2023-03-14 Weekly News - Episode 188

Watch the video version on YouTube at https://youtube.com/live/v4vxEckWfYg?feature=share

Hosts: 

Thanks to our Sponsor - Ortus Solutions
The makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there. 
A few ways  to say thanks back to Ortus Solutions:

 
Patreon Support ( Invigorating ) - UPDATED GOALS

We have 41 patreons:

Goal 1 - 26% -  This goal would help us to fully fund the hosting of ForgeBox.io (www.forgebox.io), the ColdFusion software directory.
Goal 2 - 13% - This goal would fund the development of CommandBox CLI, so it can remain FREE and Open Source forever.
Goal 3 - 6% - This goal would help us to fully fund the Modernize or Die podcasts.

https://www.patreon.com/ortussolutions.


News and Announcements

Critical Security Update for ColdFusion APSB23-25

From Adobe

https://community.adobe.com/t5/coldfusion-discussions/released-coldfusion-2021-and-2018-march-2023-security-updates/td-p/13649873

From Foundeo

Adobe has just published a security bulletin APSB23-25, and has released security updates for ColdFusion 2018 and 2021.

We recommend installing these update as soon as possible, because one of the vulnerabilities has been actively exploited by attackers already.

https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html
https://helpx.adobe.com/coldfusion/kb/coldfusion-2018-update-16.html
https://helpx.adobe.com/coldfusion/kb/coldfusion-2021-update-6.html

HackMyCF has been updated to warn you if the hotfix is missing.

It is important to note that if you are on ColdFusion 11, or 2016 that it is possible that your servers could be vulnerable to at least one of these issue as well. However, because these versions reached end of life they are no longer receiving security patches from Adobe.

One thing you can do to mitigate one of these issues is to block requests containing a variable named _cfclient. Some of the filters in FuseGuard may help prevent some attack vectors when configured to. But the best solution is to upgrade to CF2018 or 2021 and apply the patch released today.
--
Foundeo Inc.


ICYMI - Authentication Bypass Vulnerability in Mura CMS and Masa CMS (CVE-2022-47003 and CVE-2022-47002)

Mura CMS is a popular content management system written in ColdFusion/CFML. While it was originally a commercial open source product, it was re-licensed as a closed source application with the release of Mura CMS v10 in 2020.  There are forked open source projects based on the last open source release of Mura CMS, including Masa CMS - which is actively maintained.

Multiple versions of Mura CMS and Masa CMS contain an authentication bypass vulnerability that can allow an unauthenticated attacker to login as any Site Member or System User.
https://hoyahaxa.blogspot.com/2023/03/authentication-bypass-mura-masa.html

ICYMI - State of the CF Union 2023 Released

Help us find out the state of the CF Union – what versions of CFML Engine do people use, what frameworks, tools etc.
https://teratech.com/state-of-the-cf-union-2023-survey


New Releases and Updates

ICYMI - CommandBox 5.8.0 Released!

We are pleased to announce the release of CommandBox 5.8.0, which comes with a handful of new features and some important library updates.

Now bundles commandbox-cfconfig, commandbox-dotenv, commandbox-update-check. Automatically installed or updated when you start CLI

Automatically sets the content type in the HTTP response for static file typesl. You can customize in server.json

Config and Module Sync - if you are authenticated to ForgeBox in the CLI, you can synchronize config settings to and from.
Web Server Case Sensitivty - forcing case sensitivity on Windows

REPL improvements

As usual, you can acquire the latest release from our download page or your favorite HomeBrew or apt/yum repo

https://www.ortussolutions.com/products/commandbox#download

https://www.ortussolutions.com/blog/commandbox-580-released

https://commandbox.ortusbooks.com/


ICYMI - First Lucee 6 Beta Released

Remember this is a BETA, so it’s not production ready, what we are looking for in this first BETA release, is for you to try and run your apps / test suites in locally and let us know how it goes for you.

https://dev.lucee.org/t/first-lucee-6-public-beta-is-available-6-0-0-346-beta/12195


Webinar / Meetups and Workshops

Ortus Event Calendar for Google

https://calendar.google.com/calendar/u/0?cid=Y181NjJhMWVmNjFjNGIxZTJlNmQ4OGVkNzg0NTcyOGQ1Njg5N2RkNGJiNjhjMTQwZjc3Mzc2ODk1MmIyOTQyMWVkQGdyb3VwLmNhbGVuZGFyLmdvb2dsZS5jb20

