2023-12-05 Weekly News — Episode 208

Watch the video version on YouTube at https://youtube.com/live/WHVwcHtf_gA?feature=share
 
Hosts: 

Thanks to our Sponsor - Ortus Solutions
The makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there. 
A few ways  to say thanks back to Ortus Solutions:

Patreon Support ()

We have 42 patreons:
https://www.patreon.com/ortussolutions.

News and Announcements

Adobe ColdFusion flaw exploited in US government agency attacks
Adobe released a security update for the vulnerability (CVE-2023-26360) that the attackers exploited in March this year. At that time, the vulnerability was already used in zero-day attacks.
Following the FCEB agency’s investigation, analysis of network logs confirmed the compromise of at least two public-facing servers within the environment between June and July 2023.
https://stackdiary.com/adobe-coldfusion-flaw-exploited-in-us-government-agency-attacks/
https://www.cisa.gov/news-events/alerts/2023/12/05/cisa-releases-advisory-threat-actors-exploiting-cve-2023-26360-vulnerability-adobe-coldfusion

CISA has issued an alert regarding multiple vulnerabilities impacting Adobe ColdFusion.
CISA has issued an alert regarding multiple vulnerabilities impacting Adobe ColdFusion. The alert underscores that the exploitation of the vulnerabilities could grant threat actors control over affected systems, prompting organizations to take measures to protect their systems.

Adobe ColdFusion serves as a rapid scripting environment for developing dynamic internet applications on both web and mobile platforms, utilizing ColdFusion Markup Language (CFML).

The security update addresses a range of vulnerabilities, including critical, high, and medium severity issues. These vulnerabilities have the potential to enable threat actors to access specific endpoints or execute arbitrary code, without requiring user interaction.
https://socradar.io/cisa-alert-serious-vulnerabilities-in-adobe-coldfusion-cve-2023-44350-cve-2023-44351-cve-2023-44353-and-more/


Ben Nadel wrote a Book - Early Access: Feature Flags - From Concept To Cultural Revolution
Almost 3-months ago, I announced that I was writing a book on Feature Flags. This morning, I'm thrilled to announce that I have an early access version available for purchase. This is a PDF version; and, the formatting is a bit rough around the edges. But, the content is all there. And, if you pick-up the book now (at a deep discount), you'll automatically get access to future versions.
https://www.bennadel.com/blog/4531-early-access-feature-flags-from-concept-to-cultural-revolution.htm

New Releases and Updates

Update your servers with the below updates
ICYMI - Adobe November Updates - Security Fixes
Adobe for ColdFusion 2023 (update 6) and 2021 (update 12)
Previous versions no longer receive security updates!!!

CommandBox has already been updated


Security updates available for Adobe ColdFusion | APSB23-52 - https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html

https://community.adobe.com/t5/coldfusion-discussions/now-live-adobe-coldfusion-2023-and-2021-november-security-updates/m-p/14233917#M196421

Note: Reported WDDX related issues by some customers

More details from Charlie Arehart: https://www.carehart.org/blog/2023/11/14/cf_security_updates_nov_2023#more

ICYMI - ColdBox 7.2.0 Released

Welcome to ColdBox 7.2.0, which packs a big punch on stability and tons of new features.
Includes lots of updates for all the core products: ColdBox, WireBox, CacheBox, and LogBox.
ColdBox, 10 new features, 6 improvements and 4 bug fixes
LogBox has 3 new features, 4 improvements, 2 bug fixes and a task
With WireBox including a new feature and CacheBox has an Improvement.
https://coldbox.ortusbooks.com/readme/release-history/whats-new-with-7.2.0

Webinar / Meetups and Workshops

ColdFusion Security Training
Writing Secure CFML with Pete Freitag
A hands-on CFML / ColdFusion Security Training class for developers. Learn how to identify and fix security vulnerabilities in your ColdFusion / CFML applications.

Where: Online
When: Tuesday December 12, 2023 @ 11am-2pm EST & Wednesday December 13 @ 11am-2pm
Price: $899 per student
https://foundeo.com/consulting/coldfusion/security-training/

The class will be recorded, so if you cannot attend it fully online you will have access to a recording.

