Modernize or Die® - CFML News Podcast for February 7th, 2023 - Episode 183
Gavin Pickin and Dan Card host this week's CFML News Podcast
They discuss a Mura/Masa CMS Vulnerability, State of the CF Union 2023 Survey being released, and CF Summit East being announced.
They let you know how to signup for the CFML Slack and BoxTeam Slack after the old Heroku links died, and invited you to join a ColdBox dev group on Linked In.
They announced a FusionReactor 9.2.1 update, and a blog post on the CBSecurity 3 release.
Webinars / Meetups and Workshops - Ortus Fridays back in January 2023 - with Software Craftsmanship Book club coming up and February Ortus Webinar - planning to be with Luis Majano on CBSecurity 3 - To Be Confirmed.
Conferences
They discussed upcoming conferences including VueJS Amsterdam, Github Galaxy, VueJS Live, Dev Nexus 2023, VueConf.Us and ITB 2023 and CFCamp.
They discussed what's new and coming soon with CFCasts.
They spotlight a lot of great blog posts, tweets, videos and podcasts, too many to list, so listen to the show.
They announce some jobs from getCfmlJobs.com and on the web.
They show off the ForgeBox module of the Week - UIME - A simple templating tool for Bootstrap UI components to help you in your Coldbox apps.
This week's VS Code Tip of the week is - Dev Containers - The Dev Containers extension lets you use a Docker container as a full-featured development environment. Whether you deploy to containers or not, containers make a great development environment for lots of reasons.
They talked a little information about perks for their Patreon supporters, including Annual Memberships with a discount... and now new perks like the BoxTeam Slack Channel and live streams.
For the show notes - visit the website
https://cfmlnews.modernizeordie.io/episodes/modernize-or-die-cfml-news-podcast-for-february-7th-2023-episode-183
Music from this podcast is used under Royalty Free license from SoundDotCom https://www.soundotcom.com/ and BlueTreeAudio https://bluetreeaudio.com
2023-02-07 Weekly News - Episode 183
Watch the video version on YouTube at https://youtube.com/live/yAG1d0bplxM?feature=share
Hosts:
Watch the video version on YouTube at https://youtube.com/live/yAG1d0bplxM?feature=share
Hosts:
- Gavin Pickin - Senior Developer at Ortus Solutions
- Dan Card - Senior Developer at Ortus Solutions
Thanks to our Sponsor - Ortus Solutions
The makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there.
A few ways to say thanks back to Ortus Solutions:
- Like and subscribe to our videos on YouTube.
- Help ORTUS reach for the Stars - Star and Fork our Repos
- Star all of your Github Box Dependencies from CommandBox with https://www.forgebox.io/view/commandbox-github
- Subscribe to our Podcast on your Podcast Apps and leave us a review
- Sign up for a free or paid account on CFCasts, which is releasing new content every week
- BOXLife store: https://www.ortussolutions.com/about-us/shop
- Buy Ortus’s Books
- 102 ColdBox HMVC Quick Tips and Tricks on GumRoad (http://gum.co/coldbox-tips)
- Learn Modern ColdFusion (CFML) in 100+ Minutes - Free online https://modern-cfml.ortusbooks.com/ or buy an EBook or Paper copy https://www.ortussolutions.com/learn/books/coldfusion-in-100-minutes
Patreon Support ( NOBLE )
Goal 1 - We have 42 patreons providing 100% of the funding for our Modernize or Die Podcasts via our Patreon site: https://www.patreon.com/ortussolutions.
Goal 2 - We are 37% of the way to fully fund the hosting of ForgeBox.io
News and Announcements
Authentication Bypass Vulnerability in Mura CMS and Masa CMS – Preliminary Security Advisory
Multiple versions of Mura CMS and Masa CMS contain an authentication bypass vulnerability that can allow an unauthenticated attacker to login as any Site Member or System User.
