2024-05-28 Weekly News — Episode 216

Watch the video version on YouTube at https://youtube.com/live/Djeas-Lw3XU?feature=share
 
Hosts: 

Thanks to our Sponsor - Ortus Solutions

The makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there. 
A few ways to say thanks back to Ortus Solutions:

Patreon Support (Magnificent)
We have 50 patreons:
https://www.patreon.com/ortussolutions.


News and Announcements

BoxLang — Dynamic : Modular : Productive

https://boxlang.io/
https://boxlang.ortusbooks.com/


New Releases and Updates

Galaxie Blog 3.57
https://www.gregoryalexander.com/blog/2024/5/22/galaxie-blog-357-is-released


ITB Releases

ITB Highlights

Keynote Day 1

Keynote Day 2

BoxLang

Highlights:

TryBoxLang

cbWire v4

cbSecurity Passkeys

cbq v3

Webinars, Meetups and Workshops

Into the Box 2024, Day 1 & 2 Keynotes
Into the Box 2024 Keynote Day 1: https://www.youtube.com/watch?v=8M0IdUl7IWg
Into the Box 2024 Keynote Day 2: https://www.youtube.com/watch?v=JgQzgUPUtzk

CFCasts Content Updates

https://www.cfcasts.com

Recent Releases

CF Summit West in Las Vegas

At Resorts World - New venue!!!
Sep 30 - Oct 1st for the Conference
Oct 2nd for the Certification

https://cfsummit.adobeevents.com/

Pricing
$99 for the Session Pass right now.
Coupon code might be in your email if you are a previous attendee for even better pricing
$199 for the Professional Pass - include Certification Training on the 2nd of Oct.
https://cfsummit.adobeevents.com/register/registration/select

Call for Speakers is Open!!!
https://cfsummit.adobeevents.com/speaker-application/

Accommodations

Resorts World
3000 S Las Vegas Blvd,
Las Vegas, NV, United States, Nevada

Looking for accommodations?

We've secured exclusive, low room rates of $105 + taxes/day especially for our attendees! Easy and hassle-free booking is just a click away.

Secure your spot now to make the most of your trip with comfortable and affordable accommodations

Ortus - Workshop - TBA

ITB 2025

More conferences

Need more conferences, this site has a huge list of conferences for almost any language/community.
https://confs.tech/


Blogs, Posts, and Videos of the Week

5/1/24 - Blog - Robert Zendher - KISDigital - Tidying up HTML with jSoup: Part Deux
The output of commandbox-ssg has always been something that makes my OCD tingle. When build generates a site, templates are rendered in steps: first the view gets rendered, the next step is to render the page layout around the view, and finally the layout is applied. Due to how things are processed the indentation is "chunky" and the rendering process will also generate blank when processing the CFML templates.

The output is not bad, it just is not great. The Solution: jSoup

https://kisdigital.com/posts/2024/04/tidying-up-html-with-jsoup-part-deux

5/3/24 - Blog - Robert Zendher - KISDigital - The Law of Unintended Consequences
I was feeling pretty good about myself when I managed to post-process commandbox-ssg HTML output using jSoup. The downside, as I learned after the fact, non-HTML files were still getting the same treatment. By default jSoup uses an HTML parser and will wrap the output in html and body tags if they do not exist in the input html. Needless to say, that does not bode well when your sitemap.xml or an RSS feed is wrapped in HTML tags.

https://kisdigital.com/posts/2024/05/the-law-of-unintended-consequences

5/8/24 - Blog - Harsh Jaiswal & Rahul Maini - Hacking Apple - SQL Injection to Remote Code Execution
In our last blog post, we delved into the inner workings of Lucee and took a look at the source code of Masa/Mura CMS, and the vastness of the potential attack surface struck us. It became evident that investing time in understanding the code could pay off. After dedicating a week to our exploration, we stumbled upon several entry points for exploitation, including a critical SQL injection flaw that we were able to exploit within Apple's Book Travel portal.

In this blog post, we aim to share our insights and experiences, detailing how we identified the vulnerability sink, linked it back to its source, and leveraged the SQL injection to achieve Remote Code Execution (RCE).

https://blog.projectdiscovery.io/hacking-apple-with-sql-injection/


5/6/24 - Blog - Ben Nadel - Where Does Serialization / Deserialization Belong In A Database Access Workflow?
A ColdFusion web application is composed of a series of nested abstractions. Each abstraction layer hides some level of private detail and exposes data for public consumption. For most of the work that I do, the exposed data is one dimensional. But, on occasion, I need to store complex object structures. As a simple example, I might have a MySQL table with a JSON column. Which means that each record that I read from said database table contains both normal data and serialized data. Which begs the question: where in the data access workflow should the embedded serialized data (JSON) be deserialized?

