Modernize or Die® - CFML News for November 24th, 2020 - Episode 80

Brad and Gavin host this weeks episode. They discuss several security vulnerabilities and patches, including Lucee and TestBox. They discuss a breaking change in Adobe ColdFusion 2021, and remind you that ColdFusion Builder 2016/2018 is NOT compatible with Big Sur. They discuss how CFWheels released an update, and TryCF now supports ACF 2021 ( completed during the podcast ). They discuss how ColdFusion 2016 support ends in a few months. They ask listeners to like a post on the Sentry site, to get CFML added into the language lists. They remind you about Seattle CFUG's rescheduled Thinkific API is coming to you December 9th. They give you an roundup of CFCasts Content Updates... including the last 2 of the CFConfig series as well as lots of new features on the site, and a teaser about content coming before december. They discuss AWS re:Invent, Into the Box Latam conference, now offering english and spanish as well as Google’s DevFest Silicon Valley. They discuss how the Adobe ColdFusion Certification is still available online. They also discuss Pete Freitag from Foundeo's popular training workshop "Writing Secure CFML" being offered in December, including an early bird price. They spotlight a lot of great blog posts, tweets, videos and podcasts, too many to list, so listen to the show. They announce some jobs from getCfmlJobs.com, as well as a Senior CFML position available at Ortus Solutions. They show off the ForgeBox module of the Week, Orm Reload Interceptor by Eric Peterson, to make reloading your ORM easier. This week's VS Code Tip of the week is Auto Rename Tag by Jun Han, helps to Automatically rename paired HTML/XML tag, same as Visual Studio IDE does. For the show notes - visit the website https://cfmlnews.modernizeordie.io/episodes/modernize-or-die-cfml-news-for-november-24th-2020-episode-80 Music from this podcast used under Royalty Free license from SoundDotCom https://www.soundotcom.com/ and BlueTreeAudio https://bluetreeaudio.com

2020-11-24 Weekly News - Episode 80

Watch the video version on YouTube at https://youtu.be/FdGFGx8Ht7c

Hosts:

Gavin Pickin - Software Consultant for Ortus Solutions
Brad Wood - Software Consultant for Ortus Solutions

Thanks to our Sponsor - Ortus Solutions

Into the Box Latam Dec 3rd and 4th - English and Spanish
CFCasts is releasing new Free and Paid content every week


Patreon Support

We have 34 patreons providing 58% of the funding for our Modernize or Die Podcasts via our Patreon site: https://www.patreon.com/ortussolutions. If you love our podcasts and all we do for the #coldfusion #cfml community considers chipping in, we are almost there!
https://www.ortussolutions.com/blog/we-need-your-help



News and Events


Security Vulnerability Alert - Lucee

We are aware of a potential security vulnerability related to the Lucee Admin. Details of how to exploit this vulnerability will be made public on December 5th, 2020 by a third party, so we are alerting Lucee users to address this potential issue now.
If your Lucee Admin is already locked down, this is not an issue. To lock down your admin, follow the recommendations in the Lucee Lockdown Guide
In addition, we strongly recommend updating to one of the following stable releases which have been patched to address the vulnerability
https://dev.lucee.org/t/lucee-vulnerability-alert-november-2020/7643



TestBox v4.2 Released! - SECURITY UPDATE

We are excited to announce a new minor version release of TestBox version 4.2.x. To install just use CommandBox: install testbox --saveDev or to update your TestBox installation update testbox.
This release includes two important security updates just in case you have deployed TestBox or your tests to production (TESTBOX-294 and TESTBOX-293). Please note, that you should NEVER deploy TestBox and your tests to production. It is a library for development purposes and it has no purpose in being deployed to production servers.
In addition to updating your Testbox installation, you need to update any test browser files that may be in your tests folder. The current version of the Testbox test browser can be found here: https://github.com/Ortus-Solutions/TestBox/blob/development/test-browser/index.cfm

You can avoid installing testbox in production by using the install --production CommandBox command.
https://www.ortussolutions.com/blog/testbox-v42-released



