2021-01-26 Weekly News - Episode 88

Watch the video version on YouTube at https://youtu.be/pTzk0Mdshqk

Hosts:

Gavin Pickin - Software Consultant for Ortus Solutions
Eric Peterson - Software Consultant for Ortus Solutions


Thanks to our Sponsor - Ortus Solutions

One way to say thanks back to Ortus Solutions, is to support CFCasts, which is releasing new content every week


Patreon Support

We have 34 patreons providing 62% of the funding for our Modernize or Die Podcasts via our Patreon site: https://www.patreon.com/ortussolutions. If you love our podcasts and all we do for the #coldfusion #cfml community considers chipping in, we are almost there!
https://www.ortussolutions.com/blog/we-need-your-help



News and Events



Jan 2021 Updates for Java 11 and Java 8

From Charlie Arehart’s blog post
Folks using ColdFusion will want to be aware that last week (Jan 19, 2021) Oracle has released updates to Java 11 and Java 8, the current “Long-Term Support” versions of the Java JVM/JDK, which are supported by the various current and recent versions of CF. The downloads are available on the Adobe page where Adobe offers JVM updates. More about how to proceed to implement the update, in a moment.
As is typical, the JVM update adds some modest features and addresses bug fixes and security issues. For more, see the release notes for Java 11.0.10 and for Java 8 update 281.
https://coldfusion.adobe.com/2021/01/coldfusion-users-note-apply-new-updates-java-11-java-8/


New Lucee Release Candidate 5.3.8.139-RC

There is a new Release Candidate ( 5.3.8.139-RC ) available to download from our download page https://download.lucee.org or via the Lucee Admin.
https://dev.lucee.org/t/new-release-candidate-5-3-8-139-rc/7861


New Book from Luis Majano in the next 2-3 weeks - 102 ColdBox HMVC Quick Tips and Tricks

Coming soon


Elixir v3 Security Update

On January 12, 2021 we became aware of a security vulnerability in ColdBox Elixir. Read the details of what happened, how it may affect you, and how to mitigate the vulnerability.
https://www.ortussolutions.com/blog/coldbox-elixir-v3-security-update



New Lucee Spreadsheet Release v2.14.0

Spreadsheet Library 2.14.0 released. Big changes: POI 5.0 and auto OSGi bundle loading for Lucee (no need for JavaLoader!)
https://github.com/cfsimplicity/lucee-spreadsheet



Introducing the new Ortus Community

Hi everyone, great news!  Ortus is rolling out our new Ortus Community site to help consolidate all of our community support and interaction.  As part of that effort, all our Google Group threads have been imported to the new Ortus Community and effective immediately, our Google Groups are closed for further posting.
If you're a member of our Google groups, don't worry-- your user has already been imported into the community forum and as soon as you sign up, you will be automatically associated with all of your old posts so you can pick up your conversations right where you left off!  We've even added single sign on options for Github, Facebook, Google, and Twitter (coming soon).  If your new account is under a different E-mail address, let us know and we can merge your accounts together.
https://community.ortussolutions.com/


ICYMI - Ortus Webinar - CommandBox Task Runners

Friday, January 22nd - 11:00 AM CDT (GMT -6:00)
Have you ever wished you could create command-line programs using CFML, perhaps to automate a task or handle some long-running process? With CommandBox Task Runners, you easily can! Join Grant Copley for this month's webinar, where we take a close look at this powerful tool within CommandBox and how we can use it alongside our applications.
with Grant Copley
https://www.ortussolutions.com/events/webinars
Recording coming to CFCasts tomorrow 1/27/21



Online CF Meetup - "Securing a ColdFusion Application with Fixinator & FuseGuard", w/ Pete Freitag

Thursday, January 28, 2021
11:00 AM to 12:00 PM CST
In this session we'll take a look at a ColdFusion application that is vulnerable to several security issues. We'll look at some of the security holes in the application, how they can be exploited. Finally we'll use FuseGuard to protect the application, and Fixinator to find and fix some of the vulnerabilities in the application.
https://www.meetup.com/coldfusionmeetup/events/275825925/



ICYMI - Online CF Meetup - "Communication Skills for Technical Engineers & Developers", with Mark Takata

Thursday, January 21, 2021
5:00 PM to 6:00 PM CST
No matter what language, framework or technical skillset you employ in your day-to-day work, the biggest differentiator among engineers, designers & developers is the ability to communicate and engage with end users, stakeholders and business analysts. In this talk, Mark Takata will cover how to improve your ability to communicate with those folks, become an asset for your team & company, and widen the available paths for your future career.
https://www.meetup.com/coldfusionmeetup/events/275712862/
Recording: https://www.youtube.com/watch?v=4TGoDejn8QM



