1.11.0

March 4, 2026

BoxLang 1.11.0 is a highly focused performance and stability release. The team invested heavily in runtime optimizations across bytecode generation, class loading, lock management, and type casting — delivering measurable speed improvements for nearly every BoxLang application. This release also introduces new developer tooling, enhanced configuration capabilities, and resolves critical concurrency bugs in the locking system and DateTime casting pipeline.

🚀 Major Highlights

⚡ Performance Wave — Across-the-Board Runtime Speedups

BoxLang 1.11.0 includes over 15 targeted performance improvements that collectively make every BoxLang application faster with zero code changes required:

Bytecode & Compilation:

Optimized bytecode generation to avoid unnecessary casts during value operations
Cached isFinal and isAbstract flags at compile time instead of computing them at runtime
Reworked FQN (Fully Qualified Name) parsing to avoid expensive regex operations
Improved ClassInfo lookup during compilation using better caching strategies
Optimized ClassLocator cache key generation by improving hashCode() creation

Runtime Execution:

// These operations are ALL faster in 1.11.0
result = myClass.doWork()           // Faster class construction via this.get()
found = myArray.find( "value" )     // arrayFind optimized, avoids stream overhead
flag = isBoolean( "true" )          // Faster boolean string parsing
someBif( arg1, arg2 )               // Function arg/return type casting via keys, not reflection

Memory & Concurrency:

Cached closest variables scope reference in function contexts
Cached web request config instead of re-resolving per request
Case-insensitive string matching now uses an optimized algorithm
Reduced toRealPath() calls that were silently adding overhead on every file operation
Simplified constructor path for Box Classes reduces object creation overhead
Removed function inner classes, reducing class loading and GC pressure
Avoided Map.containsValue() in UDF invocation (linear scan → constant time)

🔒 Concurrency & Lock Safety

Critical fixes to the exclusive lock and bx:lock (cflock) race condition ensure that concurrent sections are truly thread-safe:

Before 1.11.0, exclusive locks could occasionally allow more than one thread to enter a supposedly exclusive section under high load. Both BL-2203 and BL-2205 addressed this:

// This critical section is now truly exclusive under concurrent load
lock name="processPayment_#orderId#" type="exclusive" timeout="30" {
    // Only ONE thread will be here at a time — guaranteed in 1.11.0
    if ( !paymentProcessed( orderId ) ) {
        processPayment( orderId )
    }
}

Additionally, lock storage has been improved (BL-2201) for better performance and memory efficiency.

🗓️ DateTime Casting Reliability

A comprehensive sweep of DateTime casting fixes ensures robust date handling across all common formats:

// All of these now work reliably in 1.11.0
date1 = createDateTime( "01-31-2026 23:59:59" )  // BL-2189
date2 = createDateTime( "9-30-2010" )             // BL-2222
date3 = parseDateTime( "2026-01-31 00:00:00.000" ) // ODBC Timestamp (BL-2143)

// Query of Queries with ODBC Timestamp columns now compiles correctly
qoq = queryExecute(
    "SELECT * FROM myQuery WHERE dateCol > :dt",
    { dt: now() },
    { dbtype: "query" }
)  // BL-2144 - no more compile error

// DateTimeCaster now handles ODBC Date/Time formats
cast1 = dateTimeFormat( odbcDate, "yyyy-mm-dd" )     // BL-2188

🆕 `enforceUDFTypeChecks` Configuration Setting

A new runtime setting allows you to skip UDF argument and return type validation for maximum compatibility or performance tuning in trusted codebases:

// boxlang.json
{
    "enforceUDFTypeChecks": false
}

When set to false, BoxLang will skip argument type validation and return type casting on function calls. This acts much how the Java compiler does generic type erasure — it removes the layer of runtime type safety checks, which can improve performance but also means that type mismatches won't throw errors. Thus we always recommend you type your UDFs and keep this setting enabled for the best balance of safety and performance.

