2024-03-05 Weekly News — Episode 212

Watch the video version on YouTube at https://youtube.com/live/Vg81ar7GfW4?feature=share

Hosts: 

Thanks to our Sponsor - Ortus Solutions
The makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there. 
A few ways to say thanks back to Ortus Solutions:

Patreon Support (phenomenal)

We have 46 patreons:
 
https://www.patreon.com/ortussolutions.

News and Announcements

Whitehouse Mandate - Press Release: Future Software Should Be Memory Safe
Leaders in Industry Support White House Call to Address Root Cause of Many of the Worst Cyber Attacks
Today, the White House Office of the National Cyber Director (ONCD) released a report calling on the technical community to proactively reduce the attack surface in cyberspace. ONCD makes the case that technology manufacturers can prevent entire classes of vulnerabilities from entering the digital ecosystem by adopting memory safe programming languages. ONCD is also encouraging the research community to address the problem of software measurability to enable the development of better diagnostics that measure cybersecurity quality.
Full Report:  https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf
Blog Post: https://www.whitehouse.gov/oncd/briefing-room/2024/02/26/press-release-technical-report/

Three Recent Lucee Vulnerabilities
Last week, Harsh Jaiswal and Rahul Maini from ProjectDiscovery released some impressive security research on multiple vulnerabilities in Lucee (and Mura CMS and Masa CMS).  Their blog post is a must-read, and I'm not going to rehash their steps from research to discovery to exploitation.  Instead, I'm going to look at these vulnerabilities through a defensive lens. 
https://www.hoyahaxa.com/2024/02/thinking-defensively-about-three-recent.html

One Reason Why Your ColdFusion Server May Still Be Vulnerable Even With the Latest Security Updates Installed
Next Tuesday is Adobe Patch Tuesday.  Will there be new ColdFusion security updates?  I have no idea.  But even if there are no new patches released, and your ColdFusion servers already have the latest updates installed, you may still be missing an important step in keeping them secure.
https://www.hoyahaxa.com/2024/03/one-reason-why-your-coldfusion-server.html

ICYMI : CF Summit East Announced
Adobe and Carahsoft would like to officially invite you to our interactive Adobe ColdFusion Summit East 2024. This event is an unparalleled experience featuring a gathering of professionals, developers, and thought leaders in the dynamic realm of ColdFusion technology.
https://carahevents.carahsoft.com/Event/Details/447476-xbyte
 
Into The Box 2024, Third Wave of Sessions!
Are you ready for what's in store? In this round of releases, we're excited to announce the addition of two mystery sessions presented by Ortus Solutions. These sessions are set to redefine how you approach CFML development, introducing key tools and surprises that will welcome a new era of modernization. Get ready to be inspired, challenged, and equipped with cutting-edge techniques that will elevate your projects to new heights.

But that's not all! Our agenda is packed with diverse workshops and sessions meticulously curated to cater to developers of all levels. Whether you're a seasoned pro or just starting your CFML journey, there's something for everyone at Into the Box 2024.
https://www.ortussolutions.com/blog/unveiling-the-future-of-cfml-development-3rd-round-of-sessions
https://www.intothebox.org/


New Releases and Updates

CommandBox 6.0.0 Released!
We are pleased to announce the release of CommandBox 6.0.0.  This is a major release of our CLI, REPL, Package Manager, and CFML Server.  It comes with some major new features for you to play with.  And even better, CommandBox 6 should be 99% backwards compatible with CommandBox 5.9 so you can update and test it out today.
https://www.ortussolutions.com/blog/commandbox-600-released

Ortus Redis Extension v3.3.0 Released!
We are very excited to bring you another release for our Redis Lucee Extension. The most significant feature in this release is the addition of the `` and `redisLock{}` tag, which allows you perform a lock across all instances in a cluster.
Ortus Redis Extension v3.3.0 gives you greater control over concurrent modifications in a distributed environment, utilizing your distributed cache to prevent overlaps!
https://www.ortussolutions.com/blog/ortus-redis-extension-v330-released


