Modernize or Die® - CFML News Podcast for March 14th, 2023 - Episode 188

2023-03-14 Weekly News - Episode 188

Watch the video version on YouTube at

  • Gavin Pickin - Senior Developer at Ortus Solutions
  • Daniel Garcia - Senior Developer at Ortus Solutions

Thanks to our Sponsor - Ortus Solutions
The makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there. 
A few ways  to say thanks back to Ortus Solutions:
Patreon Support ( Invigorating ) - UPDATED GOALS

We have 41 patreons:

Goal 1 - 26% -  This goal would help us to fully fund the hosting of (, the ColdFusion software directory.
Goal 2 - 13% - This goal would fund the development of CommandBox CLI, so it can remain FREE and Open Source forever.
Goal 3 - 6% - This goal would help us to fully fund the Modernize or Die podcasts.

News and Announcements

Critical Security Update for ColdFusion APSB23-25

From Adobe

From Foundeo

Adobe has just published a security bulletin APSB23-25, and has released security updates for ColdFusion 2018 and 2021.

We recommend installing these update as soon as possible, because one of the vulnerabilities has been actively exploited by attackers already.

HackMyCF has been updated to warn you if the hotfix is missing.

It is important to note that if you are on ColdFusion 11, or 2016 that it is possible that your servers could be vulnerable to at least one of these issue as well. However, because these versions reached end of life they are no longer receiving security patches from Adobe.

One thing you can do to mitigate one of these issues is to block requests containing a variable named _cfclient. Some of the filters in FuseGuard may help prevent some attack vectors when configured to. But the best solution is to upgrade to CF2018 or 2021 and apply the patch released today.
Foundeo Inc.

ICYMI - Authentication Bypass Vulnerability in Mura CMS and Masa CMS (CVE-2022-47003 and CVE-2022-47002)

Mura CMS is a popular content management system written in ColdFusion/CFML. While it was originally a commercial open source product, it was re-licensed as a closed source application with the release of Mura CMS v10 in 2020.  There are forked open source projects based on the last open source release of Mura CMS, including Masa CMS - which is actively maintained.

Multiple versions of Mura CMS and Masa CMS contain an authentication bypass vulnerability that can allow an unauthenticated attacker to login as any Site Member or System User.

ICYMI - State of the CF Union 2023 Released

Help us find out the state of the CF Union – what versions of CFML Engine do people use, what frameworks, tools etc.

New Releases and Updates

ICYMI - CommandBox 5.8.0 Released!

We are pleased to announce the release of CommandBox 5.8.0, which comes with a handful of new features and some important library updates.

Now bundles commandbox-cfconfig, commandbox-dotenv, commandbox-update-check. Automatically installed or updated when you start CLI

Automatically sets the content type in the HTTP response for static file typesl. You can customize in server.json

Config and Module Sync - if you are authenticated to ForgeBox in the CLI, you can synchronize config settings to and from.
Web Server Case Sensitivty - forcing case sensitivity on Windows

REPL improvements

As usual, you can acquire the latest release from our download page or your favorite HomeBrew or apt/yum repo

ICYMI - First Lucee 6 Beta Released

Remember this is a BETA, so it’s not production ready, what we are looking for in this first BETA release, is for you to try and run your apps / test suites in locally and let us know how it goes for you.

Webinar / Meetups and Workshops

Ortus Event Calendar for Google

Ortus Webinar - March 17, 2023 - CBSecurity with Luis Majano
Friday, March 17th, at 3pm CST.
Signup Now:

Ortus Office Hours - Date TBD
Due to spring break, good friday, lots of people at Dev Nexus and CF Summit East, we might push Office Hours to another date.
Will confirm

CFSummit East 2023 Training Workshop - ColdFusion MVC for Dummies.
Before the ColdFusion Summit East in Washington, D.C., on April 4th, 2023.
Luis Majano, the creator of The ColdBox Platform, will be leading this workshop, bringing you a deep dive 1-day workshop: ColdFusion MVC for Dummies.