Conferences and Training

VS Code Day

Join the VS Code team and community at a live event just for VS Code users. Get a glimpse of things to come and meet the team who works on VS Code every day.
Watch live: January 27, 2021 from 8 AM to 10:30 AM PST
Re-stream (with live Q&A): January 27, 2021 from 8 PM to 10:30 PM PST
https://code.visualstudio.com/vscode-day


Devnexus

Join the VIRTUAL <dev/>olution
Feb 17 2021 - Online
https://devnexus.com/



Ortus Workshops - Dates coming soon

- Quick - March?
- CommandBox Zero to Hero
- ColdBox Zero to Hero
- ColdBox Hero to SuperHero

Ortus’ Possible Conferences for 2021

Dates subject to change

Due to Online conference overload, we are thinking about not expanding the number of events, but more content in more timezones with a different format.

ITB - Developer Week Style??
With some European Timezone Friendly slots from our European Community Members
May or September 2021

ITB Latam
December 2021

More conferences
Need more conferences, this site has a huge list of conferences for almost any language/community.
https://confs.tech/

CFML Is now on the list - https://confs.tech/conferences/new

PR - https://github.com/tech-conferences/conference-data/issues/1837



Blogs, Tweets and Videos of the Week


Blog - Ben Nadel - Building reMatchGroups() Using reFind() In Adobe ColdFusion 2018 And Lucee CFML 5.3.7.47
The other day, in my post about parsing strings like "5mb" into a number of bytes, I was griping about the fact that the ColdFusion language still doesn't have an reMatchGroups() function. To this, Adam Cameron mentioned that the reFind() function has had a "scope" argument since Adobe ColdFusion 2016 that will cause the Function to return all the matches in the input. I didn't realize this change. As such, I wanted to take a quick look at how reFind() can be used to build my reMatchGroups() function in Lucee CFML 5.3.7.47.
https://www.bennadel.com/blog/3973-building-rematchgroups-using-refind-in-adobe-coldfusion-2018-and-lucee-cfml-5-3-7-47.htm

Related blog post: https://www.bennadel.com/blog/3322-jregex-a-coldfusion-wrapper-around-javas-regular-expression-patterns.htm


Blog - Charlie Arehart - ColdFusion users should note and apply new Jan 2021 updates for Java 11 and Java 8
Folks using ColdFusion will want to be aware that last week (Jan 19, 2021) Oracle has released updates to Java 11 and Java 8, the current “Long-Term Support” versions of the Java JVM/JDK, which are supported by the various current and recent versions of CF. The downloads are available on the Adobe page where Adobe offers JVM updates. More about how to proceed to implement the update, in a moment.
As is typical, the JVM update adds some modest features and addresses bug fixes and security issues. For more, see the release notes for Java 11.0.10 and for Java 8 update 281.
https://coldfusion.adobe.com/2021/01/coldfusion-users-note-apply-new-updates-java-11-java-8/


Tweet - David Levin - Adobe doesn’t name it’s own language in Adobe Summit
@AdobeSummit Excited for this year's Summit. Was surprised to not see Adobe's own development language, #ColdFusion, on the list of programming languages on the registration form! @coldfusion, you guys are still part of the Adobe family, right? #CFML
https://twitter.com/djlevin77/status/1353770115670495234
https://twitter.com/djlevin77/


Blog - Ben Nadel - Code Kata: Parsing Strings Like "5mb" Into A Number Of Bytes In Lucee CFML 5.3.7.47
In yesterday's post about streaming an incremental ZIP file up to Amazon S3 in Lucee CFML, I had to wait until "chunks" were over 5mb (5 megabytes) in size before I could upload them. To do this, I literally calculated the number of bytes that equated to 5mb. Afterwards, I thought it would be nice if there were methods for converting between bytes and larger data-units. As a code kata, I wanted to see if I could create just functions in Lucee CFML 5.3.7.47.
https://www.bennadel.com/blog/3972-code-kata-parsing-strings-like-5mb-into-a-number-of-bytes-in-lucee-cfml-5-3-7-47.htm


