2020-04-14 Weekly News - Episode 49

Watch the video version on YouTube at https://youtu.be/ajxoFXlo6oQ


Hosts:

Eric Peterson - Software Consultant for Ortus Solutions
Gavin Pickin - Software Consultant for Ortus Solutions


Thanks to our Sponsor - Ortus Solutions
Show your support, and visit our BoxLife Store Has Come to Life!

Patreon Support
We are at the 43% mark for fully funding all of our Modernize or Die Podcasts via our Patreon site: patreon.com/ortussolutions . If you love our podcasts and all we do for the #coldfusion #cfml community consider chipping in, we are almost there!
https://www.ortussolutions.com/blog/we-need-your-help



News and Events


Our BoxLife Store Has Come to Life!

At Ortus, we are living the #BoxLife. This encompasses taking pride in all things #Box, as well as creating new products that align with our pillars of modernization and innovation. It was then that our designers were tasked with creating designs that would represent what we love and do.

For our debut, we chose Astro Girl, which symbolizes the strength and ambition of women in every field. Next, we have our Love for Coding design. This one came about in our February blogs and newsletter. What else could better represent us than our love for coding? Following we have our Modernize or Die art. There is no way we could exclude our motto and guiding principle.  Up next, we have our ColdBox hero. Our beloved logos were also taken into consideration and were given a line just for them. We will be adding more of these in due time.

Blog: https://www.ortussolutions.com/blog/our-boxlife-store-has-come-to-life
Store: https://www.ortussolutions.com/shop#!/all?listModeOverride=DESIGN


Free Into the Box ticket on Twitter

Find out tweet, reply and retweet to go into the draw for a free ticket to INTO THE BOX online conference in under a month.
https://twitter.com/ortussolutions/status/1248718662455955457


Adobe ColdFusion (2018 release) Update 9 and ColdFusion (2016 release) Update 15 released

In this update, apart from fixing the security vulnerabilities, we’ve also added SameSite cookie support for cfcookie.
These updates fix security vulnerabilities that are mentioned in the security bulletin,  APSB20-18.
Please update your ColdFusion versions today. Let us know if you face any issues while installing the updates. Your feedback is essential to further enhancing the product.
We thank you for your continuing support.
https://coldfusion.adobe.com/2020/04/coldfusion-2018-release-update-9-coldfusion-2016-release-update-15-released/


CFWheels 2.1 Released

Today sees the release of CFWheels 2.1. Only a couple of bug fixes since the beta, so please refer to the changelog for a list of all changes.
https://cfwheels.org/blog/cfwheels-2-1-released/


VS Code Extension released

We are so excited to announce the first release of the CommandBox VSCode extension. This extension is thanks to the great work of (Kamasamak - Matthew Brown) and will integrate CommandBox into VS Code.
https://www.ortussolutions.com/blog/vscode-commandbox-extension-released


cbORM v2.5.0 released

We are so excited to bring you yet another minor release for our cborm project to version 2.5. This is a very exciting release as it brings about automatic RESTFul CRUD for ORM entities based on ColdBox 6 resources.
https://www.ortussolutions.com/blog/cborm-v250-released


Quick 3.0.0 Alpha Extensive Blog Post and Docs have Started

Released, live on the show last week… available as `quick@3.0.0-alpha.1` on ForgeBox.
https://www.ortussolutions.com/blog/quick-v300-alpha-released



What's New In CommandBox 5  Screencast Series

Brad recorded a series of Screencasts being released every Tuesday and Thursday, this is what has been released so far.

New - Undertow Options - https://www.ortussolutions.com/blog/whats-new-in-commandbox-5-undertow-options

New - Tuning Web Server Max Requests - https://www.ortussolutions.com/blog/whats-new-in-commandbox-5-tuning-web-server-max-requests

Lucee Extension Management - https://www.ortussolutions.com/blog/whats-new-in-commandbox-5-lucee-extension-management

Git Access Tokens - https://www.ortussolutions.com/blog/whats-new-in-commandbox-5-git-access-tokens

Library Updates - https://www.ortussolutions.com/blog/whats-new-in-commandbox-5-library-updates


Upcoming Ortus Webinar - What's New with CommandBox 5 with Brad Wood

April 30th 11:00 AM EST (GMT -5:00)
Registration is open for April's webinar! You may have noticed that #CommandBox 5.0 released recently and it has many new features and enhancements to improve your development workflow.
Register today
https://www.ortussolutions.com/events/webinars


Past Adobe Webinar - Journey through the Adobe ColdFusion Performance Monitoring Tool