Hawaii ColdFusion Meetup Group - InertiaJS and ColdFusion with Eric Peterson
December 15th
InertiaJS is a new JavaScript framework made for people who don’t really need an API but want to use a modern JavaScript framework like React or Vue as their view layer. Inspired by libraries like Turbolinks, InteriaJS makes your app behave like a SPA while still being a fully sever-rendered app.
https://www.meetup.com/hawaii-coldfusion-meetup-group/events/297584413/

CFCasts Content Updates

https://www.cfcasts.com

Recent Releases

Coming Soon

Conferences and Training

ICYMI - Into the Box LATAM - Recap from Grant
November 30th
University of Business in El Salvador.
https://latam.intothebox.org/


ICYMI - Adobe ColdFusion India Summit 2023
December 2nd, 2023
Register for Free
Location: Bengaluru, India
https://cf-indiasummit-2023.attendease.com/
https://twitter.com/mishrabagish/status/1730801813547339927/photo/1

ITB 2024

More conferences

Need more conferences, this site has a huge list of conferences for almost any language/community.
https://confs.tech/


Blogs, Tweets, and Videos of the Week

12/05/23 - Blog - Stackdiary - Adobe ColdFusion flaw exploited in US government agency attacks
Adobe released a security update for the vulnerability (CVE-2023-26360) that the attackers exploited in March this year. At that time, the vulnerability was already used in zero-day attacks.
Following the FCEB agency’s investigation, analysis of network logs confirmed the compromise of at least two public-facing servers within the environment between June and July 2023.
https://stackdiary.com/adobe-coldfusion-flaw-exploited-in-us-government-agency-attacks/


11/30/23 - Blog - Ben Nadel - Multi-Var Assignments In A Single Line In ColdFusion
The other day, when I was looking up some operators for my post on natural language operators in ColdFusion, I saw something in the documentation that surprised me: ColdFusion has the ability to assign multiple Function-local variables in a single line. It's a very strange notation, so I'll probably never use it. But, since it surprised me, I figured there's other people out there who have never seen it.
https://www.bennadel.com/blog/4535-multi-var-assignments-in-a-single-line-in-coldfusion.htm


11/29/23 - Blog - Ben Nadel - Reflecting On Natural Language Operators In ColdFusion
The other day, on the Lucee Dev Forum, I suggested that ColdFusion might benefit from having starts with and ends with operators. These would fall under the "natural language" operators, in that they read like normal human language, not computer jargon. But, my suggestion is somewhat fraudulent considering the fact that I never use the natural language operators in ColdFusion. This conversation, however, gave me pause to reflect on this choice more deeply.
https://www.bennadel.com/blog/4534-reflecting-on-natural-language-operators-in-coldfusion.htm


11/28/23 - Tweet - Cameron Childress - This is a pretty solid writeup about refactoring a legacy stateful app into a stateless one. I'm looking at you #coldfusion developers!
https://aws.amazon.com/blogs/architecture/converting-stateful-application-to-stateless-using-aws-services/
https://x.com/cameronc/status/1729577651772289395?s=20


11/28/23 - Blog - Ben Nadel - The RegEx Of Everyday Things - Great cheat sheet
I'm a massive fan of Regular Expressions. I started learning about them 20-years ago for the purposes of data cleaning at Nylon Technology; and, since then, not a day goes by where I don't use them in some form. A lot of engineers view pattern matching as a dark art; and, there's no question that RegEx patterns can be very complicated. But, they don't have to be. Simple patterns can still add a lot value in your every day engineering life. And, there's no place where this rings more true than in your "Code Search".
https://www.bennadel.com/blog/4532-the-regex-of-everyday-things.htm

11/27/23 - Blog - Ben Nadel - Early Access: Feature Flags - From Concept To Cultural Revolution
Almost 3-months ago, I announced that I was writing a book on Feature Flags. This morning, I'm thrilled to announce that I have an early access version available for purchase. This is a PDF version; and, the formatting is a bit rough around the edges. But, the content is all there. And, if you pick-up the book now (at a deep discount), you'll automatically get access to future versions.
https://www.bennadel.com/blog/4531-early-access-feature-flags-from-concept-to-cultural-revolution.htm