Blog / Video - Ben Nadel - Generate And Incrementally Stream A ZIP Archive To Amazon S3 Using Multipart Uploads In Lucee CFML 5.3.7.47
Last week, I looked at using the ZipOutputStream Java class to generate and incrementally stream a Zip archive to the browser using Lucee CFML. In response to that, James Moberg and I were having a discussion about generating Zip archives asynchronously. This got me thinking about pushing the Zip file up to Amazon S3. And, more specifically, if there was a way for me to incrementally stream the Zip archive to S3 as I was generating it. From what I can see, there's nothing about "streams" in the Java SDK for AWS. But, I have used S3's multipart upload workflow to break-apart a file transfer. As a fun experiment, I wanted to see if I could generate and incrementally stream a Zip archive to S3 using this multipart upload workflow in Lucee CFML 5.3.7.47.
https://www.bennadel.com/blog/3971-generate-and-incrementally-stream-a-zip-archive-to-amazon-s3-using-multipart-uploads-in-lucee-cfml-5-3-7-47.htm


Blog - Lucee - New Lucee Release Candidate 5.3.8.139-RC
There is a new Release Candidate ( 5.3.8.139-RC ) available to download from our download page https://download.lucee.org or via the Lucee Admin.
https://dev.lucee.org/t/new-release-candidate-5-3-8-139-rc/7861


Blog - Gregory Alexander - Happy new Year
I hope that everyone has a wonderful New Year and I wanted to provide a status update on Galaxie Blog.
https://gregoryalexander.com/blog/2021/1/22/Happy-New-Year


Blog - Pete Freitag - SessionInvalidate for JEE Sessions
The builtin CFML function sessionInvalidate() works great for invalidating or clearing a ColdFusion session (CFID/CFTOKEN). But it doesn't invalidate the underlying J2EE / JEE session (the JSESSIONID).
https://www.petefreitag.com/item/913.cfm


Live Stream - Matthew Clemente - Retaining Function Order When Reading CFC Metadata (Learning by Trial and Error)
A few weeks (months?) ago I put together a CommandBox custom command to help generate CFC documentation, based on component metadata. I'm going to dive pack into that project to see if I can get it to retain the function order from the CFC, instead of alphabetizing by method name.
https://www.youtube.com/watch?v=iwPN9H1mX3Y&feature=youtu.be


Blog - Eric Peterson - Ortus Solutions - ColdBox Elixir v3 Security Update
On January 12, 2021 we became aware of a security vulnerability in ColdBox Elixir. If an application using ColdBox Elixir bundled any code that contained references to process.env without explicitly setting the value using the webpack.ProvidePlugin then the outputed bundle would contain an object of all the environment variables. This would happen even if it was a vendor library that checked for process.env.* which is very common - many libraries check for process.env.NODE_ENV to enable optimizations or additional development logging. Since JavaScript is shipped to user's browsers, these environment variables are leaked and should be considered comprimised. Many of our own environment variables used in our CI processes were leaked, including SSH keys, S3 credentials, and database credentials. We recommend that you rotate all keys that are in the environment resposible for bundling your code with ColdBox Elixir.
https://www.ortussolutions.com/blog/coldbox-elixir-v3-security-update


Blog - Pete Freitag - Updating Java on ColdFusion or Lucee
As a ColdFusion user you are probably aware that your CFML is compiled into Java byte code and executed by the Java Virtual Machine (JVM). Just like your Operating System or ColdFusion server needs to be patched for security issues, so does your JVM. Oracle typically releases a security patch for Java every quarter.
How do you know when Java Security Patches are released?
https://www.petefreitag.com/item/860.cfm


Blog - Brad Wood - Ortus Solutions - Introducing the new Ortus Community
Hi everyone, great news!  Ortus is rolling out our new Ortus Community site to help consolidate all of our community support and interaction.  As part of that effort, all our Google Group threads have been imported to the new Ortus Community and effective immediately, our Google Groups are closed for further posting.
https://community.ortussolutions.com/
https://www.ortussolutions.com/blog/introducing-the-new-ortus-community


Blog - Brad Wood - Create your own Desktop "Toaster" Popups in CommandBox Servers
Here's a quick one that I tried out for the first time today.  Someone asked if it was possible for a CF app to have a desktop notification on the server it's running.  CommandBox servers have a try icon that runs inside the JVM of the server that can create popups and even Swing windows.  Turns out, it's actually really easy to tap into this to get a toaster popup on your desktop.  Of course, this wouldn't work if you're running CommandBox as a Windows service or on a headless server like Linux with no GUI!
http://wwvv.codersrevolution.com/blog/create-your-own-desktop-toaster-popups-in-commandbox-servers


