v4.3

---

Summary

The 4.3 release is very a minor maintenance release over 4.2.

Enhancements

• 514 Add optional third flag ignoreMissing (defaulted to false) to injectProperties() method to allow ignoring of undefined properties in the target bean

See using-di-one for more details

Bug Fixes

• 522 PreserveKey is not passed when using fw.redirect with Lucee Modern local scope mode
• 518 aop1 cannot intercept if base name in dottedPath is same as another bean
• 513 Remove locking from framework one global controller retrieval

Other Changes

• 516 Add adobe 2018 and specify distribution to test runners

v4.2

---

Summary

The 4.2 release is very a minor maintenance release over 4.1.

Enhancements

• Add onMissingMethod() pass-thru support to AOP/1
• 486 Experimental ColdBox Module support (work-in-progress)

Bug Fixes

• 500 Fix unscoped variables q and a in buildURL()
• 496 Allow AOP/1 to accept array of folders (DI/1 already accepted this)
• 493 Use encodeForURL() instead of urlEncodedFormat()
• 491 Fix trailing & on query string

v4.1

---

Summary

The 4.1 release is intended to be a minor maintenance release over 4.0. The following changes are part of FW/1 4.1 and DI/1 1.3.0.

Breaking Changes

• 466 - Clojure integration is no longer provided out of the box, so that Lucee 5.x can be officially supported.

Enhancements

• 481 - customTemplateEngine() extension point and makeMethodProxies() utility function have been added to make it easier to support additional templating engines. An example is provided for mustache in which the views and layouts are HTML templates rendered by a Java implementation of the Mustache template language.
• 472 - Since Adobe ColdFusion 9 is no longer supported, dynamic method invocations are done via invoke() rather than evaluate() (and so they might be slightly faster).
• 467 - Session scope handling is now pluggable (but still uses session scope by default).
• 465 - The tests have been switched from MXUnit to TestBox and the CI system has been switched from Ant (and explicitly download CFML engines) to CommandBox. The test matrix now includes: Adobe ColdFusion 10, 11, 2016; Lucee 4.5, 5 (current 5.1).
• 460 - New framework option missingview can specify an action to take on a FW1.viewNotFound exception, rather than the default error action.
• 452 - baseURL with trailing / no longer causes // to appear in URLs (when calling buildURL()).
• 424 - To partially support the desire to unload bean factory data when FW/1 is reloaded, there is a new extension point onReload().

Bug Fixes

• 463 - A potential XSS vulnerability in the default exception reporting function has been addressed.
• 462 - Addresses a race condition around resolving transients under heavy load. Thanks to John Whish and jcberquist for chasing this down!
• 458 - If an exception occurs during bean discovery, and an application’s error handling causes any DI/1 method to be invoked, it’s likely that discoverBeans() will be run a second time. Previously, that caused beans to be loaded twice and, if you had omitDirectoryAliases : true, you would get a new exception (that bean names were not unique) which masked the original exception. Now, if an exception occurs during initialization, bean discovery is considered complete, which should allow the original exception to propagate (even if your exception handling then crashes and burns!).
• 456 - onError() now resets setLayout() so that if an error occurs in a subsystem, the error handling is rendered correctly, using only layouts from the error action.
• 383 - redirect() now accepts a struct for the queryString argument: this was introduced in version 3.5 but never actually worked until now!

v4.0

---

Summary

The focus of the 4.0 release is on improving REST support. The following changes are part of FW/1 4.0, DI/1 1.2.0, and cfmljure 1.1.0.

• JSON-encoded and URL-encoded POST / PUT body support.
• Controllers have easy access to HTTP headers.
• Builder syntax for renderData() result elements.
• Support for user-supplied rendering functions.
• Integrated support for HTTP OPTIONS verb.
• Per-resource error handling.
• Setting status text (in addition to status code) in HTTP responses.
• Wildcard HTTP method support.

In addition, DI/1 has had a number of enhancements, including the addition of a builder syntax for programmatically declaring beans.

