2023-11-21 Weekly News — Episode 207

Watch the video version on YouTube at https://youtube.com/live/1aeDZ7q5Y2E?feature=share
 
Hosts:

Thanks to our Sponsor - Ortus Solutions
The makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there. 
A few ways  to say thanks back to Ortus Solutions:

 
Patreon Support (flabbergasting)

We have 42 patreons:
https://www.patreon.com/ortussolutions.


News and Announcements

NCC Group - Technical Advisory: Adobe ColdFusion WDDX Deserialization Gadgets
Adobe ColdFusion allows software developers to rapidly build web applications. Recently, a critical vulnerability was identified in the handling of Web Distributed Data eXchange (WDDX) requests to ColdFusion Markup (CFM) endpoints. Multiple patches were released by Adobe to resolve the vulnerability, and each has been given its own CVE and Adobe security update.
https://research.nccgroup.com/2023/11/21/technical-advisory-adobe-coldfusion-wddx-deserialization-gadgets/

Ortus End of the Year Sale is Finally Here!
The much-anticipated Ortus End-of-the-Year Sale has arrived, and it's time to elevate your development experience! Whether you're a seasoned developer, a tech enthusiast, or someone on the lookout for top-notch projects, Ortus has something special in store for you. Brace yourself for incredible discounts across a wide array of products and services, including Ortus annual events, books, cutting-edge services, and more.
https://www.ortussolutions.com/blog/ortus-deals-are-finally-here
 
New Releases and Updates

Adobe November Updates - Security Fixes
Adobe for ColdFusion 2023 (update 6) and 2021 (update 12)
Previous versions no longer receive security updates!!!

CommandBox has already been updated


Security updates available for Adobe ColdFusion | APSB23-52 - https://helpx.adobe.com/security/products/coldfusion/apsb23-52.html

https://community.adobe.com/t5/coldfusion-discussions/now-live-adobe-coldfusion-2023-and-2021-november-security-updates/m-p/14233917#M196421

Note: Reported WDDX related issues by some customers

More details from Charlie Arehart: https://www.carehart.org/blog/2023/11/14/cf_security_updates_nov_2023#more

ICYMI - 10/23/2023- Added Java installers for Java 17.0.9, Java 11.0.21 & JDK/JRE 8u391

10/10/2023- Refreshed the Server ZIP and GUI installers, Lockdown installer, and Add-on installer for ColdFusion (2023 release).

https://helpx.adobe.com/coldfusion/kb/coldfusion-downloads.html#download0

Avoid issues with Update thanks for Brian for this post: https://www.hoyahaxa.com/2023/10/coldfusion-connectors-and-cfadmin.html

The new connectors in ColdFusion 2023 Update 5 and ColdFusion 2021 Update 11 perform the following actions:

ColdBox 7.2.0 Released

Welcome to ColdBox 7.2.0, which packs a big punch on stability and tons of new features.
Includes lots of updates for all the core products: ColdBox, WireBox, CacheBox, and LogBox.
ColdBox, 10 new features, 6 improvements and 4 bug fixes
LogBox has 3 new features, 4 improvements, 2 bug fixes and a task
With WireBox including a new feature and CacheBox has an Improvement.
https://coldbox.ortusbooks.com/readme/release-history/whats-new-with-7.2.0

Webinar / Meetups and Workshops

ICYMI - MMCFUG - How to containerize CFML apps for the cloud with Nick Kwiatkowski from Michigan State
November 13th, 2023
Nick Kwiatkowski from MSU Telecom is going to show us how to containerize CFML apps for the cloud at the next meeting of the Mid-Michigan tonight at 7 pm eastern time. Docker, Tanzu, Kubernetes and more.
https://youtu.be/fYQ-BBKir7Q

Hawaii ColdFusion Meetup Group - InertiaJS and ColdFusion with Eric Peterson
November 24th
InertiaJS is a new JavaScript framework made for people who don’t really need an API but want to use a modern JavaScript framework like React or Vue as their view layer. Inspired by libraries like Turbolinks, InteriaJS makes your app behave like a SPA while still being a fully sever-rendered app.
https://www.meetup.com/hawaii-coldfusion-meetup-group/events/294771761/

ColdFusion Security Training
Writing Secure CFML with Pete Freitag
A hands-on CFML / ColdFusion Security Training class for developers. Learn how to identify and fix security vulnerabilities in your ColdFusion / CFML applications.

Where: Online
When: Tuesday December 12, 2023 @ 11am-2pmEST & Wednesday December 13 @ 11am-2pm
Price: $899 per student
https://foundeo.com/consulting/coldfusion/security-training/

The class will be recorded, so if you cannot attend it fully online you will have access to a recording.