Presenter: Elishia Dvorak
April 9th, 11am PDT
This session is all about demos, no slides! From start to finish, we’ll take you through the nitty gritty of troubleshooting and setting yourself up in Adobe’s ColdFusion Performance Monitoring Tool to troubleshoot the main issues that keep you awake at night. We’ll run through setting up different types of notifications, threshold settings, auto tuning, and even some simulations to give you a good sense of how the PMT can help you diagnose your craziest ColdFusion issues.
https://cfwebinar-journey-pmt.meetus.adobeevents.com/


Reminder: ContentBox CMS Customer Experience Survey

ContentBox, our signature professional open-source modular content management system for ColdFusion (CFML),  recently celebrated 8 years in the market. For sure, it has been a solid base for many companies to easily build websites, blogs, wikis, complex web applications, and RESTFul web services.
We are ramping up our planning for our next generation of the ContentBox platform and we need your feedback.
Please take some time to let us know your opinion, so we can start cooking some CMS goodness!
https://docs.google.com/forms/d/e/1FAIpQLScs2sbby0zLu6kJSQA_VqT5-ZGYsLpCI7IRgJMepxPk-BG8gw/viewform


Reminder: State of the CF Union 2020 Survey

VOTE FOR OUR PODCASTS
Help us find out the state of the CF Union – what versions of CFML Engine do people use, what frameworks, tools etc. We will share the summary results with everyone who completes the survey so that you can see how you compare with other CF developers.
Most questions are multiple choice checkboxes that are fast to answer. Thanks for your time completing this survey!
https://teratech.com/state-of-the-cf-union-2020/


Adobe Usage Survey

The purpose of this survey is to understand your usage of ColdFusion.
The information gathered here will be very important to us and will help determine the current usage patterns of the product.
Thanks for your time.
https://www.surveymonkey.com/r/Y5JDSVY



Conferences


Adobe CF Summit East 2020 - Cancelled
https://carahevents.carahsoft.com/CFSummit2020/

Adobe - ColdFusion Specialist Certification POST Conference - CANCELLED
https://carahevents.carahsoft.com/CFSummit2020/Custom?id=3408

Ortus Solutions - Build Secure MVC ColdFusion Applications - Pre Conference - Cancelled
https://www.ortussolutions.com/blog/ortus-solutions-dc-workshop-is-cancelled-due-to-covid-19-concerns


Into the Box 2020 - Virtual Online Conference

Thursday May 7th and Friday May 8th, 2020.
The conference will take place on the same days, with the same schedule, all online.
Sessions will be streamed live and recorded so attendees can watch all the sessions, even the sessions they cannot attend.

Keynote will be streamed live for free.
The conference tickets are $199 ( massive discount from the in person conference )
Register now: https://intothebox.org/

Previous ITB Videos on Sale
Can’t wait for this year’s ITB, you can watch videos from last year and the year before for price of $9.99 each.
https://vimeo.com/ondemand/itb2019
https://vimeo.com/ondemand/intothebox2018

Workshops
Workshops are being refunded and will be scheduled at later times to give everyone an opportunity to attend one or more workshops as they are delivered online.


Adobe ColdFusion Developer Week

The developer week webinars would cover all these topics and much more. This is a series of free, live webinars where the audience would be able to hear from the best developers in the ColdFusion world.
If you are a new developer, someone with little or no ColdFusion experience, or even if you have been using ColdFusion all your life, these sessions are ideal for you. The ColdFusion Developer Week provides something for everyone so sign up now.
May 18th - 22nd - Online
2 Sessions per day - 10 sessions through the week.
Free - Register Online
https://cf-devweek.meetus.adobeevents.com/


DockerCon - Live

May 28, 2020 : 9:00 - 5:00 PM GMT-7 (PDT)
DockerCon is going digital with theCUBE! We’ve designed a 1-day conference that’s free and completely online. You’ll hear from speakers in live interviews with theCUBE, hang out with Docker experts in the live hallway track, and watch recorded sessions while chatting live with the speakers.
Choose from 3 simultaneously streaming channels or jump between them all to experience DockerCon your way.
https://www.docker.com/dockercon/


CF Summit West

October 28-29
Mirage Hotel
https://cfsummit.adobeevents.com/


CF Camp
TBA

More conferences: https://confs.tech/



Blogs, Tweets and Videos of the Week


Blog - Saurav Ghosh - Adobe - Adobe ColdFusion (2018 release) Update 9 and ColdFusion (2016 release) Update 15 released
In this update, apart from fixing the security vulnerabilities, we’ve also added SameSite cookie support for cfcookie.
These updates fix security vulnerabilities that are mentioned in the security bulletin,  APSB20-18.
Please update your ColdFusion versions today. Let us know if you face any issues while installing the updates. Your feedback is essential to further enhancing the product.
We thank you for your continuing support.
https://coldfusion.adobe.com/2020/04/coldfusion-2018-release-update-9-coldfusion-2016-release-update-15-released/