This is a preliminary security advisory, and is being shared so that impacted organizations can update and patch as needed. Additional technical details will be released on March 6, 2023.
https://coldfusion.adobe.com/2023/01/muracms/
State of the CF Union 2023 Released
Help us find out the state of the CF Union – what versions of CFML Engine do people use, what frameworks, tools etc.
https://teratech.com/state-of-the-cf-union-2023-survey
CF Summit East Announced
Thursday, April 6, 2023
8:00am - 4:00pm
Marriott Marquis Washington, DC
Complimentary; breakfast and lunch will be provided
https://carahevents.carahsoft.com/Event/Details/341389-adobe
Join ColdBox Developer Group on LinkedIn
https://www.linkedin.com/groups/154117/
CFML Slack Inviter App - New Link
Since the Heroku free tier went away, the #CFML Slack inviter app disappeared. You can join that Slack via http://cfml-slack.net which redirects to a Slack invite link now. #coldfusion #lucee
BoxTeam new link coming soon
ICYMI - CommandBox settings Sync Feature
A new CommandBox feature has been born to sync your config settings to your ForgeBox account!
https://ortussolutions.atlassian.net/browse/COMMANDBOX-1434
ICYMI - Ortus Community Forum now has Chat!
The Community Forum recently got an update that includes a chat feature.
https://community.ortussolutions.com/
New Releases and Updates
FusionReactor 9.2.1 update released
If you're using FusionReactor, note that a new 9.2.1 update was released last week, Jan 31, with a couple of bug fixes--including one where you may need to add a JVM arg to prevent an error, in a certain case as I will discuss.
- FR8397 Bug: Fix total requests (last 60 seconds) amount in Web Metrics page.
- FR8398 Improvement: Add property to disable CF query monitoring for Redis cache when property is set to false (set to true by default).
- FR8399 Bug: Fix event snapshots no longer being sent to the cloud.
https://www.carehart.org/blog/2023/2/6/fusionreactor_9_2_1_released
ICYMI - CBSecurity 3 Released
We are incredibly excited to release CBSecurity 3. This is a significant release with over six months of work invested in it. We have completely revamped our security module to make ColdBox applications secure, flexible, and ready for the upcoming ColdBox 7 release. The first major announcement for this release is that we have a brand-new logo!
https://www.ortussolutions.com/blog/cbsecurity-3x-released
Webinar / Meetups and Workshops
Ortus Event Calendar for Google
https://calendar.google.com/calendar/u/0?cid=Y181NjJhMWVmNjFjNGIxZTJlNmQ4OGVkNzg0NTcyOGQ1Njg5N2RkNGJiNjhjMTQwZjc3Mzc2ODk1MmIyOTQyMWVkQGdyb3VwLmNhbGVuZGFyLmdvb2dsZS5jb20
Ortus Fridays are back in Full Effect in 2023
ICYMI - CBSecurity 3 Released
We are incredibly excited to release CBSecurity 3. This is a significant release with over six months of work invested in it. We have completely revamped our security module to make ColdBox applications secure, flexible, and ready for the upcoming ColdBox 7 release. The first major announcement for this release is that we have a brand-new logo!
https://www.ortussolutions.com/blog/cbsecurity-3x-released
Webinar / Meetups and Workshops
Ortus Event Calendar for Google
https://calendar.google.com/calendar/u/0?cid=Y181NjJhMWVmNjFjNGIxZTJlNmQ4OGVkNzg0NTcyOGQ1Njg5N2RkNGJiNjhjMTQwZjc3Mzc2ODk1MmIyOTQyMWVkQGdyb3VwLmNhbGVuZGFyLmdvb2dsZS5jb20
Ortus Fridays are back in Full Effect in 2023
- ICYMI - Ortus Office Hours - Feb 3rd, 2023 - 11 AM CST
- Software Craftsmanship Book Club - Feb 10th, 2023 - 2 PM CST (Patreon exclusive)
- February Webinar - Feb 17th - Luis Majano with CBSecurity V3
- 2023 ForgeBox Module of the Week Series - 1 new Video https://cfcasts.com/series/2023-forgebox-modules-of-the-week
- 2023 VS Code Hint tip and Trick of the Week Series - 1 new Video https://cfcasts.com/series/2023-vs-code-hint-tip-and-trick-of-the-week
Coming Soon
- Brad with more CommandBox Videos - 27!!!
