2023-02-07 Weekly News - Episode 183

Watch the video version on YouTube at https://youtube.com/live/yAG1d0bplxM?feature=share

Hosts: 

Thanks to our Sponsor - Ortus Solutions

The makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there. 
A few ways  to say thanks back to Ortus Solutions:

 
Patreon Support ( NOBLE )
Goal 1 - We have 42 patreons providing 100% of the funding for our Modernize or Die Podcasts via our Patreon site: https://www.patreon.com/ortussolutions.
Goal 2 - We are 37% of the way to fully fund the hosting of ForgeBox.io



News and Announcements


Authentication Bypass Vulnerability in Mura CMS and Masa CMS – Preliminary Security Advisory
Multiple versions of Mura CMS and Masa CMS contain an authentication bypass vulnerability that can allow an  unauthenticated attacker to login as any Site Member or System User.
This is a preliminary security advisory, and is being shared so that impacted organizations can update and patch as needed.  Additional technical details will be released on March 6, 2023.
https://coldfusion.adobe.com/2023/01/muracms/


State of the CF Union 2023 Released
Help us find out the state of the CF Union – what versions of CFML Engine do people use, what frameworks, tools etc.

https://teratech.com/state-of-the-cf-union-2023-survey


CF Summit East Announced
Thursday, April 6, 2023
8:00am - 4:00pm
Marriott Marquis Washington, DC
Complimentary; breakfast and lunch will be provided
https://carahevents.carahsoft.com/Event/Details/341389-adobe


Join ColdBox Developer Group on LinkedIn
https://www.linkedin.com/groups/154117/


CFML Slack Inviter App - New Link
Since the Heroku free tier went away, the #CFML Slack inviter app disappeared. You can join that Slack via http://cfml-slack.net  which redirects to a Slack invite link now. #coldfusion #lucee
BoxTeam new link coming soon


ICYMI - CommandBox settings Sync Feature
A new CommandBox feature has been born to sync your config settings to your ForgeBox account!
https://ortussolutions.atlassian.net/browse/COMMANDBOX-1434


ICYMI - Ortus Community Forum now has Chat!
The Community Forum recently got an update that includes a chat feature.
https://community.ortussolutions.com/


New Releases and Updates

FusionReactor 9.2.1 update released
If you're using FusionReactor, note that a new 9.2.1 update was released last week, Jan 31, with a couple of bug fixes--including one where you may need to add a JVM arg to prevent an error, in a certain case as I will discuss.

https://www.carehart.org/blog/2023/2/6/fusionreactor_9_2_1_released 


ICYMI - CBSecurity 3 Released
We are incredibly excited to release CBSecurity 3. This is a significant release with over six months of work invested in it. We have completely revamped our security module to make ColdBox applications secure, flexible, and ready for the upcoming ColdBox 7 release. The first major announcement for this release is that we have a brand-new logo!

https://www.ortussolutions.com/blog/cbsecurity-3x-released


Webinar / Meetups and Workshops

Ortus Event Calendar for Google
https://calendar.google.com/calendar/u/0?cid=Y181NjJhMWVmNjFjNGIxZTJlNmQ4OGVkNzg0NTcyOGQ1Njg5N2RkNGJiNjhjMTQwZjc3Mzc2ODk1MmIyOTQyMWVkQGdyb3VwLmNhbGVuZGFyLmdvb2dsZS5jb20
 

Ortus Fridays are back in Full Effect in 2023

Conferences and Training


THIS WEEK - VUEJS AMSTERDAM 2023
9-10 February 2023, Theater Amsterdam
World's Most Special and Largest Vue Conference
https://vuejs.amsterdam/


Github Galaxy
March 28th, 2023
Save the date for our global enterprise event focused on improving efficiency, security, and developer productivity.
GitHub Galaxy—formerly known as GitHub InFocus—is new and reimagined.
Virtual registration is right around the corner.
VIP summits: Join us in-person for a VIP summit near you, with breakout sessions, networking, and more for enterprise leaders.
https://galaxy.github.com/

Dev Nexus
April 4-6th, 2023 in Atlanta
Georgia World Congress Center
285 Andrew Young International Blvd NW
Atlanta, GA 30313
https://devnexus.com/


VueJS Live
MAY 12 & 15, 2023
ONLINE + LONDON, UK
CODE / CREATE / COMMUNICATE
35 SPEAKERS, 10 WORKSHOPS
10000+ JOINING ONLINE GLOBALLY
300 LUCKIES MEETING IN LONDON
https://vuejslive.com/


Into the Box 2023 - 10th Edition
May 17-19, 2023
The conference will be held in The Woodlands (Houston), Texas
This year we will continue the tradition of training and offering a pre-conference hands-on training day on May 17th and our live Mariachi Band Party! However, we are back to our Spring schedule and beautiful weather in The Woodlands! Also, this 2023 will mark our 10 year anniversary. So we might have two live bands and much more!!!