The workshop will combine a variety of theories, hands-on coding, and best practices to give you all the tools needed to leave the workshop ready to build MVC-powered apps when you return to your office.

CFCasts Content Updates

Recent Releases

Coming Soon
  • Brad with more CommandBox Videos
  • More ForgeBox and VS Code Podcast snippet videos

Conferences and Training

Github Galaxy

March 28th, 2023
Save the date for our global enterprise event focused on improving efficiency, security, and developer productivity.
GitHub Galaxy—formerly known as GitHub InFocus—is new and reimagined.
Virtual registration is right around the corner.
VIP summits: Join us in-person for a VIP summit near you, with breakout sessions, networking, and more for enterprise leaders.

Dev Nexus
April 4-6th, 2023 in Atlanta
Georgia World Congress Center
285 Andrew Young International Blvd NW
Atlanta, GA 30313
Kubernetes, Java, Software architecture, Kotlin, Performance Tuning

CFSummit East
Thursday, April 6, 2023
8:00am - 4:00pm
Wednesday 5th - Certification
Marriott Marquis Washington, DC
Complimentary; breakfast and lunch will be provided

CFSummit East 2023 Training Workshop - ColdFusion MVC for Dummies.
Before the ColdFusion Summit East in Washington, D.C., on April 4th, 2023.
Luis Majano, the creator of The ColdBox Platform, will be leading this workshop, bringing you a deep dive 1-day workshop: ColdFusion MVC for Dummies.

The workshop will combine a variety of theories, hands-on coding, and best practices to give you all the tools needed to leave the workshop ready to build MVC-powered apps when you return to your office.

J on the Beach

Bringing DevOps, Devs and Data Scientists together around Big Data
May 10-12, 2023
Malaga, Spain
Ortus Profile:

VueJS Live

MAY 12 & 15, 2023

Into the Box 2023 - 10th Edition
May 17-19, 2023
The conference will be held in The Woodlands (Houston), Texas -
This year we will continue the tradition of training and offering a pre-conference hands-on training day on May 17th and our live Mariachi Band Party! However, we are back to our Spring schedule and beautiful weather in The Woodlands! Also, this 2023 will mark our 10 year anniversary. So we might have two live bands and much more!!!
Early bird tickets ending soon - IN PERSON ONLY
Website launched:
Releasing the speaker list in waves!
ITB Schedule is being uploaded and tweaked right now, see it as it unfolds.
NEW ORLEANS, LA • MAY 24-26, 2023
Jazz. Code. Vue.
Workshop day: May 24
Main Conference: May 25-26

CFCamp is back
June 22-23rd, 2023
Marriott Hotel Munich Airport, Freising
Call for Speakers is now open through March 15! LAST CHANCE!!!!

More conferences

Need more conferences, this site has a huge list of conferences for almost any language/community.

Blogs, Tweets, and Videos of the Week

3/7/23 - Blog - Ben Nadel - Styling Submit Buttons During Form Submission With Hotwire And Lucee CFML
When you submit a form in a Hotwire enhanced ColdFusion application, several things happen: The progress bar may be rendered if the request takes a while; the targeted submit button will be disabled (in order to prevent double-submissions); and, as of the Turbo v7.3.0 release, you can now alter the innerHTML of the targeted submit button while the form is being processed. Since I haven't explored these latter behaviors yet, I wanted to put together a quick demo using Lucee CFML.

3/12/23 - Blog - Ben Nadel - Rendering A Fly-Out Form Panel Using Turbo Frames With Hotwire And Lucee CFML
When using Hotwire to progressively enhance "normal" ColdFusion pages, the process is quite seamless: as long as you're returning a non-200 status code on failed form submissions, everything just works! It's only when you start transcluding forms from one page into another page that things get tricky. This is doubly-true when the transcluded form is transient, such as with a modal window or a fly-out panel. To start getting comfortable with this concept, I wanted to try and render a form inside a fly-out panel in a Hotwire enhanced ColdFusion application.