Breaking change in Adobe ColdFusion 2021

Breaking change in CF2021, new dateformat mask of D may be serious problem for old code
Wow. Beware of this subtle breaking change in CF2021, something discovered since its release (was not documented as one of the "new" things, nor was it documented at all in the beta).
Consider this fragment, which could exist in similar form in millions of CFML templates:
dateformat("11-24-20","MM-DD-YY")
See anything wrong? Probably not. It will indeed "work fine" in CF2018 and before, producing 11-24-2020, as most would expect.
But that same code in CF2021 will produces instead 11-329-2020., which virtually no one would expect!
https://www.carehart.org/blog/client/index.cfm/2020/11/24/breaking_change_in_cf2021_dateformat_D_vs_d



ColdFusion Builder 2016/2018 is NOT compatible with Big Sur

#coldfusion #coldfusionbuilder #bigsur #macos ColdFusion Builder is NOT compatible with Big Sur. Before upgrading, check the support matrix. Refer to https://helpx.adobe.com/coldfusion/kb/coldfusion-builder-big-sur.html  We're working on this.



CFWheels 2.2 released

It’s been a while coming. Can I blame the pandemic? Lots of nice little tweaks and fixes in this version. Please see the changelog for all details. It should be an easy upgrade if you’re on 2.0 or 2.1, just swap out the wheels folder.
https://cfwheels.org/blog/cfwheels-2-2-released/



TryCF.com now supports Adobe ColdFusion 2021
https://trycf.com/



Reminder: Updates to ColdFusion 2016 will end Feb 2021

As Charlie Arehart states in his blog: Are you still running ColdFusion 2016? Did you know that its "core" support (meaning, public updates from Adobe) will end in just a couple of months, Feb 21 2021? Same for CFBuilder 2016.
The recent release of CF2021 is a great sign for the continued vitality of CF, but this looming deadline is a reminder that as the years roll on, we not only get new versions but we say good-bye to old ones.
Wondering what you can do? or when CF2018 or CF2021 support ends? And what's the difference between "core" and paid Adobe support plans? For more on these, as well as official Adobe documentation that discusses such things, read on.
https://www.carehart.org/blog/client/index.cfm/2020/11/23/cf2016_support_ends_feb_2021 



Help us get CFML listed on Sentry.io

Giancarlo Gomez started a thread on Sentry.io to get CFML on the Create Project view. As he mentions in the thread, we have a couple of Sentry plugins available, one he created, and one by Brad.
Let’s get behind this thread, like, reply, and make a little noise for CFML.
https://forum.sentry.io/t/adding-coldfusion-as-a-platform/11875



RESCHEDULED - Seattle CFUG - Hands-on deep-dive into interacting with the Thinkific API.

Wednesday, December 9th, 2020
6:00 PM to 7:30 PM PST
RESCHEDULED FROM Wednesday, November 11, 2020
Hosted by - William Frankhouser and Leon O'Daniel
This meeting features an hands-on deep-dive into interacting with the Thinkific API.
Thinkific is one of the top platforms for online course delivery. This meetup builds upon the concepts shared at the October 2020 Seattle ColdFusion User Group Meeting to provide a hands-on experience interacting with the Thinkific API.
https://www.meetup.com/Seattle-ColdFusion-User-Group/events/274050264/





CFCasts Content Updates

We just got major updates!

1) Videos can now be filtered by language
2) A user's language preference is saved in their profile
3) We added a level field to series to specify the difficulty, and much more!
We value your feedback so don't hesitate to contact us

Before the month comes to an end, we have a surprise for you my friends. Our Zero to Hero workshop videos will  be published THIS month! Be on the lookout for our updates.

Configure your CFML Servers with CFConfig
 - Service Layer
 - Practical Uses and Wrap-up

Send your suggestions at https://cfcasts.com/support



Conferences and Training


AWS re:Invent

NOV. 30 – DEC. 18, 2020
Free
Amazon’s Premium Conference is also virtual, and a free 3-week event:
https://reinvent.awsevents.com/



ITB Latam

December 3-4th
Live Virtual Conference in Spanish and English!!!
Price: $7.00
https://latam.intothebox.org/
https://www.ortussolutions.com/events



Google’s DevFest Silicon Valley.