Podcast - Working Code Podcast - Episode 006: Hopes For 2021
Oxford Dictionary included "doomscrolling" in their "word of the year" report for 2020; we're all feeling pandemic fatigue; many people still believe in wide-spread election fraud; the Georgia senate race was a nail-biter; and - oh yeah - we recorded this show the day after the storming of the United States capitol building.
It's all been more-than-a-little-bit surreal.
But, in the face of such physically and emotionally trying times, we look forward to a new year of possibility. Whether it's taking control of our finances, finding ways to be more active, building up our personal brand, or becoming the blacksmiths that we always knew we could be, the crew shares their personal and professional / technical goals for this burgeoning new year. As the Phoenix rose from the ashes, so too - we hope - 2021 will rise from the smoldering dumpster fire that was 2020.
https://www.bennadel.com/blog/3969-working-code-podcast-episode-006-hopes-for-2021.htm


Blog - David Byers - Framework Training – Part 3 – Learning How to develop using the ColdBox Framework
My journey into breaking my perceptions of frameworks as cumbersome, and my experience with the Ortus Solutions ColdBox training.
This is the final part of a three part series on my experience with ColdBox training from Ortus Solutions.
https://coldfusion.adobe.com/2021/01/framework-training-part-3-learning-develop-using-coldbox-framework/


Blog - Luis Majano - Ortus Solutions - ColdBox i18n Localization Module v2 Released
After many many months of development, testing and waiting, we are finally able to release a major major update to our localization and internationalization library for ColdBox: cbi18n version 2.x. This release is a huuuge advancement for building localized applications and websites and partly thanks to Mr Wil de Bruin (shiftinsert.nl). This release introduces the ability to use json resource bundles, multiple bundles per module, cbStorages for tracking locales, property inheritance and so much more! There are a few compatibility issues, so make sure you read them to upgrade to version 2.x if not you can easily update using CommandBox:
https://www.ortussolutions.com/blog/coldbox-i18n-localization-module-v2-released



CFML Jobs

Several positions available on https://www.getcfmljobs.com/
Listing over 80 ColdFusion positions from 46 companies across 44 locations in 5 Countries  since July 1st 2020

2 new jobs this week

Full-Time - ColdFusion Sr. Developer at Stennis Space Center, MS - United States
Posted Jan 26
https://www.getcfmljobs.com/jobs/index.cfm/united-states/ColdFusion-Sr-Developer-at-Stennis-Space-Center-MS/11172

Full-Time - ColdFusion Application Developer at Bengaluru, Karnataka - India
Posted Jan 19
https://www.getcfmljobs.com/jobs/index.cfm/india/ColdFusion-Application-Developer-at-Bengaluru-Karnataka/11171


ForgeBox Module of the Week

REST over STOMP by Brad and Ortus Solutions

A ColdBox module to expose remote events via a STOMP websocket over RabbitMQ
https://www.forgebox.io/view/rest-over-stomp



VS Code Hint Tips and Tricks of the Week

Visual Studio IntelliCode by Microsoft

The Visual Studio IntelliCode extension provides AI-assisted development features for Python, TypeScript/JavaScript and Java developers in Visual Studio Code, with insights based on understanding your code context combined with machine learning.

For each supported language, please refer to the "Getting Started" section below to understand any other pre-requisites you'll need to install and configure to get IntelliCode completions.

For TypeScript/JavaScript users:
That's it -- just open a TypeScript or JavaScript file, and start editing.

https://marketplace.visualstudio.com/items?itemName=VisualStudioExptTeam.vscodeintellicode



Thank you to all of our Patreon Supporters

New Patreon Supporter: Leon Seremelis

These individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox, ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox.

You can support us on Patreon here https://www.patreon.com/ortussolutions

Ben Nadel
Brett DeLine
Carl Von Stetten
Charlie Arehart
Da Li
Dan Card
Daniel Garcia
David Belanger
Didier Lesnicki
Don Bellamy
Edgardo Cabezas
Erick Hoffman
Gary Knight
Giancarlo Gomez
Jan Jannek
Jason Daiger
Jeff McClain
Jeremy Adams
Jonas Erickson
Jordan Clark
Joseph Lamoree
Kai Koenig
Laksma Tirtohadi
Leon Seremelis
Mario Rodrigues
Matthew Darby
Matthew Clemente
Mingo Hagen
Patrick Flynn
Ross Phillips
Scott Steinbeck
Shawn Oden
Steven Klotz
John Wilson - Synaptrix
Yogesh Mathur

You can see an up to date list of all sponsors on Ortus Solutions' Website
https://ortussolutions.com/about-us/sponsors