CFCasts Content Updates

https://www.cfcasts.com

Recent Releases

Coming Soon

Conferences and Training

Into the Box LATAM
November 30th
University of Business in El Salvador.
https://latam.intothebox.org/

Speakers and Schedules available

Adobe ColdFusion India Summit 2023
December 2nd, 2023
Register for Free
Location: Bengaluru, India
https://cf-indiasummit-2023.attendease.com/

ITB 2024

Need more conferences, this site has a huge list of conferences for almost any language/community.
https://confs.tech/


Blogs, Tweets, and Videos of the Week

11/20/23 - Blog - Julian Halliwell - Reading Large CSV Files with CFML
As its name suggests, the Spreadsheet CFML library is focused on working with spreadsheets, in either binary or XML format.
But there's a third format which is often used for the same kind of data: CSV.
For a while now, the library has provided a few convenience methods for working with CSV which allow conversion to and from spreadsheets and CFML queries.
I'll admit though that these methods don't perform very well when dealing with large CSV files. For various reasons, the reliance on CFML query objects means that large amounts of CSV require large amounts of memory.
https://blog.simplicityweb.co.uk/138/reading-large-csv-files-with-cfml

11/15/23 - Blog - Brian Reilly - Critical Variable Mass Assignment Vulnerability in Adobe ColdFusion (CVE-2023-44350)
Adobe ColdFusion is vulnerable to a Mass Assignment vulnerability that can result in an attacker being able to modify the value of any variable in any scope within the context of remote CFC methods.  A mass assignment vulnerability occurs when application code allows a user to set or modify arbitrary objects or values without verifying that the user is authorized to do so.  Modifying values related to authorization checks, security controls, or other important functions may permit a malicious user to access sensitive data or perform other unexpected actions.  Mass assignment vulnerabilities are not unique to ColdFusion and have affected other languages including ASP.NET, PHP, and Ruby on Rails.
https://www.hoyahaxa.com/2023/11/critical-variable-mass-assignment.html


11/15/23 - Tweet - Brad Wood - I found a CommandBox Cheat Sheet
Came across this cool CommandBox cheat sheet by @djgarcia76 today:
https://cheatography.com/garciadev/cheat-sheets/commandbox/
#ColdFusion #CFML #CLI
https://x.com/bdw429s/status/1724863039281807808?s=20

11/13/23 - Blog - Nolan Erck - ColdFusion Summit 2023 Recap
A few weeks ago was the annual ColdFusion Summit in Las Vegas. And as expected, the event was very worth the trip! Overall I think everything ran very smoothly — food, sessions, staff, the party, and all the other things you'd expect at CF Summit were the same quality as previous years.
https://southofshasta.com/blog/coldfusion-summit-2023-recap/


CFML Jobs

Several positions available on https://www.getcfmljobs.com/

Listing over 108 ColdFusion positions from 65 companies across 45 locations in 5 Countries.

1 new jobs listed in the last few weeks

Full-Time - Sr. Software Engineer - Coldfusion Developer at Delhi, Delhi.. - India
Posted Nov 15
https://www.getcfmljobs.com/jobs/index.cfm/india/Sr-Software-Engineer-Coldfusion-Developer-at-Delhi-Delhi/11620


Other Job Links
There is a jobs channel in the CFML slack team, and in the Box team slack now too


ForgeBox Module of the Week

LogBox Logging Library

Version 7.2.0 just released - 4,501 installs in the last 12 months

LogBox is an enterprise ColdFusion (CFML) logging library designed to give you flexibility, simplicity, and power when logging or tracing is needed in your applications.

LogBox is also part of the ColdBox Platform suite of services and libraries. It allows you to easily build upon it's logging framework to meet any logging or reporting needs your applications have. LogBox surpasses ColdFusion's very basic cflog tag.

LogBox allows you to create multiple destinations for your loggings and even configure multiple destinations or change them at runtime.

Almost every application needs logging and/or tracing capabilities, and we have developed LogBox to satisfy these needs. Although you should not over-use logging as it can slow down an application, LogBox allows you to filter out or cancel logging noise.

Great integrations available on ForgeBox like Sentry etc

https://logbox.ortusbooks.com/

https://www.forgebox.io/view/logbox
 
VS Code Hint Tips and Tricks of the Week

11/23/23 Docker - v1.28.0

Lots of updates since we last covered this extension in 2019!!!!

The Docker extension makes it easy to build, manage, and deploy containerized applications from Visual Studio Code. It also provides one-click debugging of Node.js, Python, and .NET inside a container.

https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-docker

Thank you to all of our Patreon Supporters

These individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox,  ContentBox, TestBox and all the other boxes keep getting the continuous development they need, and funds the cloud infrastructure at our community relies on like ForgeBox for our Package Management with CommandBox.

You can support us on Patreon here https://www.patreon.com/ortussolutions

Don’t forget, we have Annual Memberships, pay for the year and save 10% - great for businesses everyone.

And many more Patreons
You can see an up to date list of all sponsors on Ortus Solutions' Website
https://ortussolutions.com/about-us/sponsors

Don’t forget the ORTUS DEALS when you are hunting Black Friday and Cyber Monday Deals

Thanks and Happy Thanksgiving everyone!!!