ICYMI - ColdFusion Builder extension for Visual Studio Code -  A new update is available!
https://community.adobe.com/t5/coldfusion-discussions/coldfusion-builder-extension-for-visual-studio-code-a-new-update-is-available/m-p/14365891

ICYMI - Hyper v7.3.0
https://hyper.ortusbooks.com/whats-new#id-7.3.0


CFCasts Content Updates

https://www.cfcasts.com

Recent Releases

Conferences and Training

Adobe ColdFusion Online Summit 2024
Unleash the power of modern web development
Feb 15,2024 - Mar 15, 2024
Join us from anywhere in the world for the most anticipated ColdFusion event of the year!
https://adobe-coldfusion-online-summit-2024.attendease.com/register/registration/form

Upcoming Sessions
Mar 5th at 6:30 AM PT - Rochelle Hannah - Exploring Cloud Services with ColdFusion
Mar 6th at 6:30 AM PT - Megha Bhat - SAML - Single Sign On and SAML/LDAP Integration with ColdFusion Administrator
Mar 6th at 10 AM PT - Nolan Erck - Web Components in Your CFML Application
Mar 7th at 6:30 AM PT - Satyam Mishra - From Development to Production: PMT's Full Support to Cf

Recent Sessions
Feb 28th at 9 AM PT - Daniel Garcia - Transitioning from WordPress to ContentBox: A Powerful ColdFusion Alternative
Feb 29th at 9 AM PT - Annette Liskey - Build a Complex Web Form with RuleBox and TestBox
Mar 4th at 6:30 AM PT - Laveesha Kumra - Cfhtmltopdf: Out with the old, in with the new!


CF Summit East
Wednesday, April 24, 2024
8:00am - 4:00pm
Carahsoft Conference & Collaboration Center
11493 Sunset Hills Road,
Reston, VA 20190
Registration: https://carahevents.carahsoft.com/Event/Details/429564-adobe

ACP Training prior to CF Summit East
https://www.carahsoft.com/learn/event/50992-acp-adobe-coldfusion-at-adobe-cf-summit-east


ColdBox 7 Workshop at Adobe CF Summit East 2024
A Deep Dive into ColdBox 7.2
Date: April 25th - 26th, 2024 | After Adobe CFSummit East
Speakers: Luis Majano, creator of ColdBox
Elevate Your CFML Development Skills!
Master ColdBox 7.2 from the Ground Up in Our Workshop Following CFSummit East 2024
Calling all CFML developers and enthusiasts! We are thrilled to announce an upcoming event that promises to elevate your skills and empower you with ColdBox's latest updates and features. This two-day workshop is led by the creator of ColdBox, Luis Majano. You'll dive into ColdBox 7.2, exploring new features, updates, and fixes to build modern, high-quality projects.
Whether you're a beginner looking to jumpstart your journey into the MVC ecosystem or an experienced developer seeking to refine your ColdBox skills, this workshop is designed to meet your needs. Get ready for an immersive experience that keeps you at the forefront of ColdBox development!
Tickets are limited, get yours now and save with early bird pricing
https://www.ortussolutions.com/blog/a-deep-dive-into-coldbox-72

ITB 2024

More conferences

Need more conferences, this site has a huge list of conferences for almost any language/community.
https://confs.tech/


Blogs, Tweets, and Videos of the Week

3/4/24 - Blog - Brian Orielly - One Reason Why Your ColdFusion Server May Still Be Vulnerable Even With the Latest Security Updates Installed
Next Tuesday is Adobe Patch Tuesday.  Will there be new ColdFusion security updates?  I have no idea.  But even if there are no new patches released, and your ColdFusion servers already have the latest updates installed, you may still be missing an important step in keeping them secure.
https://www.hoyahaxa.com/2024/03/one-reason-why-your-coldfusion-server.html


