notes.

Container Updates

Our ContentBox docker image has been updated to support this release and we have added two new areas of improvements for containerization:

Portable Datasource

You can now create a config/runtime.properties.cfm file with your database information and ContentBox will leverage it dynamically. No more registering of datasources on the CFML engines if you do not need to. This can allow you to leverage dynamic datasources for multiple environments and container deployments.

Author Sessions Cache & Distribution

In a world now of containers and distributed computing, we have added the ability for logged in sessions to be tracked by the ColdBox Cache Storages and CacheBox. This means that you can leverage in-memory sessions or distribute to any Cache provider CacheBox can talk to and distribute your sessions easily. It will also allow you to use the geek settings to monitor and manage the session objects of your users. You can even clear them all, expire them or choose a-la-carte.

The new cache provider region is called sessions and you can find its definition in the config/CacheBox.cfc file.

// ContentBox Sessions
sessions =     {
    provider = "coldbox.system.cache.providers.CacheBoxColdBoxProvider",
    properties = {
        objectDefaultTimeout = 60,
        objectDefaultLastAccessTimeout = 0,
        useLastAccessTimeouts = false,
        freeMemoryPercentageThreshold = 0,
        reapFrequency = 2,
        evictionPolicy = "LRU",
        evictCount = 5,
        maxObjects = 1000, // Can support up to 1000 user sessions concurrently.  Modify if needed. 0 = unlimited
        objectStore = "ConcurrentStore"
    }
}

Make sure that your config.Coldbox.cfc file contains in configure function

        // ContentBox relies on the Cache Storage for tracking sessions, which delegates to a Cache provider
        storages = {
            // Cache Storage Settings
            cacheStorage = {
                cachename   = "sessions",
                timeout     = 60 // The default timeout of the session bucket, defaults to 60
            }
        };

Security Updates

Two Factor Authentication

This is one of our biggest features for ContentBox is our two factor authentication framework. That's right, we built a two factor module framework that will allow you to build or use any two factor or multi-factor authentication mechanism. We have included one in the core which is Email verification.

Please refer to the developing two factor authentication providers in order to get an in-depth look of how to build your own two factor authentication provider modules.

Two Factor Events

The following are the new interception points for two factor authentication

  • cbadmin_onTwoFactorSettingsPanel - Shows on the two factor global settings panel

  • cbadmin_onAuthorTwoFactorOptions - Shows on the options for two factor auth in the author editor

  • cbadmin_onAuthorTwoFactorSaveOptions - Fires when the options are being saved

  • cbadmin_beforeTwoFactorForm - Shows at the beginning of two factor form challenge

  • cbadmin_afterTwoFactorForm - Shows after the two factor form challenge

  • cbadmin_onInvalidTwoFactor - Fires when an invalid challenge has been made

  • cbadmin_onValidTwoFactor - Fires when a valid challeng has been made

Global Settings

An admin can force two factor authentication for all users in the system and even provided a trusted device registry so ContentBox can track their devices and challenge only after a few days.

User Settings

The user can also setup two factor authentication for their account if so desired.

Login Options

An administrator now can control login options and enhance the logging experience of their users.

Permission Groups

We have introduced the ability to create and organize permissions not only in roles but in our new permission groups. This will allow you to create more complex and robust permission schemas and be able to assign multiple permission groups to users. The entire permissions tab for authors has been revamped to allow you better visualization of rules and permissions.

Improved Rate Limiting

The rate limiting module has been revamped to help with Denial of Service attacks or even just pesky scrapers. You can now configure more options for fine-tuning including relocation URLs, custom messages and improved logging.

Password Enhancements

There have been many updates on both the UI and the security of user passwords.

Password Meter

We have introduced the concept of a visual password meter, which can guide users when changing, resetting or setting passwords:

Password Length Options

You can now also as an admin decide on the minimum length of user passwords.

Password Reset Options

As an administrator, you can now reset user passwords a-la-carte or for every single user in the system. This will issue a notification to the user with instructions on resetting their system password. User password reset workflow has now been improved with our new password reset screens instead of bulky double email validation mechanisms.

New Interception Events

Here are the new interception events you can listen on for password reset workflows:

  • cbadmin_onGlobalPasswordReset

  • cbadmin_onPasswordReset

  • cbadmin_onInvalidPasswordReset

Author Updates

New Author Wizard

We have introduced a new approach to creating authors in ContentBox. You will now be presented with the new author wizard which will allow you to pre-fill author details in a secure manner. A notification will be sent to the new author's email address with a password setup token so they can secure their account.

Improved Author Listings

The author listings have been improved with tons of new filters, reporting and even sorting options. Go admin like a mad man!

Improved Author Snapshot

The Author Profile Snapshot has been updated to include a better UI, better visualization and a new action toolbar for direct Author actions and Author exporting.

Content Updates

Markdown Support++

We introduced markdown support for all content in many versions before. This update includes a brand new markdown engine with table support, code syntax highlighting and much more. We also made several settings and author specific details available as markdown content. In other words, viva markdown!