⏱️ `getTickCount()` — Nanosecond & Second Precision

getTickCount() now supports nano and second units in addition to the existing millisecond support:

// Measure with nanosecond precision for micro-benchmarks
start = getTickCount( "nano" )
// ... do work ...
elapsed = getTickCount( "nano" ) - start
println( "Elapsed: #elapsed# ns" )

// Or measure in seconds for coarse timing
start = getTickCount( "second" )
sleep( 2000 )
elapsed = getTickCount( "second" ) - start
println( "Elapsed: #elapsed# seconds" )  // 2

🗑️ New BIF: `ExecutorDelete()`

The missing ExecutorDelete() BIF has been added, completing the executor management API:

// Create an executor
myExecutor = executorNew( "myPool", "fixed", 10 )

// ... use it ...
future = executorSubmit( myExecutor, () => doWork() )

// Clean up when done — now properly removes the executor from the registry
executorDelete( "myPool" )

Previously, shutting down an executor did not remove it from the executor registry (BL-2168), which could cause issues when recreating executors with the same name. ExecutorDelete() now handles full cleanup.

🤖 Core Runtime Updates

🏗️ Class System Improvements

Super class loading improved to handle complex inheritance hierarchies more reliably (BL-2211)
Abstract class enforcement relaxed — abstract classes are no longer required to implement all interface methods (BL-2251), matching Java/CFML semantics
Typed array returns no longer throw NPE when a class is instantiated via a different invocation path (BL-2237)
Implicit accessors now generate the correct return type in method signatures instead of always using any (BL-2195)
isFinal/isAbstract cached at compile time for major performance gains during runtime class checks (BL-2254)

🧵 Thread & Execution Fixes

Executor shutdown now properly removes the executor from the registry (BL-2168)
Parser concurrency issue in LSP fixed when getting cache size (BL-2253)
Duplicate bytecode methods no longer generated in edge cases (BL-2207)
Incompatible stack heights when not assigning new Foo() resolved (BL-2213)
Illegal exception table range in class files fixed (BL-1916)

📊 Query System

QueryNew() and queryAddRow() now properly validate column types (BL-2247)
distinct(col) no longer confused with a function name in QoQ (BL-2221)
QoQ with ODBC Timestamp format columns now compiles correctly (BL-2144)
Query column scope no longer found in loops for assignment (BL-2208), fixing variable scoping edge cases

🔤 String & Type Improvements

quotedValueList() now correctly wraps values in single quotes (not double quotes) per CFML spec (BL-2185)
base64_or_object and mimetype keys no longer have trailing spaces (BL-2180)
compareTo() date member method no longer incorrectly attaches to zero-valued BigDecimal (BL-2166)
println() can now be called with no arguments to output an empty line — no more println("") workaround (BL-2200)

🌐 XML Handling

Deleting a non-existent key from XMLAttribute no longer throws an error (BL-2231)
XMLChildren now updates correctly in all mutation cases (BL-2240)
WDDX now properly escapes special characters in attribute values (BL-2216)

🔐 Transaction & Stored Procedures

Transaction end action no longer throws an error when a stored procedure was executed within the transaction (BL-2157)
Transaction action attribute is now case-insensitive (BL-2238)

📡 MiniServer Runtime Updates

📁 `.boxlang.json` Convention

The MiniServer now automatically detects and loads a .boxlang.json file from the current working directory, merging it with the base BoxLang configuration:

# If .boxlang.json exists in the project root, it's automatically loaded
$ boxlang server start

# .boxlang.json
{
    "enforceUDFTypeChecks": false,
    "defaultDatasource": "mydb"
}

This makes project-level BoxLang configuration portable and self-contained — ideal for containerized deployments and team environments.

⚙️ Undertow / Socket / WebSocket Options

You can now influence Undertow, socket, and WebSocket low-level options directly from miniserver.json:

{
  "undertow": {
    "ioThreads": 8,
    "workerThreads": 64,
    "bufferSize": 16384
  },
  "socket": {
    "tcpNoDelay": true,
    "reuseAddress": true
  },
  "websocket": {
    "maxFrameSize": 65536,
    "maxTextMessageSize": 65536
  }
}

📂 Logging Directory Output

The MiniServer now logs the logging directory path during startup (BL-1342), making it easier to locate log files:

[BoxLang] MiniServer starting...
[BoxLang] Logging directory: /home/app/.boxlang/logs
[BoxLang] Server started on http://localhost:8080

🔄 Undertow Upgrade

Undertow has been upgraded to 2.3.23.Final, bringing the latest HTTP server fixes and security patches to the MiniServer runtime.

🌐 Web Support Updates

🔀 Pre-Request Interception for Request Rerouting

A new interception point fires before onRequestStart, enabling interceptors to reroute requests before the application lifecycle begins. This enables powerful request gateway patterns — A/B routing, feature flags, maintenance mode, and tenant routing — all handled before the application overhead kicks in.