3/13/23 - Blog - Ben Nadel - Using "return" To Short-Circuit A CFML Template In ColdFusion

At work, we use Framework One (FW/1) to route and render our ColdFusion requests. As such, our "controller layer" is implemented as a series of ColdFusion components (CFCs). And, since each request maps to a method invocation on said components, I'm used to using a return statement when short-circuiting my controller actions. Yesterday, when working on my Hotwire + ColdFusion demos - which uses simple CFML templates as its controller layer - I accidentally used a return statement to short-circuit the control flow. And it worked! This was unexpected; and, I wanted to see if it worked in both Adobe ColdFusion and Lucee CFML.

3/14/23 - Blog - Ben Nadel - Using Nested Stimulus Controllers With Hotwire And Lucee CFML
The other day, on the Hotwire Dev Forum, I was having a discussion about communicating across Stimulus controllers. Most of my explorations so far have revolved around Turbo and progressively enhancing a ColdFusion application. As such, I didn't have much to offer in the way of advice. In order to help flesh out my mental model for Stimulus controllers, I wanted to put together a demo that explores a few different ways to communicate between a child controller and a parent controller in a Hotwire application.


Several positions available on
Listing over 52 ColdFusion positions from 32 companies across 25 locations in 5 Countries.

1 new job listed this week

Full-Time - Full Stack ColdFusion/Lucee Developer (Remote) at Vancouver.. - Canada
Posted Mar 08

Other Job Links

- There is a jobs channel in the CFML slack team, and in the Box team slack now too

ForgeBox Module of the Week

Amazon S3 SDK v5.5.2+76

By Ortus Solutions

This SDK allows you to add Amazon S3, Digital Ocean Spaces capabilities to your ColdFusion (CFML) applications. It is also a ColdBox Module, so if you are using ColdBox, you get auto-registration and much more.

Newer feature - upload directly to S3 without uploading to your server first!!!

VS Code Hint Tips and Tricks of the Week

REST Client by Huachao Mao

REST Client allows you to send HTTP request and view the response in Visual Studio Code directly.

Lots of great features, including but not limited to:

  • Remember Cookies for subsequent requests
  • Proxy support
  • Send/Cancel/Rerun HTTP request in editor and view response in a separate pane with syntax highlight
  • Send GraphQL query and author GraphQL variables in editor
  • Send cURL command in editor and copy HTTP request as cURL command
  • Auto save and view/clear request history
  • Compose MULTIPLE requests in a single file (separated by ### delimiter)
  • View image response directly in pane
  • Save raw response and response body only to local disk
  • Fold and unfold response body
  • Customize font(size/family/weight) in response preview
  • Preview response with expected parts(headers only, body only, full response and both request and response)
  • Authentication support
  • Environments and custom/system variables support

Thank you to all of our Patreon Supporters

These individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox,  ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox.

You can support us on Patreon here

Don’t forget, we have Annual Memberships, pay for the year and save 10% - great for businesses.

  • Bronze Packages and up, now get a ForgeBox Pro and CFCasts subscriptions as a perk for their Patreon Subscription.
  • All Patreon supporters have a Profile badge on the Community Website
  • All Patreon supporters have their own Private Forum access on the Community Website
  • All Patreon supporters have their own Private Channel access BoxTeam Slack

Top Patreons ( invigorating )

  • John Wilson - Synaptrix
  • Tomorrows Guides
  • Jordan Clark

  • Gary Knight
  • Mario Rodrigues
  • Giancarlo Gomez
  • David Belanger
  • Dan Card
  • Jeffry McGee - Sunstar Media
  • Dean Maunder
  • Nolan Erck 
  • Abdul Raheen

And many more Patreons

You can see an up to date list of all sponsors on Ortus Solutions' Website

Thanks everyone!!!

  • Watch Social Media for our new announcement
  • CFcamp Call for Speakers is closing
  • Into the Box - Early bird tickets ending soon.

★ Support this podcast on Patreon ★

Switch to Modernize or Die ® Podcast - SoapBox Edition - Switch to Modernize or Die ® Podcast - Conference Edition

Powered by

Music from this podcast used under Royalty Free license from SoundDotCom and BlueTreeAudio

© 2019 Ortus Solutions