Breaking Changes

• 443 - Prevented loadListener from being accidentally inherited and run on a managed subsystem bean factory (it should only run on the main parent factory). This is potentially breaking: if you relied on running load listeners multiple times – however, that was never a recommended approach.
• 400 - By default, property declarations that contain a type or default are now ignored for autowiring. In earlier versions of FW/1 (DI/1), such property declarations would have been treated as dependencies and autowired: you could override that behavior for typed properties by specifying omitTypedProperties : true in your configuration. That is now the default behavior. In addition a new omitDefaultedProperties setting has been added, also defaulted to true, which is what tells FW/1 (DI/1) to ignore property declarations that contain a default. If you need to restore the pre-4.0 behavior, add omitDefaultedProperties and/or omitTypedProperties to your configuration, set to false.
• 391 - Adobe ColdFusion 9.0.2 is no longer a supported platform. FW/1 4.0 relies on closure support and therefore requires Adobe ColdFusion 10 or later. Support for Railo and Lucee has not changed.
• 390 - If you override missingBean() in DI/1, read the documentation carefully as this is now an official extension point with different behavior to previous releases.

Enhancements

• 448 - Added callClojure() extension point for cljcontroller.cfc.
• 442 - In Alpha 1 and Beta 1, the decodeRequestBody setting was called enableJSONPOST. As a migration aid, attempting to set enableJSONPOST will throw an exception saying you should use decodeRequestBody instead.
• 441 - decodeRequestBody handles URL-encoded form variables, which is typical for PUT, as well as JSON-encoded form bodies (see issue 389 below for the introduction of this setting).
• 439 - Add framework.facade component to make FW/1 accessible out-of-band (for integration purposes).
• 434 - Add getRoutePath() convenience method.
• 419 - Add getCGIRequestMethod() convenience method.
• 418 - Allow factoryBean() to accept function/closure.
• 417 - Add builder syntax for bean declarations.
• 416 - Delay bean discovery (where possible) until after declarations are processed.
• 415 - Add support for CFML-only and Clojure-only search paths.
• 414 - Add support for Boot to cfmljure.
• 413 - layout() may now be called from controllers.
• 412 - Add renderer() to access renderData() builder and add header() to set HTTP response headers.
• 411 - Add headers argument to controllers.
• 410 - Clarified license (Apache Source License 2.0), added LICENSE file.
• 409 - Dependency injection uses additional caches to improve getBean() performance (by a factor of 9x-25x, depending on your usage and your CFML engine).
• 407 - DI/1 now has a public hasParent() predicate method.
• 400 - Dependency injection ignores typed/defaulted properties by default. This can be disabled via the omitDefaultedProperties and omitTypedProperties settings.
• 399 - getBean() now accepts an optional second argument that can override beans in the factory to provide constructor arguments to be used in the bean’s init() call.
• 394 - Improved error messages when DI/1 attempts to use a CFC that has syntax errors to include filename/line number of the underlying error.
• 392 - A wildcard resource match is generated for $RESOURCES to provide per-resource error handling. This can be disabled via the perResourceError setting.
• 390 - DI/1 now considers missingBean() to be a fully supported extension point that allows users to handling getBean() calls for unknown beans by any means, including creating and returning their own beans.
• 389 - A new setting decodeRequestBody tells FW/1 to deserialize the JSON-encoded body of an HTTP request.
• 388 - The statusCode and jsonpCallback arguments to renderData() have been deprecated and a new builder syntax has been added to support all possible parameters available when rendering data, e.g., renderData( "json" ).data( result ).statusCode( 202 ).
• 387 - A new setting preflightOptions tells FW/1 to provide built-in support for HTTP OPTIONS. An additional setting optionsAccessControl allows you to fine tune the Access-Control-* headers returned.
• 386 - Routes can now have $* as an explicit wildcard for the HTTP method.
• 385 - The new renderData() build syntax supports statusText() to set the HTTP response status text.
• 328 - The renderData() type may be a function/closure that returns contentType, rendered content, and an optional writer for delivering the data to the browser.

Bug Fixes

• 449 - Fix race condition in DI/1’s bean resolution caching.
• 446 - Fix bug in $RESOURCES when nested resource appeared in multiple resources.
• 440 - Improved thread safety on application reloading. Even reloadApplicationOnEveryRequest : true should be safe now!
• 429 - Removed expandPath() in calls to cachedFileExists().
• 427 - Fixed bug that prevented before() / after() working in Clojure controllers; fixed bug that caused Clojure controller shims to be created twice.
• 422 - Fix bug with case insensitive routes.
• 420 - Fix bug in transient autowiring (caused by caching metadata).
• 395 - Corrected calls to buildURL() in examples.