Saturday, December 5, 2020
10:00 AM to 2:00 PM PST
There will be 2 tracks over just 4 hours, with 4 sessions in each track and opening/closing remarks. Short and sweet, and the topics are ones that CFers may find interesting.
https://www.meetup.com/gdg-silicon-valley/events/274388593/



ColdFusion Security Training by Foundeo / Pete Freitag

Writing Secure CFML
A hands-on CFML / ColdFusion Security Training class for developers. Learn how to identify and fix security vulnerabilities in your ColdFusion / CFML applications.
When: Thursday December 10, 2020 @ 11am-2pm & Friday December 11 @ 11am-2pm
(Eastern Standard Time, UTC -5) - 6 hours in total.
Where: Online / Web Conference
Who: Taught by Pete Freitag
Cost: $600 $475 (Early Bird Pricing through Dec 1st)
https://foundeo.com/consulting/coldfusion/security-training/



Adobe ColdFusion Certification now available Online

Adobe Certified Professional: Adobe ColdFusion is an industry-leading certification program from Adobe, for ColdFusion developers. The course consists of 50+ online videos and is designed for professionals who have basic to advanced level proficiency in any computer language and basic understanding of how web pages work. Successfully passing an assessment test at the end of the program will reward participants with a badge and certificate from Adobe.
Introductory Offer: $499
Blog: https://coldfusion.adobe.com/2020/07/coldfusion-certification-online-now/
Register: https://www.adobe.com/products/coldfusion-family/certificate.html


More conferences: https://confs.tech/



Blogs, Tweets and Videos of the Week


Blog - Charlie Arehart - Breaking change in CF2021, new dateformat mask of D may be serious problem for old code
Wow. Beware of this subtle breaking change in CF2021, something discovered since its release (was not documented as one of the "new" things, nor was it documented at all in the beta).
Consider this fragment, which could exist in similar form in millions of CFML templates:
dateformat("11-24-20","MM-DD-YY")
See anything wrong? Probably not. It will indeed "work fine" in CF2018 and before, producing 11-24-2020, as most would expect.
But that same code in CF2021 will produces instead 11-329-2020., which virtually no one would expect!
https://www.carehart.org/blog/client/index.cfm/2020/11/24/breaking_change_in_cf2021_dateformat_D_vs_d   


Blog - Charlie Arehart - Be aware that updates to ColdFusion 2016 will end Feb 2021
Are you still running ColdFusion 2016? Did you know that its "core" support (meaning, public updates from Adobe) will end in just a couple of months, Feb 21 2021? Same for CFBuilder 2016.
The recent release of CF2021 is a great sign for the continued vitality of CF, but this looming deadline is a reminder that as the years roll on, we not only get new versions but we say good-bye to old ones.
Wondering what you can do? or when CF2018 or CF2021 support ends? And what's the difference between "core" and paid Adobe support plans? For more on these, as well as official Adobe documentation that discusses such things, read on.
https://www.carehart.org/blog/client/index.cfm/2020/11/23/cf2016_support_ends_feb_2021


Blog - DopeFly Nathan Strutz - I teach coding to high school students
Let me start by saying that we home school. And not just this year.
Initially it was out of a desire to keep our first kid ahead of the learning curve. This smart one was reading before kindergarten. Hey it worked - she graduated a year early and is making her way through college.
Something unexpected that came from this screwball 2020 year was the opportunity to teach a class at a home school co-op. This is essentially a one-day-a-week school experience that teaches those subjects that parents don’t want to do at home. We unashamedly use this for English classes, among a few other things. Families can pick up a class here or there, or build their entire curriculum out of it. There’s nothing home schoolers cherish more than the freedom to make educational choices for themselves, so this works for a lot of people.
https://www.dopefly.com/techblog/397/I-teach-coding-to-high-school-students


Blog - Wil De Bruin - cbOrm: populating new objects
In the past I’ve been using cborm a lot, since it makes handling coldfusion (hibernate) ORM so much easier. But lucee support for ORM was less than optimal in a multi-datasource environment, so I decided to rewrite this application more or less according to the fluent API approach as demonstrated by Gavin Pickin at ITB 2020. In this coding style I have two quite efficient ways of populating a new object
https://shiftinsert.nl/cborm-populating-new-objects/