🛠️ Developer Experience

🌳 Enhanced `--bx-printast` Tooling

The --bx-printast CLI flag now supports file paths and standard input piping, making it far more useful for debugging parser output and build tooling integration:

# Print AST for a file
boxlang --bx-printast /path/to/MyClass.bx

# Pipe source code directly
echo 'result = 1 + 2' | boxlang --bx-printast

# Integrate with editors/build tools
cat MyComponent.bx | boxlang --bx-printast | jq '.body[0]'

🧩 SOAP Client — Binary and Map Type Support

The SOAP client now supports additional complex types for requests and responses, including binary data and maps/structs. It also allows you to execute methods directly without using the invoke() method, we will route the call to the correct method based on the arguments you pass in.

ws = soap( "http://example.com/DataService?wsdl" )

// Send binary data
result = ws.uploadDocument({
    name: "report.pdf",
    data: fileReadBinary( "/reports/annual.pdf" )  // Binary now supported
})

// Send map/struct data
result = ws.updateRecord({
    id: 123,
    metadata: { region: "US", tier: "premium" }   // Map/Struct now supported
})

🔧 Session Configuration in `boxlang.json`

Two previously missing session configuration settings are now supported in boxlang.json:

{
    "sessionManagement": true,
    "sessionCluster": false
}

sessionManagement — Enable/disable session management globally
sessionCluster — Enable session clustering support across nodes

📋 Improved CLI Error Messages

CLI error messages have been improved to provide clearer context and actionable information when BoxLang scripts fail (BL-2212).

🐛 Notable Bug Fixes

Ticket

Summary

BL-2203

Exclusive locks sometimes allowed multiple threads into the locked section

BL-2205

cflock race condition under high concurrency

BL-2189

Can't cast 01-31-2026 23:59:59 to a DateTime

BL-2143

DateTime Default ODBC Timestamp format was incorrectly quoted

BL-2157

Transaction end threw error when a stored procedure was executed within

BL-2165

getCurrentTemplatePath() didn't work inside a catch block

BL-2196

ENV secrets expand issue on Docker images due to *_FILE greediness

BL-2206

Parser error with extra pound signs

BL-2209

Module service re-activated modules whose moduleName was overridden in box.json

BL-2217

Module public remote class requests did not fire Application lifecycle events

BL-2236

CFML compat: form, url, and CGI scopes incorrectly scope-hunted during assignment

BL-2242

Compat: Null in switch statement threw error

BL-2251

Abstract class incorrectly required to implement all interface methods

🔧 Configuration Updates

enforceUDFTypeChecks — New boolean setting in runtime to disable UDF argument/return type validation
sessionManagement — Enable/disable session management globally in boxlang.json
sessionCluster — Enable distributed session clustering in boxlang.json
.boxlang.json convention — MiniServer now auto-loads this file from the working directory

🎶 Release Notes

Bugs

BL-1916 Illegal exception table range in class file

BL-2002 cffile upload - upload fails if `accept` attribute is added

BL-2143 DateTime Default ODBC Timestamp format is being incorrectly quoted

BL-2144 QoQ Does not Compile when query contains ODBC Timestamp format

BL-2157 Transaction End Throws Error When Stored Procedure is Executed Within

BL-2160 Compat: RSA Private Key Encryption Not Supported

BL-2163 Exception Util License Exception Check swallows error if message is null

BL-2165 getCurrentTemplatePath() doesn't work inside a catch block

BL-2166 compareTo() date member method attaching to zero-valued BigDecimal

BL-2168 Executor Shutdown was not removing the discarded executor

BL-2180 base64_or_object and mimetype keys have a space at the end

BL-2185 quotedvaluelist() is supposed to wrap in single quotes, not double quotes

BL-2186 remote cfc invocation doesn't support argumentCollection

BL-2188 DateTimeCaster does not support ODBC Date and ODBC Time formats

BL-2189 Can't cast [01-31-2026 23:59:59] to a DateTime

BL-2192 Invoke Webservice does not provide Proper SOAP payload Request

BL-2195 Implicit accessors always generate "any" as returntype in method signature

BL-2196 ENV secrets expand issue on BoxLang Docker base images due to *_FILE greedyness