3/3/24 - Blog - Ben Nadel - Various Ways To Get ColdFusion Data Into An Alpine.js Component
So far, all of my Alpine.js explorations have been client-side focused. But, my ultimate goal is to see if Alpine.js is a good companion framework for a ColdFusion-based multi-page application (MPA). As such, I wanted to spend some time thinking about various ways in which to get my ColdFusion data into an Alpine.js component.
https://www.bennadel.com/blog/4604-various-ways-to-get-coldfusion-data-into-an-alpine-js-component.htm

3/5/24 - Live Coding - Ray Camden - Playing Games with Alpine.js
https://www.youtube.com/watch?v=EoRo8Ry3-8A


3/1/24 - Blog - Ortus Solutions - Into The Box 2024, Third Wave of Sessions!
Are you ready for what's in store? In this round of releases, we're excited to announce the addition of two mystery sessions presented by Ortus Solutions. These sessions are set to redefine how you approach CFML development, introducing key tools and surprises that will welcome a new era of modernization. Get ready to be inspired, challenged, and equipped with cutting-edge techniques that will elevate your projects to new heights.
But that's not all! Our agenda is packed with diverse workshops and sessions meticulously curated to cater to developers of all levels. Whether you're a seasoned pro or just starting your CFML journey, there's something for everyone at Into the Box 2024.
https://www.ortussolutions.com/blog/unveiling-the-future-of-cfml-development-3rd-round-of-sessions


2/29/24 - Tweet - James Moberg - Why does CF use dedicated functions for Case Sensitivity?
Why does #ColdFusion use dedicated functions for case sensitivity? Why not use a single function w/case boolean flag? #DRY
-arraycontains
-arraydelete
-arrayfindall
-arrayfind
-compare
-findlistcontains
-listfind
-listvaluecount
-refind
-rematch
-replacelist
-replace
-rereplace
https://x.com/gamesover/status/1763266840112107877?s=20


2/21/24 - Blog - Brian Orielly - Thinking Defensively About Three Recent Lucee Vulnerabilities
Last week, Harsh Jaiswal and Rahul Maini from ProjectDiscovery released some impressive security research on multiple vulnerabilities in Lucee (and Mura CMS and Masa CMS).  Their blog post is a must-read, and I'm not going to rehash their steps from research to discovery to exploitation.  Instead, I'm going to look at these vulnerabilities through a defensive lens. 
https://www.hoyahaxa.com/2024/02/thinking-defensively-about-three-recent.html


2/20/24 - Blog - Majo Herrera - Ortus Solutions - Elevate Your ColdBox Experience and Skills
We're thrilled to announce a significant overhaul of our ColdBox training experience to ensure it's nothing short of extraordinary! We've listened closely to your feedback and made significant improvements geared towards transforming you into a ColdBox superhero. Learn What's New!
https://www.ortussolutions.com/blog/elevate-your-coldbox-experience-and-skills


2/16/24 - Blog - Jon Clausen - Ortus Solutions - Ortus Redis Extension v3.3.0 Released!
We are very excited to bring you another release for our Redis Lucee Extension. The most significant feature in this release is the addition of the `` and `redisLock{}` tag, which allows you perform a lock across all instances in a cluster.
Ortus Redis Extension v3.3.0 gives you greater control over concurrent modifications in a distributed environment, utilizing your distributed cache to prevent overlaps!
https://www.ortussolutions.com/blog/ortus-redis-extension-v330-released


2/16/24 - Blog - Ben Nadel - Casting Java Structs And Arrays To ColdFusion Structs And Arrays
Most of the time, in modern ColdFusion, data flows seamlessly in between the ColdFusion layer and the underlying Java layer. Behind the scenes, ColdFusion is working to cast or proxy objects, as needed, so that we can consume these objects as if they were native ColdFusion data types. But, this magic isn't always perfect. In some edge-cases, we have to explicitly cast Java objects into ColdFusion objects in order to consume the full object API (such as member methods).
https://www.bennadel.com/blog/4593-casting-java-structs-and-arrays-to-coldfusion-structs-and-arrays.htm