Markdown Editors

We have also updated our markdown UI editor and it can be used everywhere in the admin were markdown is allowed.

Publishing Workflows

We have added a new two-step workflow for publishing any piece of content. This will allow you better visibility when working with drafts or live content. The new flow will also assist users that do not have any publishing capabilities.

Content Hierarchy Navigation History

We have improved the navigation of the content store and the sitemap by taping into the browser history API and providing history support for hierarchy navigation. Never again loose your place in the hierarchy.

Full Release Notes

Bugs

New Features

Improvements

Last updated 7 years ago

Was this helpful?

[] -When cloning blog posts ( possibly pages too ) the code format is lost

[] -Trying to delete a single user with checked boxes fails

[] -"notify me" checkbox is forgotten on comment submission failure

[] -Fix issue of installer failing when rewrites turned off

[] -Adobe Incompatibilities for sidebar

[] -Render Markdown correctly on auto updates description

[] -Installer issues with new radio buttons

[] -Change $forgebox.load to GET request instead of POST for pagination to work

[] -MSSQL Regression due to Category Formulas

[] -Adobe 2016 Syntax Error

[] -Check Permissions fails on User with a null Role

[] - Add a password meter on the installer and user profile page with key enforcements

[] - Add content hierarchy history as URL doesn't reflect navigation into content hierarchy

[] - User Permissions Groups

[] - New setting for rate limiter to choose either a message or a redirection URL

[] - New setting to control if blocked attempts are logged or not

[] - New author quick report: numberOfContentStore

[] - Creation of new author toolbar for actions in snapshot location

[] - New export capabilities from new author toolbar

[] - Ability to showcase raw content in history panel

[] - Ability for a author password to be reset by an admin

[] - New reset interception points: cbadmin_onGlobalPasswordReset, cbadmin_onPasswordReset, "cbadmin_onPasswordReset", "cbadmin_onInvalidPasswordReset"

[] - Ability for admin to reset all author passwords

[] - When resetting a password and you have a previous password, they should not be the same

[] - New publishing details workflow

[] - Ability for authors to be sorted in the listing by different common orderings

[] - Make password length for authors a customizable rule

[] - Update all range settings to new slider UI

[] - New author creation wizard

[] - Enable markdown for site maintenance

[] - Enable MD Editors for settings for better usability

[] - Two Factor Auth Framework and Authentication

[] - Update markdown processor to latest version

[] - Create server.json for site and installers, so we can have rewrites and nice logos

[] - New preFlight checks for settings to avoid setting upgrade issues and better encapsulation

[] - Email two factor authentication provider

[] - Refactor captcha out of the core and into an addon module.

[] - Security services now rely on the CacheStorages instead of session to provide distribution out of the box if necessary via CacheBox

[] - Ability to make the datasource portable for container deployments via config/runtime.properties.cfm convention

[] - Allow user to choose new password on reset

[] - User Management: Allows duplicate emails

[] - Author snapshot updates

[] - Added auto height to select boxes

[] - Page Publishing Permissions

[] - Content cloning needs to clone all new properties

[] - Added pagination to ForgeBox installer

[] - Don't show data snapshot donut charts if there is no data

[] - Make admin bar responsive

[] - Cache installer detection query to improve performance

[] - Global HTML not flushing settings cache

[] - Refactor formulas for category reports and optimized for better performance

[] - Deprecated ColdBox fileUtils to internal Utility

CONTENTBOX-882
CONTENTBOX-891
CONTENTBOX-907
CONTENTBOX-913
CONTENTBOX-914
CONTENTBOX-915
CONTENTBOX-925
CONTENTBOX-936
CONTENTBOX-943
CONTENTBOX-950
CONTENTBOX-953
CONTENTBOX-647
CONTENTBOX-875
CONTENTBOX-916
CONTENTBOX-917
CONTENTBOX-918
CONTENTBOX-920
CONTENTBOX-921
CONTENTBOX-922
CONTENTBOX-926
CONTENTBOX-927
CONTENTBOX-928
CONTENTBOX-929
CONTENTBOX-930
CONTENTBOX-932
CONTENTBOX-933
CONTENTBOX-938
CONTENTBOX-939
CONTENTBOX-940
CONTENTBOX-944
CONTENTBOX-945
CONTENTBOX-946
CONTENTBOX-948
CONTENTBOX-949
CONTENTBOX-951
CONTENTBOX-954
CONTENTBOX-955
CONTENTBOX-957
CONTENTBOX-958
CONTENTBOX-568
CONTENTBOX-725
CONTENTBOX-919
CONTENTBOX-923
CONTENTBOX-924
CONTENTBOX-931
CONTENTBOX-934
CONTENTBOX-935
CONTENTBOX-937
CONTENTBOX-941
CONTENTBOX-942
CONTENTBOX-952
CONTENTBOX-956