Blog - Wil De Bruin - Arguments in arguments
I have to admit. This is not the most useful post I ever wrote, but today I discovered something funny but interesting when I tried to fix some small bug. I was working with the bcrypt module. If you don’t know what this module is doing: it is a very secure way for hashing passwords, and since checking the validity of your password is relatively slow it is quite useful to prevent password cracking. Before diving into bugfixing let’s see what bcrypt is doing. It is a coldbox module and only has a few relevant functions
https://shiftinsert.nl/arguments-in-arguments/


Blog - Wil De Bruin - Protecting your passwords with bCrypt.
We all know. We should never ever store a plaintext password in a database. If a hacker gains access to your data you will be in serious trouble. There are many ways to protect your data, but at least you should make sure your passwords are not readable. In the past we did this by some simple hashing, but modern computers are so fast it is easy to do some password cracking. In time it even gets easier because processors are becoming faster and faster. Another disadvantage: simple hashing will reveal some records with the same passwords. These are often the easiest to guess or crack by brute force. So we need something better.
https://shiftinsert.nl/protecting-your-passwords-with-bcrypt/


Live stream - Matthew Clemente - Building a CommandBox Custom Command to Generate Markdown Docs (Learning by Trial and Error)
At Adobe ColdFusion Summit this week, I gave a session on building tools with CommandBox. As a follow-up, I thought it might be worthwhile to live-stream while working on a Custom Command. So, I'll be working on a command to generate markdown documentation from CFCs (which will make it easier for me to document the API wrappers I write).
https://www.youtube.com/watch?v=R25ULWBwx6A&feature=youtu.be
https://forgebox.io/view/commandbox-cfc-to-markdown-docs


Blog - TeraTech - Adobe ColdFusion 2021, in the Cloud
In case you missed it, Adobe has made a change, from CF 2020 to CF 2021.
Just a few days before ColdFusion Summit 2020, Adobe ColdFusion 2021 has seen the light of day. Without being pompous and without any huge announcement, we are seeing this new version, previously named Project Stratus. Let's see what we know so far, and what can we expect from it.
https://teratech.com/adobe-coldfusion-2021


Blog - Luis Majano - Ortus Solutions - TestBox v4.2 Released!
We are excited to announce a new minor version release of TestBox version 4.2.x. To install just use CommandBox: install testbox --saveDev or to update your TestBox installation update testbox.
This release includes two important security updates just in case you have deployed TestBox or your tests to production (TESTBOX-294 and TESTBOX-293). Please note, that you should NEVER deploy TestBox and your tests to production. It is a library for development purposes and it has no purpose in being deployed to production servers.
In addition to updating your Testbox installation, you need to update any test browser files that may be in your tests folder. The current version of the Testbox test browser can be found here: https://github.com/Ortus-Solutions/TestBox/blob/development/test-browser/index.cfm   
You can avoid installing testbox in production by using the install --production CommandBox command.
https://www.ortussolutions.com/blog/testbox-v42-released 


Blog - Ben Nadel - Lists - The Unsung Heroes Of ColdFusion And Lucee CFML
When you first start programming in ColdFusion, you tend to lean very heavily on the idea that "everything is a String". Then, as you become more experienced, you learn that String-manipulation is relatively slow; and, you start to use more complex data structures like Arrays and Structs where possible. But, as I was reminded yesterday in a conversation with fellow InVsion engineer, Shawn Grigson, Strings - and more specifically Lists - are an amazing part of the ColdFusion runtime. In fact, I'd go so far as to say they are the unsung heroes of the ColdFusion and Lucee CFML worlds. As such, I thought it would be fun to reflect on where I use lists in my day-to-day ColdFusion programming.
https://www.bennadel.com/blog/3928-lists-the-unsung-heroes-of-coldfusion-and-lucee-cfml.htm