BL-2197 Dump Template Error with Empty Byte Array

BL-2203 Exclusive locks sometimes allow multiple threads to enter the locked section

BL-2205 cflock race condition

BL-2206 Parser error with extra pound signs

BL-2207 duplicate bytecode method

BL-2208 Don't find query columns in loops for assignment

BL-2209 module service re-activates modules whose modulename is overridden in the box.json

BL-2210 moduleconfig and BX BIFs are not loaded with consistent mapping path and class names

BL-2213 incompatible stack heights when not assigning new Foo()

BL-2216 WDDX doesn't escape special chars in attribute values

BL-2217 Module public remote Class requests do not fire Application Lifecycle events

BL-2221 distinct ( col ) confused with function name

BL-2222 DateTime Cast error with `9-30-2010`

BL-2231 deleting non-existent key from XMLAttribute causes XML error

BL-2236 CF doesn't scope hunt form, url, and CGI when assigning

BL-2237 Typed array return throws NPE when class is instantiated with a different invocation path

BL-2238 Transaction action is case-sensitive

BL-2240 XMLChildren doesn't update in all cases

BL-2241 rewrite directoryList( absolute_path=foo )

BL-2242 Compat: Null in switch statement throws error

BL-2243 Compat: Lock component `name` attribute is optional

BL-2244 Compat: Empty Values In Query new DateTime-typed Column Throw casting errors

BL-2245 Compat: FileUpload allows `filefield` to be prefixed with `Form.`

BL-2246 Compat: `File` component action also creates a `file` variable, instead of just `cffile`

BL-2247 QueryNew() and queryAddRow() are missing column type validation

BL-2251 Abstract class required to implement all interface methods

BL-2253 Parser concurrency issue when getting cache size in LSP

New Features

BL-1859 Add missing session config settings: sessionCluster, sessionManagement in the boxlang.json

BL-2164 Web Support: Implement Interception prior to onRequestStart to handle Request Rerouting

BL-2169 Add missing BIF: ExecutorDelete()

BL-2187 Enhanced boxlang --bx-printast to work with files and stadard in for piping in source code

BL-2202 enforceUDFTypeChecks setting to skip UDF argument and return type validation

BL-2214 Support nano and second for getTickCount()

BL-2248 Add ability to influence the undertow, socket and websocket options from the miniserver.json

Improvements

BL-1342 Consider outputting logging directory when miniserver starts

BL-2151 Improve performance of security allowed BIF/component checks

BL-2152 Avoid concurrent modification exception in config

BL-2153 Performance experiment - reduce toRealPath() calls

BL-2154 Simplify constructor path for Box Classes

BL-2162 Remove use of function inner classes

BL-2181 Ignore empty proxy port in http component

BL-2184 Add exceptions for when preserveSingleQuotes() is required

BL-2199 Interface for objects which can be represented as binary

BL-2200 Allow for println() to print a new line for convenience instead of println( "" )

BL-2201 Improve storage of locks for lock component

BL-2211 Improve class super class loading

BL-2212 Improve CLI error messages

BL-2215 Add SOAP Client support for additional complex types - Binary and Map

BL-2218 Convention: Miniserver should look for `.boxlang.json` file and append it to config

BL-2223 Improve parsing of FQN by avoiding regex

BL-2224 Use optimized case-insensitive string matching logic

BL-2225 improve performance of function arg and return type casting by using keys

BL-2226 optimize bytecode to avoid casting where not needed

BL-2227 faster parsing for boolean caster looking at strings

BL-2228 Optimize ClassInfo lookup when compiling

BL-2229 Optimize arrayFind by avoiding streams

BL-2230 Improve ClassLocator cache key generation time by caching improving hashCode creation

BL-2232 cache closest variables scope ref in function context

BL-2233 improve Class creation by using this.get() instead of dereference() which has more overhead

BL-2234 improve UDF invocation perf by avoiding Map.containsValue()

BL-2235 Cache config in web request context

BL-2249 Upgrade undertow to 2.3.23.Final on MiniServer

BL-2254 For performance cache isFinal and isAbstract field on classes at compile time

BL-2255 Update feature audit to recognize CFC service wrappers

BL-2256 Updated Gradle wrapper to 9.3.1

BL-2257 Bump Jackson Jr to 2.21.1

BL-2258 Bump logback classic to 1.5.32

Previous1.12.0 Next1.10.0

Last updated 3 months ago

Was this helpful?