- More ForgeBox and VS Code Podcast snippet videos
- CBWire Series from Grant - Fill out the Poll here https://community.ortussolutions.com/t/poll-cbwire-cfcasts-com-series/9513
- ColdBox Elixir from Eric
- Getting Started with ContentBox from Daniel
- Box-ifying a 3rd Party Library from Gavin
Conferences and Training
THIS WEEK - VUEJS AMSTERDAM 2023
9-10 February 2023, Theater Amsterdam
World's Most Special and Largest Vue Conference
https://vuejs.amsterdam/
Github Galaxy
March 28th, 2023
Save the date for our global enterprise event focused on improving efficiency, security, and developer productivity.
GitHub Galaxy—formerly known as GitHub InFocus—is new and reimagined.
Virtual registration is right around the corner.
VIP summits: Join us in-person for a VIP summit near you, with breakout sessions, networking, and more for enterprise leaders.
https://galaxy.github.com/
Dev Nexus
April 4-6th, 2023 in Atlanta
Georgia World Congress Center
285 Andrew Young International Blvd NW
Atlanta, GA 30313
https://devnexus.com/
VueJS Live
MAY 12 & 15, 2023
ONLINE + LONDON, UK
CODE / CREATE / COMMUNICATE
35 SPEAKERS, 10 WORKSHOPS
10000+ JOINING ONLINE GLOBALLY
300 LUCKIES MEETING IN LONDON
https://vuejslive.com/
Into the Box 2023 - 10th Edition
May 17-19, 2023
The conference will be held in The Woodlands (Houston), Texas
This year we will continue the tradition of training and offering a pre-conference hands-on training day on May 17th and our live Mariachi Band Party! However, we are back to our Spring schedule and beautiful weather in The Woodlands! Also, this 2023 will mark our 10 year anniversary. So we might have two live bands and much more!!!
CLOSED - call for speakers for the Into The Box Conference for 2023
Sessions announced Soon.
https://www.intothebox.org/blog/into-the-box-2023-call-for-speakers
https://itb2023.eventbrite.com/
VueConf.us
NEW ORLEANS, LA • MAY 24-26, 2023
Jazz. Code. Vue.
Workshop day: May 24
Main Conference: May 25-26
https://vueconf.us/
CFCamp is back
June, 22-23rd 2023
Marriott Hotel Munich Airport, Freising
Call for Speakers is now open!
https://www.papercall.io/cfcamp2023
https://www.cfcamp.org/
More conferences
Need more conferences, this site has a huge list of conferences for almost any language/community.
https://confs.tech/
https://github.com/scraly/developers-conferences-agenda
Blogs, Tweets, and Videos of the Week
2/7/23 - Blog - Ben Nadel - Rendering A Local TimeStamp With Stimulus Using Hotwire And Lucee CFML
So far, in my exploration of Hotwire, I've looked at several features of Turbo Drive including partial rendering with Turbo Frames and dynamically updating the page with Turbo Streams. According to David Heinemeier Hansson (DHH), the Turbo family of features should get you 90% of the way through your application development. But, that last 10% of features needs to be implemented with custom JavaScript. And for this, Hotwire provides Stimulus controllers; or, what the Rails community refers to as "JavaScript sprinkles". To start looking at Stimulus, I wanted to create a demo that takes a ColdFusion provided UTC millisecond value and renders it in the user's local timezone.
https://www.bennadel.com/blog/4401-rendering-a-local-timestamp-with-stimulus-using-hotwire-and-lucee-cfml.htm
2/6/23 - Blog - Charlie Arehart - New URL for signing up to the CFML Slack: cfml-slack.net
TLDR; the URL for joining the CFML Slack workspace and channels has changed. If you want to join the CFML Slack, use the form at cfml-slack.net. As some may have noticed, the old URL for joining (cfml-slack.herokuapp.com) no longer works.