Blog - Fusion Reactor - ColdFusion 2018 vs Lucee Comparison
Adobe ColdFusion and Lucee are two leading web application development tools based on CFML (ColdFusion Markup Language) code. Adobe ColdFusion was initially developed to connect HTML and the database easily. With the release of Adobe ColdFusion 2018, a full-blown scripting language with CFML is incorporated along with an IDE. Further, the platform has been updated and enhanced to build more modularized, maintainable, and responsive web applications.
The popularity of CF led to the development of many open-sourced platforms, among which Lucee became a strong competitor for Adobe ColdFusion. Lucee stands up as an alternative CFML engine that employs dynamically typed scripting language for the Java Virtual Machine for the rapid development of web applications.
This article shall give you a briefing on both software by comparing and contrasting each other based on the below concerns.
http://www.fusion-reactor.com/blog/adobe-coldfusion-2018-versus-lucee/



CFML Jobs

Several positions available on https://www.getcfmljobs.com/
Listing over 45 ColdFusion positions from 29 companies across 24 locations in 5 Countries since July 1st

3 new jobs this week.

Full-Time - REMOTE ColdFusion Developer at Frederick - United States
Posted Nov 21
https://www.getcfmljobs.com/jobs/index.cfm/united-states/Remote-CFDev-US/11137

Full-Time - Senior Full Stack Developer at Remote - Canada
Posted Nov 20
https://www.getcfmljobs.com/jobs/index.cfm/canada/Sr-FullStackDev/11136

Full-Time - Coldfusion Developer_Immediate Joiners Only!! at Bengaluru, ..- India
Posted Nov 19
https://www.getcfmljobs.com/jobs/index.cfm/india/Coldfusion-DeveloperImmediate-Joiners-Only-at-Bengaluru-Karnataka/11135



Ortus is hiring: Senior ColdFusion CFML Developer

At Ortus you will be:
Modernizing web applications and helping companies move out of legacy hell
Teaming up with ColdFusion Experts in order to solve complex web development problems.
Testing and integrating new web technologies in order to create custom business implementations
Pushed to innovate constantly and create new solutions to web development problems
Leading project teams that deliver software that matters

US Timezone availability is a must
US Citizen or Resident or Work Visa is a must
https://www.ortussolutions.com/about-us/careers



ForgeBox Module of the Week

Orm Reload Interceptor by Eric Peterson

ORMReload with a URL flag - Just like you can add fwreinit=my_passsword to the URL to reload your ColdBox application, this module adds an interceptor that lets you specify ormreload=my_orm_reload_password.
The interceptor will work out of the box with no password set.
f you want to set the reload password, override the interceptor in your config/Coldbox.cfc settings

ORMReload on FWReinit - Installing this module will also automatically call ormReload() on a fwreinit (?fwreinit=1). You can override this setting by overriding the interceptor in your config/Coldbox.cfc settings, as well

box install orm-reload-interceptor

https://www.forgebox.io/view/orm-reload-interceptor



VS Code Hint Tips and Tricks of the Week

Auto Rename Tag by Jun Han

4 million + installs
Automatically rename paired HTML/XML tag, same as Visual Studio IDE does.

https://marketplace.visualstudio.com/items?itemName=formulahendry.auto-rename-tag   




Thank you to all of our Patreon Supporters

These individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox, ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox.

You can support us on Patreon here https://www.patreon.com/ortussolutions


Ben Nadel
Brett DeLine
Carl Von Stetten
Charlie Arehart
Da Li
Dan Card
Daniel Garcia
David Belanger
Didier Lesnicki
Don Bellamy
Edgardo Cabezas
Erick Hoffman
Gary Knight
Giancarlo Gomez
Jan Jannek
Jason Daiger
Jeff McClain
Jeremy Adams
Jonas Erickson
Jordan Clark
Joseph Lamoree
Kai Koenig
Laksma Tirtohadi
Mario Rodrigues
Matthew Darby
Matthew Clemente
Mingo Hagen
Patrick Flynn
Ross Phillips
Scott Steinbeck
Shawn Oden
Steven Klotz
Synaptrix
Yogesh Mathur

You can see an up to date list of all sponsors on Ortus Solutions' Website
https://ortussolutions.com/about-us/sponsors

★ Support this podcast on Patreon ★

Switch to Modernize or Die ® Podcast - SoapBox Edition - Switch to Modernize or Die ® Podcast - Conference Edition

Powered by

Music from this podcast used under Royalty Free license from SoundDotCom and BlueTreeAudio

© 2019 Ortus Solutions