Modernize or Die ® Podcast - CFML News Edition

2024-05-28 Weekly News — Episode 216

Watch the video version on YouTube at https://youtube.com/live/Djeas-Lw3XU?feature=share
 

Hosts: 
  • Eric Peterson - Senior Developer at Ortus Solutions
  • Daniel Garcia - Senior Developer at Ortus Solutions

Thanks to our Sponsor - Ortus Solutions

The makers of ColdBox, CommandBox, ForgeBox, TestBox and all your favorite box-es out there. 
A few ways to say thanks back to Ortus Solutions:

Patreon Support (Magnificent)
We have 50 patreons:
https://www.patreon.com/ortussolutions.


News and Announcements

BoxLang — Dynamic : Modular : Productive

https://boxlang.io/
https://boxlang.ortusbooks.com/


New Releases and Updates

Galaxie Blog 3.57
https://www.gregoryalexander.com/blog/2024/5/22/galaxie-blog-357-is-released


ITB Releases


ITB Highlights


Keynote Day 1

  • BoxLang released!
    • Modern Dynamic Language
    • Java Interop
    • Pure Functions + Immutable Classes
    • Multi-Runtime Architecture
    • Multi-Parsers : BoxLang + CFML + ???
    • Event-Driven Language
    • Enterprise Caching Engine & Aggregator
    • Scheduling & Task Framework
    • Tested & Documented
    • Tooling
      • BoxLang IDE (VS Code Extension)
      • CLI
      • Debugger
    • Modules
      • Web Applications - HTTP Request/Response Data
      • Tasks and Queues -  Watchers, Event Handling, Async
      • Lambda and CLI -  fast start and blazing speeds!
      • iOS/Android - Low resource footprint, event handling
      • Web Assembly - Transpilation and Sandboxing
    • boxlang.io
      • Has installers
    • boxlang.ortusbooks.com
    • Try.boxlang.io
      • AWS Lambda Runtime
    • Professional Open Source
    • Visionary Licenses

Keynote Day 2

  • ColdBox 8.x Beta in 2024, release in 2025
  • New cbDebugger (thanks Scott Steinbeck)
  • ContentBox 7 Beta in 2024, release in 2025
    • CommandBox
    • CommandBox Pro
    • Multisite Support (don’t need pro for this actually)
    • Windows Installer
    • Updated Docker Images
    • New Iron Bank images
  • cbWire v4 launched
  • Modules
    • QB Updates
    • Quick Updates
    • Hyper Updates
    • cbq Updates
    • Vite plugin
    • Megaphone
    • cbSecurity Passkeys

BoxLang

Highlights:

TryBoxLang
  • Runs on AWS Lambda
cbWire v4
  • wire:navigate
  • Lazy Loading
  • Teleport
  • Execute JavaScript from templates
  • Streaming responses
  • Smaller and faster!
cbSecurity Passkeys
  • Add Passkey support to your site that uses cbSecurity
  • Easy to get started with and configurable to your needs
cbq v3
  • More stable, fewer bugs, and better docs

Webinars, Meetups and Workshops

Into the Box 2024, Day 1 & 2 Keynotes
Into the Box 2024 Keynote Day 1: https://www.youtube.com/watch?v=8M0IdUl7IWg
Into the Box 2024 Keynote Day 2: https://www.youtube.com/watch?v=JgQzgUPUtzk

CFCasts Content Updates

https://www.cfcasts.com

Recent Releases
  • ITB 2024 videos coming soon for all attendees
Conferences and Training

CFCamp 2024

CF Summit West in Las Vegas

At Resorts World - New venue!!!
Sep 30 - Oct 1st for the Conference
Oct 2nd for the Certification

https://cfsummit.adobeevents.com/

Pricing
$99 for the Session Pass right now.
Coupon code might be in your email if you are a previous attendee for even better pricing
$199 for the Professional Pass - include Certification Training on the 2nd of Oct.
https://cfsummit.adobeevents.com/register/registration/select

Call for Speakers is Open!!!
https://cfsummit.adobeevents.com/speaker-application/

Accommodations

Resorts World
3000 S Las Vegas Blvd,
Las Vegas, NV, United States, Nevada

Looking for accommodations?

We've secured exclusive, low room rates of $105 + taxes/day especially for our attendees! Easy and hassle-free booking is just a click away.

