Upgrade to Coldbox 6 Troubleshooting CB Security

Hi Everyone,

I am in the process of upgrading an application to CF 2021 and Coldbox6.5.2 from CF 2011 and Coldbox 3 or 4 (Cant seem to find the version). I have successfully installed the cborm and cbstorage modules and have been able to reinitialize the application. I am having some trouble getting the app to redirect correctly working and am trying to install cbsecurity. I can see that there is an old security.xml.cfm file that contains the rules for redirecting the app.

My problem is that when I try to re-init the app I get an error (see below). What is happening is something is going wrong when Security.CFC tries to load the rules loader property. I feel like this is something I’m missing in the configuration and coldbox doesn’t know where to look where to look when trying to inject the property for the rules loader.

I’m pretty new at coldfusion and have been tasked with upgrading an app I didn’t write. I would be grateful for any help the community can offer.

Thank you,


Would you mind sharing:

  1. The contents of you box.json (easiest) OR the versions of all your installed dependencies?
  2. The contents of your config/ColdBox.cfc file? (This is where module configuration lives.)

Those two places should help us help you with this. :+1:

Absolutly! and thanks so much here is the box.json below. The config file is large would you like me to paste into the reply or is there a better way to share the file? Is there a specific section of the file you would like to see?















Bob, I’m not sure about Eric, but I’d say the relevant part of config/ColdBox.cfc would be the moduleSettings struct, because any cbSecurity configuration would/should be in there.

Sure, please see below. My older copy of the config file did not have this section and I added this based on the docs to point the module at the location of the rules file.

moduleSettings = {

        // CB Security

        cbSecurity : {

            "rules" : "config/security.xml.cfm"



So sorry but now that I have added this setting back into the config file and reinitialized the app it appears to be working. I am at the try something and see if it works phase. Perhaps one of the many things I have tried corrected this issue.

1 Like

No worries Bob, sometimes that’s just how it goes! Glad you got it sorted!

Hi Michael,

Looks like I accidentally deleted my reply to this post so I’m reposting. I was wrong about fixing the issue. I just thought it was working because I had commented out the interceptor in the Coldbox config file. Please see the interceptors section of my config file below. Any help you can offer is greatly appreciated.

//Register interceptors as an array, we need order

    // NOTE Removed SES interceptor CB6

    interceptors = [















Hmm. I’m curious, what prompted you to add the interceptor config? The Security interceptor is registered automatically for you in the cbSecurity module.

What I suspect is happening is that this interceptor is being registered too early, and it fires before the module is even loaded in ColdBox. I would remove that manual interceptor declaration from the interceptors[] array and just make sure your moduleSettings.cbSecurity config is accurate.

While you’re at it, wiping and reinstalling the module would not hurt. This would ensure you have a correct and up-to-date copy of the module.

rm -rf modules/cbsecurity
box install

Ah ok thank you I will try that. The reason I added it is because it was there before, lol.

1 Like