Blog - Ortus Solutions - Our BoxLife Store Has Come to Life!
After months of preparation, we are very excited to bring you our BoxLife Store. At Ortus, we are living the #BoxLife. This encompasses taking pride in all things #Box, as well as creating new products that align with our pillars of modernization and innovation. It was then that our designers were tasked with creating designs that would represent what we love and do.
https://www.ortussolutions.com/blog/our-boxlife-store-has-come-to-life


Video - Brad Wood - Ortus Solutions - What's New In CommandBox 5 - Undertow Options
Learn how to configure the underlying options of the JBoss Undertow web server and servlet container in CommandBox 5.
https://www.ortussolutions.com/blog/whats-new-in-commandbox-5-undertow-options


Blog - Luis Majano - Ortus Solutions - VSCode CommandBox Extension Released
We are so excited to announce the first release of the CommandBox VSCode extension. This extension is thanks to the great work of (Kamasamak) and will integrate CommandBox into VS Code.
https://www.ortussolutions.com/blog/vscode-commandbox-extension-released


Blog - Ben Nadel - Rediscovering My Love Of ColdFusion And CFML In 2020
I've never been shy about how much I enjoy ColdFusion. So many wonderful things in my life have sprung from the fact that I happened to get an internship under Glen Lipka 20-years ago; and, that his company happened to be using ColdFusion 4.5. But, my relationship with ColdFusion hasn't always been rosy. We've had our good times and our bad times. And, sometimes, getting ColdFusion to do what I want has felt like a frustrating labor of love. But, when I sit back and reflect on my last year-or-so at InVision, I'm seeing now that - without question - I've fallen completely back in love with ColdFusion and CFML.
https://www.bennadel.com/blog/3809-rediscovering-my-love-of-coldfusion-and-cfml-in-2020.htm


Blog + Video - Ben Nadel - Executing Command-Line Processes From A Working Directory Using ProcessBuilder In Lucee CFML 5.2.9.31
In ColdFusion, we've always had the CFExecute tag as a means to execute external command-line processes from within our CFML code. However, one of the big missing features in the CFExecute tag API is the ability to set the "working directory" for the execution. In many cases, this doesn't matter. However, for some processes, the working directory is used to change the behavior of the execution. Inspired by Brad Wood (see Tweet thread), I wanted to take a look at how I might execute external processes from a given working directory using Java's ProcessBuilder class in Lucee CFML 5.2.9.31.
https://www.bennadel.com/blog/3810-executing-command-line-processes-from-a-working-directory-using-processbuilder-in-lucee-cfml-5-2-9-31.htm


Blog - Tom King - CFWheels - CFWheels 2.1 Released
Today sees the release of CFWheels 2.1. Only a couple of bug fixes since the beta, so please refer to the changelog for a list of all changes.
https://cfwheels.org/blog/cfwheels-2-1-released/


Blog - Zac Spitzer - serializeJSON supports two additional query serialization formats for JSON
Oh, #Lucee also supports two additional query serialization formats for JSON, "row" and "column". Discovered them whilst updating the docs example and happened to ponder what happens if I replace 'struct' with 'blah'
https://docs.lucee.org/reference/functions/serializejson.html


Video - Matthew Clemente - Using Multiselect Inputs in CommandBox Custom Commands
Multiselect inputs are a very versatile interactivity prompt within the CommandBox CLI. They work a lot like radio buttons, checkboxes, or select options in HTML. Instead of allowing a user to enter freetext, you present a list of choices, eliminating the risk of typos, and standardizing the results. In this video, we cover how to add multiselect inputs to your custom commands, making selection required, pre-selecting options, enabling multiple items to be selected, and more.
https://www.youtube.com/watch?v=1AahvzEukw4&feature=youtu.be


Blog - James Moberg - Supporting ColdFusion with Command Line Programs
Here are some supporting Windows command line programs that I've been using with Adobe ColdFusion. (I'll be posting another list of "supporting java libraries" soon.)
https://dev.to/gamesover/supporting-coldfusion-with-command-line-programs-2plj


Blog - Luis Majano - Ortus Solutions - cbORM v2.5.0 Released!
We are so excited to bring you yet another minor release for our cborm project to version 2.5. This is a very exciting release as it brings about automatic RESTFul CRUD for ORM entities based on ColdBox 6 resources.
https://www.ortussolutions.com/blog/cborm-v250-released