Secure your spot now to make the most of your trip with comfortable and affordable accommodations

Ortus - Workshop - TBA

ITB 2025
  • Location: Washington, DC
  • Dates: April 30, 2025 - May 2, 2025 - Washington, DC
  • https://t.co/cFLDUJZEyM
  • 50% off blind tickets

More conferences

Need more conferences, this site has a huge list of conferences for almost any language/community.
https://confs.tech/


Blogs, Posts, and Videos of the Week

5/1/24 - Blog - Robert Zendher - KISDigital - Tidying up HTML with jSoup: Part Deux
The output of commandbox-ssg has always been something that makes my OCD tingle. When build generates a site, templates are rendered in steps: first the view gets rendered, the next step is to render the page layout around the view, and finally the layout is applied. Due to how things are processed the indentation is "chunky" and the rendering process will also generate blank when processing the CFML templates.

The output is not bad, it just is not great. The Solution: jSoup

https://kisdigital.com/posts/2024/04/tidying-up-html-with-jsoup-part-deux

5/3/24 - Blog - Robert Zendher - KISDigital - The Law of Unintended Consequences
I was feeling pretty good about myself when I managed to post-process commandbox-ssg HTML output using jSoup. The downside, as I learned after the fact, non-HTML files were still getting the same treatment. By default jSoup uses an HTML parser and will wrap the output in html and body tags if they do not exist in the input html. Needless to say, that does not bode well when your sitemap.xml or an RSS feed is wrapped in HTML tags.

https://kisdigital.com/posts/2024/05/the-law-of-unintended-consequences

5/8/24 - Blog - Harsh Jaiswal & Rahul Maini - Hacking Apple - SQL Injection to Remote Code Execution
In our last blog post, we delved into the inner workings of Lucee and took a look at the source code of Masa/Mura CMS, and the vastness of the potential attack surface struck us. It became evident that investing time in understanding the code could pay off. After dedicating a week to our exploration, we stumbled upon several entry points for exploitation, including a critical SQL injection flaw that we were able to exploit within Apple's Book Travel portal.

In this blog post, we aim to share our insights and experiences, detailing how we identified the vulnerability sink, linked it back to its source, and leveraged the SQL injection to achieve Remote Code Execution (RCE).

https://blog.projectdiscovery.io/hacking-apple-with-sql-injection/


5/6/24 - Blog - Ben Nadel - Where Does Serialization / Deserialization Belong In A Database Access Workflow?
A ColdFusion web application is composed of a series of nested abstractions. Each abstraction layer hides some level of private detail and exposes data for public consumption. For most of the work that I do, the exposed data is one dimensional. But, on occasion, I need to store complex object structures. As a simple example, I might have a MySQL table with a JSON column. Which means that each record that I read from said database table contains both normal data and serialized data. Which begs the question: where in the data access workflow should the embedded serialized data (JSON) be deserialized?

https://www.bennadel.com/blog/4649-where-does-serialization-deserialization-belong-in-a-database-access-workflow.htm


5/12/24 - Blog - Ben Nadel - Experimenting With SQLite JDBC Connections In Lucee CFML
Although SQLite has been around for almost 25-years, it seems to be having a moment. In the past year or two, I've heard many people discuss the power of embedding SQLite databases within an application. I've never looked at SQLite before; and, I don't think it necessarily makes sense in the context of a ColdFusion web application; but, as a fun exploration, I wanted to see if I could get ColdFusion to connect to a SQLite database.

https://www.bennadel.com/blog/4653-experimenting-with-sqlite-jdbc-connections-in-lucee-cfml.htm

5/13/24 - Blog - Ben Nadel - Creating On-The-Fly Datasource Connections In Lucee CFML
In yesterday's post on connecting to SQLite databases using JDBC in Lucee CFML, I was creating and consuming a new, user-specific datasource on every page request. In order to do this, I made use of a technique that I only just learned about from the CommandBox Book written by Ortus Solutions. Apparently, in Lucee CFML, you can provide the CFQuery datasource attribute as a struct instead of a string.

https://www.bennadel.com/blog/4654-creating-on-the-fly-datasource-connections-in-lucee-cfml.htm

5/14/24 - Blog - Ben Nadel - Creating In-Memory SQLite Databases Using JDBC In Lucee CFML
In my first look at connecting to SQLite databases using JDBC in Lucee CFML, I was creating physical database files and synchronizing them between my Docker container and my host machine. But, in an experimentation context, there may not be any need to persist the database state across container restarts. In such a context, I could have used SQLite's in-memory database mode to explore the SQLite space without having to worry about persisting data to disk.

https://www.bennadel.com/blog/4655-creating-in-memory-sqlite-databases-using-jdbc-in-lucee-cfml.htm

