We are excited to bring you another release for cbSecurity v2.4. This update gives you access to our cross site request forgery module: cbcsrf, which will enhance your securing abilities.

# Install
install cbsecurity

# Update
update cbsecurity

What's New With 2.4.0

This release adds the inclusion of the Cross Site Request Forgery module into cbsecurity: cbcsrf. You can find all the details about this module here: https://github.com/coldbox-modules/cbcsrf. Below are the major features of this module:

Features

• Ability to generate security tokens based on your session
• Automatic token rotation when leveraging cbauth login and logout operations
• Ability to on-demand rotate all security tokens for specific users
• Leverages cbStorages to store your tokens in CacheBox, which can be easily distributed and clustered
• Ability to create multiple tokens via unique reference keys
• Auto-verification interceptor that will verify all non-GET operations to ensure a security token is passed via rc or headers
• Auto-sensing of integration testing so the verifier can allow testing calls
• Token automatic rotation on specific time periods for enhance security
• Helpers to automatically generate hidden fields for the token
• Automatic generation endpoint that can be used for Ajax applications to request tokens for users