Ortus Webinar - March 17, 2023 - CBSecurity with Luis Majano
Friday, March 17th, at 3pm CST.
Signup Now: https://us02web.zoom.us/meeting/register/tZAsf-6hrzsuE9POBoeyMYsFPY1AN-M2x29F


Ortus Office Hours - Date TBD
Due to spring break, good friday, lots of people at Dev Nexus and CF Summit East, we might push Office Hours to another date.
Will confirm

CFSummit East 2023 Training Workshop - ColdFusion MVC for Dummies.
Before the ColdFusion Summit East in Washington, D.C., on April 4th, 2023.
Luis Majano, the creator of The ColdBox Platform, will be leading this workshop, bringing you a deep dive 1-day workshop: ColdFusion MVC for Dummies.

The workshop will combine a variety of theories, hands-on coding, and best practices to give you all the tools needed to leave the workshop ready to build MVC-powered apps when you return to your office.
https://www.ortussolutions.com/blog/coldfusion-summit-east-2023-mvc-training-workshop


CFCasts Content Updates

https://www.cfcasts.com

Recent Releases

Conferences and Training

Github Galaxy
 
March 28th, 2023
Save the date for our global enterprise event focused on improving efficiency, security, and developer productivity.
GitHub Galaxy—formerly known as GitHub InFocus—is new and reimagined.
Virtual registration is right around the corner.
VIP summits: Join us in-person for a VIP summit near you, with breakout sessions, networking, and more for enterprise leaders.
https://galaxy.github.com/


Dev Nexus
April 4-6th, 2023 in Atlanta
Georgia World Congress Center
285 Andrew Young International Blvd NW
Atlanta, GA 30313
Kubernetes, Java, Software architecture, Kotlin, Performance Tuning
https://devnexus.com/


CFSummit East
Thursday, April 6, 2023
8:00am - 4:00pm
Wednesday 5th - Certification
Marriott Marquis Washington, DC
Complimentary; breakfast and lunch will be provided
https://carahevents.carahsoft.com/Event/Details/341389-adobe
https://carahevents.carahsoft.com/Event/Details/344168-adobe


CFSummit East 2023 Training Workshop - ColdFusion MVC for Dummies.
Before the ColdFusion Summit East in Washington, D.C., on April 4th, 2023.
Luis Majano, the creator of The ColdBox Platform, will be leading this workshop, bringing you a deep dive 1-day workshop: ColdFusion MVC for Dummies.

The workshop will combine a variety of theories, hands-on coding, and best practices to give you all the tools needed to leave the workshop ready to build MVC-powered apps when you return to your office.
https://www.ortussolutions.com/blog/coldfusion-summit-east-2023-mvc-training-workshop


J on the Beach
Bringing DevOps, Devs and Data Scientists together around Big Data
May 10-12, 2023
Malaga, Spain
https://www.jonthebeach.com/
Ortus Profile: https://www.jonthebeach.com/jobs/54/Ortus%20Solutions


VueJS Live
MAY 12 & 15, 2023
ONLINE + LONDON, UK
CODE / CREATE / COMMUNICATE
35 SPEAKERS, 10 WORKSHOPS
10000+ JOINING ONLINE GLOBALLY
300 LUCKIES MEETING IN LONDON
https://vuejslive.com/


Into the Box 2023 - 10th Edition
May 17-19, 2023
The conference will be held in The Woodlands (Houston), Texas -
This year we will continue the tradition of training and offering a pre-conference hands-on training day on May 17th and our live Mariachi Band Party! However, we are back to our Spring schedule and beautiful weather in The Woodlands! Also, this 2023 will mark our 10 year anniversary. So we might have two live bands and much more!!!
Early bird tickets ending soon - IN PERSON ONLY
Website launched: https://intothebox.org
Releasing the speaker list in waves!
ITB Schedule is being uploaded and tweaked right now, see it as it unfolds.
https://itb2023.eventbrite.com/


VueConf.us
NEW ORLEANS, LA • MAY 24-26, 2023
Jazz. Code. Vue.
Workshop day: May 24
Main Conference: May 25-26
https://vueconf.us/


CFCamp is back
June 22-23rd, 2023
Marriott Hotel Munich Airport, Freising
Call for Speakers is now open through March 15!
https://www.papercall.io/cfcamp2023 LAST CHANCE!!!!
https://www.cfcamp.org/


More conferences

Need more conferences, this site has a huge list of conferences for almost any language/community.
https://confs.tech/
https://github.com/scraly/developers-conferences-agenda