https://www.bennadel.com/blog/4649-where-does-serialization-deserialization-belong-in-a-database-access-workflow.htm


5/12/24 - Blog - Ben Nadel - Experimenting With SQLite JDBC Connections In Lucee CFML
Although SQLite has been around for almost 25-years, it seems to be having a moment. In the past year or two, I've heard many people discuss the power of embedding SQLite databases within an application. I've never looked at SQLite before; and, I don't think it necessarily makes sense in the context of a ColdFusion web application; but, as a fun exploration, I wanted to see if I could get ColdFusion to connect to a SQLite database.

https://www.bennadel.com/blog/4653-experimenting-with-sqlite-jdbc-connections-in-lucee-cfml.htm

5/13/24 - Blog - Ben Nadel - Creating On-The-Fly Datasource Connections In Lucee CFML
In yesterday's post on connecting to SQLite databases using JDBC in Lucee CFML, I was creating and consuming a new, user-specific datasource on every page request. In order to do this, I made use of a technique that I only just learned about from the CommandBox Book written by Ortus Solutions. Apparently, in Lucee CFML, you can provide the CFQuery datasource attribute as a struct instead of a string.

https://www.bennadel.com/blog/4654-creating-on-the-fly-datasource-connections-in-lucee-cfml.htm

5/14/24 - Blog - Ben Nadel - Creating In-Memory SQLite Databases Using JDBC In Lucee CFML
In my first look at connecting to SQLite databases using JDBC in Lucee CFML, I was creating physical database files and synchronizing them between my Docker container and my host machine. But, in an experimentation context, there may not be any need to persist the database state across container restarts. In such a context, I could have used SQLite's in-memory database mode to explore the SQLite space without having to worry about persisting data to disk.

https://www.bennadel.com/blog/4655-creating-in-memory-sqlite-databases-using-jdbc-in-lucee-cfml.htm

5/18/24 - Blog - Ben Nadel - Experimenting With Low-Level SQLite Access In Lucee CFML
In my first look at accessing SQLite databases in ColdFusion, I was using a Lucee CFML specific feature that allows for creating on-the-fly datasources in the CFQuery tag. As a follow-up experiment, I wanted to see if I could use lower-level Java methods—in the java.sql package—in order to access SQLite without having to rely on Lucee-only features.

https://www.bennadel.com/blog/4657-experimenting-with-low-level-sqlite-access-in-lucee-cfml.htm

5/17/2024 - Blog - Robert Zendher - KISDigital - Setting up your first BoxLang Server
It is easy to get started working with BoxLang, but I thought I would put together a quick post on how to get started with a development server. The first step is to setup your webroot.

https://kisdigital.com/posts/2024/05/setting-up-your-first-boxlang-server

CFML Jobs

Several positions available on https://www.getcfmljobs.com/

Listing over 126 ColdFusion positions from 79 companies across 53 locations in 5 Countries.

3 new jobs listed in the last few weeks

Full-Time — AWS and ColdFusion Full Stack Developer
Guidehouse
New York, NY, United States
Posted May 01
https://www.getcfmljobs.com/jobs/index.cfm/united-states/ColdFusion-FullStack-AWSDev-NY/11638

Full-Time — Cold Fusion Developer I
PRECISE SOFTWARE SOLUTIONS INCORPORATED
Remote
Posted May 09
https://www.getcfmljobs.com/jobs/index.cfm/united-states/Remote-ColdFusion-Developer-I/11639

Full-Time — Senior Web Developer ColdFusion
Regal Medical Group
Northridge, CA, United States
Posted May 17
https://www.getcfmljobs.com/jobs/index.cfm/united-states/Sr-WebDev-ColdFusion-Northridge-CA/11640


Other Job Links
There is a jobs channel in the CFML slack team, and in the Box team slack now too


ForgeBox Module of the Week

commandbox-boxlang

Start a BoxLang server using CommandBox 6!

box install commandbox-boxlang
box server start cfengine=boxlang javaVersion=openjdk_21

https://forgebox.io/view/commandbox-boxlang

VS Code Hint, Tip, and Trick of the Week

BoxLang

An extension for the development of BoxLang.

At a glance

https://marketplace.visualstudio.com/items?itemName=ortus-solutions.vscode-boxlang

Thank you to all of our Patreon Supporters

These individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox, ContentBox, TestBox and all the other boxes keep getting the continuous development they need, 

Their Contributions fund the cloud infrastructure at our community relies on like 

You can support us on Patreon here https://www.patreon.com/ortussolutions


Don’t forget, we have Annual Memberships, pay for the year and save 10% - great for businesses everyone.

And many more Patreons - up to 50 now!!!!!+

You can see an up to date list of all sponsors on Ortus Solutions' Website
https://ortussolutions.com/about-us/sponsors

Thanks everyone!!!