Blog - Tony Junkes - Implementing RuleBox In Your FW/1 Applications
This one has been a long time coming. While attending the Adobe ColdFusion Summit 2019, I was able to catch Luis Majano's talk on RuleBox. From the moment it's features started to click in my mind, I thought this would be cool to use in Framework One.
https://tonyjunkes.com/blog/implementing-rulebox-in-your-fw1-applications/


Video - Brad Wood - Ortus Solutions - What's New In CommandBox 5 - Tuning Web Server Max Requests
Learn how to tune your web servers' max requests in CommandBox 5.
https://www.ortussolutions.com/blog/whats-new-in-commandbox-5-tuning-web-server-max-requests


Blog + Video - Ben Nadel - Understanding ReadOnly And Exclusive Named Locks In Lucee CFML 5.3.5.92
The other weekend, as I was reading through the Learn Modern ColdFusion <CFML> in 100 Minutes book by Ortus Solutions, something about the way in which they described the CFLock tag really clicked for me. Historically, my understanding of the different types of locking has been fairly poor. As such, I tend to just lean on exclusive name locks all the time. But, those Ortus chaps really broke down my mental barrier; and I think I get it! So, I wanted to see if I could create a ColdFusion locking demo that would help me convince myself that I finally understand the interplay between ReadOnly and Exclusive named locks in Lucee CFML 5.3.5.92.
https://www.bennadel.com/blog/3808-understanding-readonly-and-exclusive-named-locks-in-lucee-cfml-5-3-5-92.htm


Blog - David Byers - ColdFusion Portal - Best Practices for Secure Password Storage in ColdFusion
In today’s post, I want to discuss best practices for storing passwords securely.  The examples I will provide are directed towards ColdFusion development. However, this is not limited to ColdFusion; these principles apply to any software development project.
The first best practice of secure password storage is: Never, ever, ever, ever, ever, ever store passwords in the clear.
https://coldfusion.adobe.com/2020/04/best-practices-secure-password-storage-coldfusion/


Blog - Pete Freitag - Acme Client Error Valid not acceptable for finalization
I have a few static sites that are hosted using Netlify. I received an email from Netlify about one of my sites, a Content-Security-Policy Header Reference that said:
Failed to renew TLS certificate for content-security-policy.com. The TLS certificate for content-security-policy.com will expire on Apr 23, 2020. We tried to renew it, but got this error message: Acme::Client::Error: Order's status ("valid") is not acceptable for finalization
https://www.petefreitag.com/item/898.cfm


Blog - James Moberg - ColdFusion Query-of-Query Reserved Words or Bug?
I encountered an Adobe ColdFusion error where a query would throw an error if certain column names were accessed. A third-party client uploaded an Excel file using "first" and "last" column names. When I attempted to access those columns independently using ColdFusion 2016.0.14.318307 with a query-of-queries CFQuery, an error "Query Of Queries syntax error. Encountered FIRST. Incorrect Select List, Incorrect select column," was thrown. I checked the official about and user guide support pages and there's no indication that any column names are reserved. (NOTE: I'm also using the Microsoft JDBC Driver for SQL Server instead of the native DataDirect drivers when performing non-in-memory SQL queries.)
https://dev.to/gamesover/coldfusion-query-of-query-reserved-words-or-bug-4ppf


Blog - Pete Frietag - Bash Loop To Wait for Server to Start
I had a client working on setting up Fixinator to start up the Fixinator Enterprise Scanning server to run within their Continuous Integration pipeline. The CI script needs to pause or sleep for a few seconds while the server starts up.
I came up with a generic bash script that will loop and and attempt to ping the server using curl (makes a HTTP request), then sleep. For a script like this you don't want it to run forever, so it will timeout after a certain number of attempts.
Here's my script to loop and wait for the server to start:
https://www.petefreitag.com/item/897.cfm


Blog - Eric Peterson - Ortus Solutions - Quick v3.0.0 Alpha Released
It's finally here, the first alpha of Quick 3.0.0. This release is jam packed with features and improvements to make your development take off. You can install it via CommandBox and ForgeBox with box install quick@3.0.0-alpha.1
The alpha is geared toward existing Quick users. The docs are underway and a beta release will accompany the completion of the documentation for 3.0.0. For now, this blog post, the git history, and the source code will be your documentation. Great care has been taken to update all of the docblocks to be accurate and informative. This should help you in your testing.
https://www.ortussolutions.com/blog/quick-v300-alpha-released