11/23/23 - Blog - SOCRadar - CISA Alert: Serious Vulnerabilities in Adobe ColdFusion (CVE-2023-44350, CVE-2023-44351, CVE-2023-44353 and More)
CISA has issued an alert regarding multiple vulnerabilities impacting Adobe ColdFusion. The alert underscores that the exploitation of the vulnerabilities could grant threat actors control over affected systems, prompting organizations to take measures to protect their systems.
Adobe ColdFusion serves as a rapid scripting environment for developing dynamic internet applications on both web and mobile platforms, utilizing ColdFusion Markup Language (CFML).
The security update addresses a range of vulnerabilities, including critical, high, and medium severity issues. These vulnerabilities have the potential to enable threat actors to access specific endpoints or execute arbitrary code, without requiring user interaction.
https://socradar.io/cisa-alert-serious-vulnerabilities-in-adobe-coldfusion-cve-2023-44350-cve-2023-44351-cve-2023-44353-and-more/

11/23/23 - Tweet - Ortus Solutions - Unleash the power of a Headless CMS with Luis Majano at #WeyWeyWeb23! 🚀
Revolutionize content management by decoupling creation from presentation, delivering seamlessly across platforms.
#Coldfusion #CFML
https://x.com/ortussolutions/status/1727742897775169987?s=20

CFML Jobs

Several positions available on https://www.getcfmljobs.com/

Listing over 112 ColdFusion positions from 68 companies across 48 locations in 5 Countries.

3 new jobs listed in the last few weeks

Peter Amiri Job Posting
Full-Time - Senior ColdFusion Developer at CA, TX, GA, FL, NJ, IN - United States
Posted Dec 01
https://www.getcfmljobs.com/jobs/index.cfm/united-states/Senior-ColdFusion-Developer-at-US/11623

Full-Time - ColdFusion Mid. Web Applications Developer/Supervisor at Pun.. - India
Posted Dec 01
https://www.getcfmljobs.com/jobs/index.cfm/india/ColdFusion-Mid-Web-Applications-DeveloperSupervisor-at-Pune-Maharashtra/11624

Full-Time - Web Application Developer - ColdFusion at Phoenix, AZ - United States
Posted Nov 28
https://www.getcfmljobs.com/jobs/index.cfm/united-states/Web-App-Developer-ColdFusion//11622

Other Job Links
There is a jobs channel in the CFML slack team, and in the Box team slack now too


ForgeBox Module of the Week

commandbox-apiman

Apiman is a curl-like application that can be executed from the commandbox commandline.

Usage: apiman <verb> <url>

Supported commandline flags

-q: Query params - Set a semicolon separated list of query params for the request.
-c: Cookies - Set a semicolon separated list of cookies for the request.
-h: Headers - Set a semicolon separated list of headers for the request.
-f: Form Fields - Set a semicolon separated list of form fields for the request. Only valid for POST/PUT operations.
-d: Data - Set raw data for the body of a request. Only valid for POST/PUT operations.
-u: User - Set the username for the request.
-p: Passord - Set the password for the request.
-showHeaders: Shows the response headers for the request.

https://www.forgebox.io/view/commandbox-apiman

VS Code Hint Tips and Tricks of the Week

Gremlins tracker for Visual Studio Code
This Visual Studio Code extension reveals some characters that can be harmful because they are invisible or looking like legitimate ones.

Features

https://marketplace.visualstudio.com/items?itemName=nhoizey.gremlins


Thank you to all of our Patreon Supporters

These individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox,  ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox.

You can support us on Patreon here https://www.patreon.com/ortussolutions


Don’t forget, we have Annual Memberships, pay for the year and save 10% - great for businesses everyone.

And many more Patreons

You can see an up to date list of all sponsors on Ortus Solutions' Website
https://ortussolutions.com/about-us/sponsors

Thanks and Happy Holidays everyone!!!