CLOSED -  call for speakers for the Into The Box Conference for 2023
Sessions announced Soon.

https://www.intothebox.org/blog/into-the-box-2023-call-for-speakers
https://itb2023.eventbrite.com/


VueConf.us
NEW ORLEANS, LA • MAY 24-26, 2023
Jazz. Code. Vue.
Workshop day: May 24
Main Conference: May 25-26
https://vueconf.us/


CFCamp is back
June, 22-23rd 2023
Marriott Hotel Munich Airport, Freising
Call for Speakers is now open!
https://www.papercall.io/cfcamp2023
https://www.cfcamp.org/


More conferences

Need more conferences, this site has a huge list of conferences for almost any language/community.
https://confs.tech/
https://github.com/scraly/developers-conferences-agenda


Blogs, Tweets, and Videos of the Week


2/7/23 - Blog - Ben Nadel - Rendering A Local TimeStamp With Stimulus Using Hotwire And Lucee CFML
So far, in my exploration of Hotwire, I've looked at several features of Turbo Drive including partial rendering with Turbo Frames and dynamically updating the page with Turbo Streams. According to David Heinemeier Hansson (DHH), the Turbo family of features should get you 90% of the way through your application development. But, that last 10% of features needs to be implemented with custom JavaScript. And for this, Hotwire provides Stimulus controllers; or, what the Rails community refers to as "JavaScript sprinkles". To start looking at Stimulus, I wanted to create a demo that takes a ColdFusion provided UTC millisecond value and renders it in the user's local timezone.

https://www.bennadel.com/blog/4401-rendering-a-local-timestamp-with-stimulus-using-hotwire-and-lucee-cfml.htm

2/6/23 - Blog - Charlie Arehart - New URL for signing up to the CFML Slack: cfml-slack.net
TLDR; the URL for joining the CFML Slack workspace and channels has changed. If you want to join the CFML Slack, use the form at cfml-slack.net. As some may have noticed, the old URL for joining (cfml-slack.herokuapp.com) no longer works.
Since it's mentioned in many places on the web, I wanted to help spread this news. This cfml-slack.net URL replaces that, while the URL for the CFML Slack channel itself is unchanged: cfml.slack.com.
https://www.carehart.org/blog/2023/2/6/new_url_for_cfml_slack_signup


2/6/23 - Blog - Charlie Arehart - FusionReactor 9.2.1 update released
If you're using FusionReactor, note that a new 9.2.1 update was released last week, Jan 31, with a couple of bug fixes--including one where you may need to add a JVM arg to prevent an error, in a certain case as I will discuss.

https://www.carehart.org/blog/2023/2/6/fusionreactor_9_2_1_released


2/3/23 - Blog - Ben Nadel - Dynamically Updating Views With Turbo Streams Using Hotwire And Lucee CFML
As I demonstrated in my earlier post, Turbo Frames can be used to swap portions of a view using the response from a GET page request. Hotwire takes that concept a step further with Turbo Streams. In response to a POST form submission, a series of <turbo-stream> elements can define multiple, independent mutations that Hotwire will perform on the currently rendered view. I wanted to explore the Turbo Streams mechanics in Lucee CFML.

https://www.bennadel.com/blog/4400-dynamically-updating-views-with-turbo-streams-using-hotwire-and-lucee-cfml.htm 


1/31/23 - Blog - Luis Majano - Ortus Solutions - CBSecurity 3 Released
We are incredibly excited to release CBSecurity 3. This is a significant release with over six months of work invested in it. We have completely revamped our security module to make ColdBox applications secure, flexible, and ready for the upcoming ColdBox 7 release. The first major announcement for this release is that we have a brand-new logo!

https://www.ortussolutions.com/blog/cbsecurity-3x-released


1/31/23 - Blog - Brian Reilly - Authentication Bypass Vulnerability in Mura CMS and Masa CMS – Preliminary Security Advisory
Multiple versions of Mura CMS and Masa CMS contain an authentication bypass vulnerability that can allow an  unauthenticated attacker to login as any Site Member or System User.
This is a preliminary security advisory, and is being shared so that impacted organizations can update and patch as needed.  Additional technical details will be released on March 6, 2023.
https://coldfusion.adobe.com/2023/01/muracms/


CFML Jobs

Several positions available on https://www.getcfmljobs.com/
Listing over 48 ColdFusion positions from 29 companies across 23 locations in 5 Countries.

0 new jobs listed this week

Other Job Links

ForgeBox Module of the Week

UIME

A simple templating tool for Coldbox apps.

Tools like Bootstrap make it easy to create user interfaces which are responsive, consistent and so on. However, you still need to get the HTML and class names correct which means referencing the web site, perhaps copying and pasting and so on. This is fine but if you're more at home with JSON than CSS, this time spent can feel like diving into another language.

UIME components accept a JSON object with some required keys and return the boiler plate HTML from the Bootstrap 5 library. This is by no means complete but I'll flesh it out as needed. PRs welcome. :)

Each component accepts the basic data that it needs to create its element as well as an id and class list to be added to the top element.

https://www.forgebox.io/view/uime


VS Code Hint Tips and Tricks of the Week

Dev Containers

Visual Studio Code Dev Containers
The Dev Containers extension lets you use a Docker container as a full-featured development environment. Whether you deploy to containers or not, containers make a great development environment because you can:

Develop with a consistent, easily reproducible toolchain on the same operating system you deploy to.
Quickly swap between different, separate development environments and safely make updates without worrying about impacting your local machine.
Make it easy for new team members / contributors to get up and running in a consistent development environment.
Try out new technologies or clone a copy of a code base without impacting your local setup.

https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers


Thank you to all of our Patreon Supporters

These individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox,  ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox.

You can support us on Patreon here https://www.patreon.com/ortussolutions

Don’t forget, we have Annual Memberships, pay for the year and save 10% - great for businesses.

And many more Patreons
You can see an up to date list of all sponsors on Ortus Solutions' Website
https://ortussolutions.com/about-us/sponsors



Homework