2/15/24 - Blog - Ben Nadel - Polyfill Form Field Grouping Using Bracket Notation In Adobe ColdFusion
One of the small features that I absolutely love in Lucee CFML is the ability to group form fields as an array by suffixing the form field names with []. As in name="tags[]". When a group of related form fields have this same name, Lucee CFML will automatically aggregate the field values as an array and remove the [] suffix from the field name (in the form scope). Unfortunately, Adobe ColdFusion doesn't offer this behavior. But, we can polyfill it at the top of each request.
https://www.bennadel.com/blog/4592-polyfill-form-field-grouping-using-bracket-notation-in-adobe-coldfusion.htm

2/15/24 - Blog - Brad Wood - Ortus Solutions - CommandBox 6.0.0 Released!
We are pleased to announce the release of CommandBox 6.0.0.  This is a major release of our CLI, REPL, Package Manager, and CFML Server.  It comes with some major new features for you to play with.  And even better, CommandBox 6 should be 99% backwards compatible with CommandBox 5.9 so you can update and test it out today.
https://www.ortussolutions.com/blog/commandbox-600-released 

2/8/24 - Blog - Ortus Solutions - NEW INTO THE BOX WEBSITE!
Prepare for exciting surprises and game-changing announcements about shaking up the coding world. We're on the brink of something big, from supercharging CFML tools to improving the developer experience! Grab your tickets now to stay in the loop with exclusive content and updates made just for Modern CFML Developers at www.intothebox.org
https://www.ortussolutions.com/blog/new-into-the-box-website
 

CFML Jobs

Several positions available on https://www.getcfmljobs.com/

Listing over 119 ColdFusion positions from 72 companies across 49 locations in 5 Countries.

Full-Time - Applications Developer (ColdFusion) - Remote at Waterloo, IA.. - United States
Feb 21
https://www.getcfmljobs.com/jobs/index.cfm/united-states/ApplicationDeveloper-ColdFusion-Remote/11631

Full-Time - Cold Fusion/Java Developer at Remote - United States
Feb 10
https://www.getcfmljobs.com/jobs/index.cfm/united-states/CFJavaDeveloper-at-Remote-US/11630

2 new jobs listed in the last few weeks

Other Job Links
There is a jobs channel in the CFML slack team, and in the Box team slack now too



ForgeBox Module of the Week

CBStreams

Welcome to the wonderful world of Java Streams ported for the CFML world!

The whole idea of streams is to enable functional-style operations on streams of elements. A stream is an abstraction, it’s not a data structure. It’s not a collection where you can store elements. The most important difference between a stream and a structure is that a stream doesn’t hold the data. For example you cannot point to a location in the stream where a certain element exists. You can only specify the functions that operate on that data. A stream is an abstraction of a non-mutable collection of functions applied in some order to the data.

The beauty of streams is that the elements in a stream are processed and passed across the processing pipeline. Unlike traditional CFML functions like map(), reduce() and filter() which create completely new collections until all items in the pipeline are processed. With streams, the elements are streamed across the pipeline to increase efficiency and performance.

https://www.forgebox.io/view/cbstreams


VS Code Hint Tips and Tricks of the Week

SVG Previewer

Show SVG preview to the side panel

https://marketplace.visualstudio.com/items?itemName=vitaliymaz.vscode-svg-previewer

Thank you to all of our Patreon Supporters

These individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox, ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox. 

You can support us on Patreon here https://www.patreon.com/ortussolutions


Don’t forget, we have Annual Memberships, pay for the year and save 10% - great for businesses everyone.

And many more Patreons

You can see an up to date list of all sponsors on Ortus Solutions' Website
https://ortussolutions.com/about-us/sponsors 

Thanks everyone!!!