Video - Brad Wood - Ortus Solutions - What's New In CommandBox 5 - Lucee Extension Management
Learn how you can use CommandBox to manage your Lucee Extensions.
https://www.ortussolutions.com/blog/whats-new-in-commandbox-5-lucee-extension-management


Blog - Elishia Dvorak - Adobe - Adobe ColdFusion Developer Week 2020
We’re just as disappointed as you are about the recent cancellation of Adobe ColdFusion Summit East in Washington, D.C., and so we’ve decided to pivot the event into a FREE online developer week. We’re bringing you all the content in presentations over live webinars that will be recorded and available for future viewing over the week of May 18-22. So, please join us from the comfort of your home to spend time with your development community and learn all about what’s new in ColdFusion and cutting edge development topics.
https://coldfusion.adobe.com/2020/04/adobe-coldfusion-developer-week-2020/



CFML Jobs

Several positions available on https://www.getcfmljobs.com/
Listing over 22 ColdFusion positions from 19 companies across 16 locations in 5 Countries

5 new jobs this week.

Full-Time - ColdFusion developer at Bengaluru, Karnataka - India
Posted Apr 09
https://www.getcfmljobs.com/jobs/index.cfm/india/ColdFusion-developer-at-Bengaluru-Karnataka/11051

Full-Time - ColdFusion Software Developer at Albany, NY - United States
Posted Apr 09
https://www.getcfmljobs.com/jobs/index.cfm/united-states/ColdFusion-Software-Developer-at-Albany-NY/11050

Full-Time - ColdFusion Software Engineer at Washington, DC - United States
Posted Apr 08
https://www.getcfmljobs.com/jobs/index.cfm/united-states/ColdFusion-Software-Engineer-at-Washington-DC/11048

Full-Time - Senior ColdFusion Developer at Remote - United States
Posted Apr 07
https://www.getcfmljobs.com/jobs/index.cfm/united-states/Senior-ColdFusion-Developer-at-Remote/11047

Full-Time - Coldfusion Developer at Kansas City, KS - United States
Posted Apr 07
https://www.getcfmljobs.com/jobs/index.cfm/united-states/ColdFusion-Developer-at-Kansas-City-KS/11046



ForgeBox Module of the Week

ColdBox Cross Site Request Forgery (CSRF) Tokens v2.0.1+24

A module that protects you against CSRF attacks by generating unique FORM/client tokens and providing your ColdBox application with new functions for verifying these tokens.

Even though every CFML engine offers these functions natively, we have expanded them and have made them more flexible and more secure than the native CFML functions.

Features include:
- Ability to generate security tokens based on your session
- Automatic token rotation when leveraging cbauth login and logout operations
- Ability to on-demand rotate all security tokens for specific users
- Leverages cbStorages to store your tokens in CacheBox, which can be easily distributed and clustered
- Ability to create multiple tokens via unique reference keys
- Auto-verification interceptor that will verify all non-GET operations to ensure a security token is passed via rc or headers
- Auto-sensing of integration testing so the verifier can allow testing calls
- Token automatic rotation on specific time periods for enhance security
- Helpers to automatically generate hidden fields for the token
- Automatic generation endpoint that can be used for Ajax applications to request tokens for users

box install cbcsrf

https://www.forgebox.io/view/cbcsrf



VS Code Hint Tips and Tricks of the Week

Markdown All in One

By Yu Zhang
Yzhang.markdown-all-in-on 1,315,949 installs 5 stars

All you need for Markdown (keyboard shortcuts, table of contents, auto preview and more).
- Keyboard shortcuts (toggle bold, italic, code span, strikethrough and heading)
- Table of contents
- List editing
- Print Markdown to HTML
- GitHub Flavored Markdown
- Auto completions

https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one



Thank you to all of our Patreon Supporters

New Patreon Supporter Brett DeLine

These individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox, ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox.

You can support us on Patreon here https://www.patreon.com/ortussolutions

Ben Nadel
Brett DeLine
Da Li
Dan Card
Daniel Garcia
David Belanger
Didier Lesnicki
Don Bellamy
Erick Hoffman
Gary Knight
Jan Jannek
Jeremy Adams
Jordan Clark
Joseph Lamoree
Kai Koenig
Laksma Tirtohadi
Matthew Clemente
Mingo Hagen
Ryan Hughes
Scott Steinbeck
Shawn Oden
Steven Klotz
Synaptrix
Yogesh  Mathur

You can see an up to date list of all sponsors on Ortus Solutions' Website
https://ortussolutions.com/about-us/sponsors