Since it's mentioned in many places on the web, I wanted to help spread this news. This cfml-slack.net URL replaces that, while the URL for the CFML Slack channel itself is unchanged: cfml.slack.com.
https://www.carehart.org/blog/2023/2/6/new_url_for_cfml_slack_signup
2/6/23 - Blog - Charlie Arehart - FusionReactor 9.2.1 update released
If you're using FusionReactor, note that a new 9.2.1 update was released last week, Jan 31, with a couple of bug fixes--including one where you may need to add a JVM arg to prevent an error, in a certain case as I will discuss.
- FR8397 Bug: Fix total requests (last 60 seconds) amount in Web Metrics page.
- FR8398 Improvement: Add property to disable CF query monitoring for Redis cache when property is set to false (set to true by default).
- FR8399 Bug: Fix event snapshots no longer being sent to the cloud.
https://www.carehart.org/blog/2023/2/6/fusionreactor_9_2_1_released
2/3/23 - Blog - Ben Nadel - Dynamically Updating Views With Turbo Streams Using Hotwire And Lucee CFML
As I demonstrated in my earlier post, Turbo Frames can be used to swap portions of a view using the response from a GET page request. Hotwire takes that concept a step further with Turbo Streams. In response to a POST form submission, a series of <turbo-stream> elements can define multiple, independent mutations that Hotwire will perform on the currently rendered view. I wanted to explore the Turbo Streams mechanics in Lucee CFML.
https://www.bennadel.com/blog/4400-dynamically-updating-views-with-turbo-streams-using-hotwire-and-lucee-cfml.htm
1/31/23 - Blog - Luis Majano - Ortus Solutions - CBSecurity 3 Released
We are incredibly excited to release CBSecurity 3. This is a significant release with over six months of work invested in it. We have completely revamped our security module to make ColdBox applications secure, flexible, and ready for the upcoming ColdBox 7 release. The first major announcement for this release is that we have a brand-new logo!
https://www.ortussolutions.com/blog/cbsecurity-3x-released
1/31/23 - Blog - Brian Reilly - Authentication Bypass Vulnerability in Mura CMS and Masa CMS – Preliminary Security Advisory
Multiple versions of Mura CMS and Masa CMS contain an authentication bypass vulnerability that can allow an unauthenticated attacker to login as any Site Member or System User.
This is a preliminary security advisory, and is being shared so that impacted organizations can update and patch as needed. Additional technical details will be released on March 6, 2023.
https://coldfusion.adobe.com/2023/01/muracms/
CFML Jobs
Several positions available on https://www.getcfmljobs.com/
Listing over 48 ColdFusion positions from 29 companies across 23 locations in 5 Countries.
0 new jobs listed this week
Other Job Links
2/3/23 - Blog - Ben Nadel - Dynamically Updating Views With Turbo Streams Using Hotwire And Lucee CFML
As I demonstrated in my earlier post, Turbo Frames can be used to swap portions of a view using the response from a GET page request. Hotwire takes that concept a step further with Turbo Streams. In response to a POST form submission, a series of <turbo-stream> elements can define multiple, independent mutations that Hotwire will perform on the currently rendered view. I wanted to explore the Turbo Streams mechanics in Lucee CFML.
https://www.bennadel.com/blog/4400-dynamically-updating-views-with-turbo-streams-using-hotwire-and-lucee-cfml.htm
1/31/23 - Blog - Luis Majano - Ortus Solutions - CBSecurity 3 Released
We are incredibly excited to release CBSecurity 3. This is a significant release with over six months of work invested in it. We have completely revamped our security module to make ColdBox applications secure, flexible, and ready for the upcoming ColdBox 7 release. The first major announcement for this release is that we have a brand-new logo!
https://www.ortussolutions.com/blog/cbsecurity-3x-released
1/31/23 - Blog - Brian Reilly - Authentication Bypass Vulnerability in Mura CMS and Masa CMS – Preliminary Security Advisory
Multiple versions of Mura CMS and Masa CMS contain an authentication bypass vulnerability that can allow an unauthenticated attacker to login as any Site Member or System User.