5/18/24 - Blog - Ben Nadel - Experimenting With Low-Level SQLite Access In Lucee CFML
In my first look at accessing SQLite databases in ColdFusion, I was using a Lucee CFML specific feature that allows for creating on-the-fly datasources in the CFQuery tag. As a follow-up experiment, I wanted to see if I could use lower-level Java methods—in the java.sql package—in order to access SQLite without having to rely on Lucee-only features.

https://www.bennadel.com/blog/4657-experimenting-with-low-level-sqlite-access-in-lucee-cfml.htm

5/17/2024 - Blog - Robert Zendher - KISDigital - Setting up your first BoxLang Server

It is easy to get started working with BoxLang, but I thought I would put together a quick post on how to get started with a development server. The first step is to setup your webroot.

https://kisdigital.com/posts/2024/05/setting-up-your-first-boxlang-server

CFML Jobs

Several positions available on https://www.getcfmljobs.com/

Listing over 126 ColdFusion positions from 79 companies across 53 locations in 5 Countries.

3 new jobs listed in the last few weeks

Full-Time — AWS and ColdFusion Full Stack Developer
Guidehouse
New York, NY, United States
Posted May 01
https://www.getcfmljobs.com/jobs/index.cfm/united-states/ColdFusion-FullStack-AWSDev-NY/11638

Full-Time — Cold Fusion Developer I
PRECISE SOFTWARE SOLUTIONS INCORPORATED
Remote
Posted May 09
https://www.getcfmljobs.com/jobs/index.cfm/united-states/Remote-ColdFusion-Developer-I/11639

Full-Time — Senior Web Developer ColdFusion
Regal Medical Group
Northridge, CA, United States
Posted May 17
https://www.getcfmljobs.com/jobs/index.cfm/united-states/Sr-WebDev-ColdFusion-Northridge-CA/11640


Other Job Links
There is a jobs channel in the CFML slack team, and in the Box team slack now too


ForgeBox Module of the Week

commandbox-boxlang

Start a BoxLang server using CommandBox 6!

box install commandbox-boxlang
box server start cfengine=boxlang javaVersion=openjdk_21

https://forgebox.io/view/commandbox-boxlang

VS Code Hint, Tip, and Trick of the Week

BoxLang

An extension for the development of BoxLang.

At a glance

  • Built-in BoxLang runtime for easy development
  • Tooling
    • Debugger
    • Web server that can be launched within VSCode
    • Execute .bxs files
    • Execute .bx files that have a main method
  • Language support
    • Syntax highlighting
    • Language server integration (alpha)
  • Support of existing CFML functionality

https://marketplace.visualstudio.com/items?itemName=ortus-solutions.vscode-boxlang

Thank you to all of our Patreon Supporters


These individuals are personally supporting our open source initiatives to ensure the great toolings like CommandBox, ForgeBox, ColdBox, ContentBox, TestBox and all the other boxes keep getting the continuous development they need, 

Their Contributions fund the cloud infrastructure at our community relies on like 
  • ForgeBox for our 
  • Package Management with CommandBox. 

You can support us on Patreon here https://www.patreon.com/ortussolutions


Don’t forget, we have Annual Memberships, pay for the year and save 10% - great for businesses everyone.

  • Bronze Packages and up, now get a ForgeBox Pro and CFCasts subscriptions as a perk for their Patreon Subscription.
  • All Patreon supporters have a Profile badge on the Community Website
  • All Patreon supporters have their own Private Forum access on the Community Website
  • All Patreon supporters have their own Private Channel access BoxTeam Slack

https://community.ortussolutions.com/

Top Patreons (magnificent)
  • John Wilson - Synaptrix
  • Tomorrows Guides
  • Jordan Clark
  • Gary Knight
  • Giancarlo Gomez 
  • David Belanger  
  • Dan Card
  • James Moberg & Jeffry McGee - Sunstar Media 
  • Dean Maunder
  • Kevin Wright
  • Doug Cain 
  • Nolan Erck 
  • Abdul Raheen

And many more Patreons - up to 50 now!!!!!+

You can see an up to date list of all sponsors on Ortus Solutions' Website
https://ortussolutions.com/about-us/sponsors

Thanks everyone!!!

★ Support this podcast on Patreon ★

What is Modernize or Die ® Podcast - CFML News Edition?

Technology is ever changing, blink and you miss it, until now. This podcast keeps you up to date on everything ColdFusion related. News, Engine and Package Updates and Releases, Webinars Meetups and Workshops, CFCast updates, Conferences, Blog Tweets and Videos the Week from the Community, Job offerings, as well as the ForgeBox module of the Week and the VS Code Hint Tip and Trick of the week.