Blogs, Tweets, and Videos of the Week


3/7/23 - Blog - Ben Nadel - Styling Submit Buttons During Form Submission With Hotwire And Lucee CFML
When you submit a form in a Hotwire enhanced ColdFusion application, several things happen: The progress bar may be rendered if the request takes a while; the targeted submit button will be disabled (in order to prevent double-submissions); and, as of the Turbo v7.3.0 release, you can now alter the innerHTML of the targeted submit button while the form is being processed. Since I haven't explored these latter behaviors yet, I wanted to put together a quick demo using Lucee CFML.

https://www.bennadel.com/blog/4422-styling-submit-buttons-during-form-submission-with-hotwire-and-lucee-cfml.htm


3/12/23 - Blog - Ben Nadel - Rendering A Fly-Out Form Panel Using Turbo Frames With Hotwire And Lucee CFML
When using Hotwire to progressively enhance "normal" ColdFusion pages, the process is quite seamless: as long as you're returning a non-200 status code on failed form submissions, everything just works! It's only when you start transcluding forms from one page into another page that things get tricky. This is doubly-true when the transcluded form is transient, such as with a modal window or a fly-out panel. To start getting comfortable with this concept, I wanted to try and render a form inside a fly-out panel in a Hotwire enhanced ColdFusion application.

https://www.bennadel.com/blog/4424-rendering-a-fly-out-form-panel-using-turbo-frames-with-hotwire-and-lucee-cfml.htm


3/13/23 - Blog - Ben Nadel - Using "return" To Short-Circuit A CFML Template In ColdFusion
At work, we use Framework One (FW/1) to route and render our ColdFusion requests. As such, our "controller layer" is implemented as a series of ColdFusion components (CFCs). And, since each request maps to a method invocation on said components, I'm used to using a return statement when short-circuiting my controller actions. Yesterday, when working on my Hotwire + ColdFusion demos - which uses simple CFML templates as its controller layer - I accidentally used a return statement to short-circuit the control flow. And it worked! This was unexpected; and, I wanted to see if it worked in both Adobe ColdFusion and Lucee CFML.

https://www.bennadel.com/blog/4425-using-return-to-short-circuit-a-cfml-template-in-coldfusion.htm


3/14/23 - Blog - Ben Nadel - Using Nested Stimulus Controllers With Hotwire And Lucee CFML
The other day, on the Hotwire Dev Forum, I was having a discussion about communicating across Stimulus controllers. Most of my explorations so far have revolved around Turbo and progressively enhancing a ColdFusion application. As such, I didn't have much to offer in the way of advice. In order to help flesh out my mental model for Stimulus controllers, I wanted to put together a demo that explores a few different ways to communicate between a child controller and a parent controller in a Hotwire application.

https://www.bennadel.com/blog/4426-using-nested-stimulus-controllers-with-hotwire-and-lucee-cfml.htm



CFML Jobs

Several positions available on https://www.getcfmljobs.com/
Listing over 52 ColdFusion positions from 32 companies across 25 locations in 5 Countries.

1 new job listed this week


Full-Time - Full Stack ColdFusion/Lucee Developer (Remote) at Vancouver.. - Canada
Posted Mar 08
https://www.getcfmljobs.com/jobs/index.cfm/canada/FullStackCFDev-Remote-at-Vancouver-BC/11557

Other Job Links

- There is a jobs channel in the CFML slack team, and in the Box team slack now too


ForgeBox Module of the Week

Amazon S3 SDK v5.5.2+76

By Ortus Solutions

This SDK allows you to add Amazon S3, Digital Ocean Spaces capabilities to your ColdFusion (CFML) applications. It is also a ColdBox Module, so if you are using ColdBox, you get auto-registration and much more.

Newer feature - upload directly to S3 without uploading to your server first!!!

https://www.forgebox.io/view/s3sdk


VS Code Hint Tips and Tricks of the Week

REST Client by Huachao Mao

REST Client allows you to send HTTP request and view the response in Visual Studio Code directly.

Lots of great features, including but not limited to:

https://marketplace.visualstudio.com/items?itemName=humao.rest-client


Thank you to all of our Patreon Supporters

These individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox,  ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox.

You can support us on Patreon here https://www.patreon.com/ortussolutions


Don’t forget, we have Annual Memberships, pay for the year and save 10% - great for businesses.

And many more Patreons

You can see an up to date list of all sponsors on Ortus Solutions' Website
https://ortussolutions.com/about-us/sponsors


Thanks everyone!!!

Homework