This is a preliminary security advisory, and is being shared so that impacted organizations can update and patch as needed. Additional technical details will be released on March 6, 2023.
https://coldfusion.adobe.com/2023/01/muracms/
CFML Jobs
Several positions available on https://www.getcfmljobs.com/
Listing over 48 ColdFusion positions from 29 companies across 23 locations in 5 Countries.
0 new jobs listed this week
Other Job Links
- There is a jobs channel in the CFML slack team, and in the Box team slack now too
- Brian Polackoff posted yesterday morning in the cfml-general channel that he is looking for 2-3 advanced CF programmers. Check it out.
- “Morning everyone; can anyone tell me where to find 2-3 advanced Adobe Coldfusion programmers? Salaries will be in the range of ~125k to 150k USD? I’m open to FT or Contract with FT hours? Preferably in the USA but am open to other areas. Is there anyone on this list, a better list, or even a company that can provide match making services?”
- Brian Polackoff posted yesterday morning in the cfml-general channel that he is looking for 2-3 advanced CF programmers. Check it out.
ForgeBox Module of the Week
UIME
A simple templating tool for Coldbox apps.
Tools like Bootstrap make it easy to create user interfaces which are responsive, consistent and so on. However, you still need to get the HTML and class names correct which means referencing the web site, perhaps copying and pasting and so on. This is fine but if you're more at home with JSON than CSS, this time spent can feel like diving into another language.
UIME components accept a JSON object with some required keys and return the boiler plate HTML from the Bootstrap 5 library. This is by no means complete but I'll flesh it out as needed. PRs welcome. :)
Each component accepts the basic data that it needs to create its element as well as an id and class list to be added to the top element.
https://www.forgebox.io/view/uime
VS Code Hint Tips and Tricks of the Week
Dev Containers
Visual Studio Code Dev Containers
The Dev Containers extension lets you use a Docker container as a full-featured development environment. Whether you deploy to containers or not, containers make a great development environment because you can:
Develop with a consistent, easily reproducible toolchain on the same operating system you deploy to.
Quickly swap between different, separate development environments and safely make updates without worrying about impacting your local machine.
Make it easy for new team members / contributors to get up and running in a consistent development environment.
Try out new technologies or clone a copy of a code base without impacting your local setup.
https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers
Thank you to all of our Patreon Supporters
These individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox, ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox.
You can support us on Patreon here https://www.patreon.com/ortussolutions
Don’t forget, we have Annual Memberships, pay for the year and save 10% - great for businesses.
- Bronze Packages and up, now get a ForgeBox Pro and CFCasts subscriptions as a perk for their Patreon Subscription.
- All Patreon supporters have a Profile badge on the Community Website
- All Patreon supporters have their own Private Forum access on the Community Website
- All Patreon supporters have their own Private Channel access BoxTeam Slack
- Live Stream Access to streams like “Koding with the Kiwi + Friends” and Ortus Software Craftsmanship Book Club
- John Wilson - Synaptrix
- Tomorrows Guides
- Jordan Clark
- Gary Knight
- Mario Rodrigues
- Giancarlo Gomez
- David Belanger (Bell-an-jer)
- Dan Card
- Jeffry McGee - Sunstar Media
- Dean Maunder
- Nolan Erck
- Abdul Raheen
And many more Patreons
You can see an up to date list of all sponsors on Ortus Solutions' Website
https://ortussolutions.com/about-us/sponsors
Homework
- Gavin
- Patreons - join us for the book club. Clean Code
- Dan
- Look at the Community Chat!
Thanks everyone!!!
Switch to Modernize or Die ® Podcast - SoapBox Edition - Switch to Modernize or Die ® Podcast - Conference Edition
Music from this podcast used under Royalty Free license from SoundDotCom and BlueTreeAudio
© 2019 Ortus Solutions